Chinese researchers inadvertently release IE7 exploit code Chinese security researchers have admitted that they inadvertently released code that might be misused to exploit an unpatched Internet Explorer 7 vulnerability. Scripts to pull off the trick were already on sale in underground forums before the inadvertent release. Even so, anything that increases the likelihood of digital …
The ISC handlers' diary includes a screenshot of the exploit code:
http://handlers.sans.org/bzdrnja/xml.png
that, although mildly obfuscated, contains all the search terms anyone needs
http://www.google.co.uk/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=SPAN+DATASRC%3D%23I+DATAFLD%3DC+DATAFORMATAS%3DHTML&btnG=Search&meta=
to seek out a copy of the exploit itself:
http://www.fuckhacker.net/?action=show&id=313
Yet this freetard commentard notes that the Microserftards continue to claim that the Mactards, Linuxtards and Unixtards are only spared because of market share rather than fundamental differences in their security models. As in, Microserftards don't have one.
I also note, following Orlowski's latest uncommentable diatribe, that the editards and some journotards of the Reg continue to think that putting 'tard after words is oh so funny or descriptive. Rather than realizing that many of us readertards consider it to be really childish, intelligence insulting, and quite retarded.
If you thought the above was funny, I guess you're a target market for the direction El Reg is going in.
I was waiting for you to correct the way they speak in London.
They don't speak like that in America, yet it's funny how many people seek to 'correct' their grammar.
They just don't get it, Scott.
They should read the Japanese posts and correct their grammar. Now *that's a challenge!
They should do this more often.
If an exploit is already available underground for 15k a pop and someone gives it away for free, who gets hurt........?
It might be a sensible change of tactic to make a point of reverse-engineering and releasing FOSS versions of existing exploit packages and take the profit motivation out of the coding side of the business altogether.
There is already a massive community dedicated to the development and understanding of exploits and sharing them in an open and full-disclosure manner; see milw0rm or metasploit for more information. (A couple of years ago I would have suggested regularly reading the full-disclosure list, but it's got a lamentably low SNR these days; still comes out with some gems now and again though.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
