Smile, we've been on candid camera, and we've been caught with our pants down, standing on our heads, with umbrellas between our teeth. "I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code. I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not." Of course it did not take long for black helicopters to arrive. Microsoft has computers, so do the hackers: a link! MS is behind it all!
Post a Comment
Member since:
2005-06-29
Member since:
2006-01-26
These days you just can't go around publicly degrading a security-sensitive product with a security-sensitive fan-base (even if you're mostly joking)... unless you have all the proof to back up your claims.
I'm glad this guy apologized publicly - that's the only right thing to do in that scenario.
Still important to note that his code crashes Firefox, so at least he wasn't a complete farce.
Edited 2006-10-03 19:24
Member since:2005-10-02
Member since:2005-07-24
Pardon my paranoia, but I can't help but wonder if there might have been something of substance to this whole business. Was it really all a joke?
OK. Probably, it was.
But it seems to me that this is exactly the sort of statement that Mozilla Corp would request that he make if he decided to take the $500 per exploit after all. ($15,000 USD if all 30 were valid.)
That's probably just a paranoid delusion... right?
Edited 2006-10-03 23:12
Member since:
2005-11-12
It seems the browser wars are more fearsome than ever. If Microsoft had such a better product they wouldn't need to, just think whats going to happen when Linux gets more desktop market share.
Build better software like in your adverts MS, but in the real world we know this to be not true.
Member since:
2006-03-13
Perhaps this sorry mess wouldn't have happened if outfits like Cnet hadn't reported it as straight news. Here are some follow-up reports from SecurityFocus and Brian Krebs:
http://www.securityfocus.com/news/11416
http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_...
What emerges from the stories is the joking nature of the talk, that people found it funny, and most did not take it seriously. Mozilla obviously did, it's their job to take stuff like this seriously. Cnet and their ilk, however, have a duty to provide a bit of context.
As a Firefox user, I browse most sites with Javascript disabled via the Noscript extension. Noscript is a vital tool for browsing the Web, as it selectively can unblock scripts per Web page.
https://addons.mozilla.org/firefox/722/
Given the nature of today's Web, it's always a good idea to control tightly how Javascript is used.
Member since:2005-11-05
Member since:2005-08-17
it's terribly difficult to use noscript as so many sites require javascript. I've come across a lot of site that have their layout and navigation menus managed by javascript. Crazy but true.
Most site don't go to the effort of checking if you have javascript enabled before trying to use it.
it's very annoying.
Member since:
2005-10-02
I am not surprised. If one knows the way Mozilla rate security issues and knows just a bit about computers could see there was very little, if anything.
Now, in the next few minutes the anti-FLOSS gang will start the Damage Control-dance. Or completely ignore this submission.
Member since:2005-11-11
Member since:2005-10-02
Member since:2005-11-11
Except that you do. His/her post was no more childish than yours.
Actually, my post was meant to be a "mirror" to the original poster.
It is amazing how many times you can legitimately post a person's own words back at them, and they then accuse you of being the "childish troll" or whatever.
My irony meter always blows a fuse when that happens.
Edited 2006-10-04 05:02
Member since:2005-10-02
Member since:2005-11-11
Member since:2005-07-06
Member since:2005-10-02
Member since:2005-10-02
Member since:2005-06-29
Member since:
2005-09-30
anyone mirror this article:
http://developer.mozilla.org/devnews/index.php/2006/10/02/update-po...
before it went down?
I'm dying to read it.....
Member since:2006-01-26
up again now...but this also works:
http://developer.mozilla.org.nyud.net:8080/devnews/index.php/2006/1...
Member since:
2005-06-29
Member since:
2005-10-11
Member since:2006-01-12
Member since:2005-07-06
Member since:2005-10-02
Member since:2006-06-24
Member since:2005-10-02
Member since:2005-07-09
Member since:
2005-07-09
Member since:
2005-08-17
When I first read that headline I thought it was going to be about a mozilla firefox hacker(programmer) breaking down and admitting that firefox wasn't actually as secure as people make out.
But again we have the hacker vs. cracker definition issue. I hate how the mass media stole 'hacker' away from it.
Member since:
2005-11-11
Member since:
2006-09-01
i'm a dyed-in-the-wool Linux nut, but enough already with the "it's all a big MS conspiracy" crap.
this is an open and shut case of two guys basing a comedy bit around one tiny Firefox flaw, and Cnet et al reporting it as fact.
if you want to get pissed at someone, point your finger at the organizations you get your news from.