Archive for September, 2006
Although the hackers are calling it a 0day exploit, it seems that it isn’t really. It is one of many that can be easily found using the AxMan ActiveX fuzzing engine. It seems that the guys over at xsec.org are trying to take more than reasonable credit for writing code to exploit a known vulnerability.
HD Moore, head of the Metasploit project was quoted in the article as saying:
“This is one of the many exploitable bugs that can be discovered using AxMan and one of the few that I didn’t include in Month of Browser bugs due to the ease of exploitation. I still have three or four left in IE that have similar impact.”
There is also a Secunia Advisory related to this exploit.
We are having an open house this weekend, which pretty much means that I spent 14 hours yesterday scrubbing everything top to bottom, rearranging closets and storage spaces, and heping my wife stage everything, and I will spend the better portion of today and tomorrow trying to occupy my time away from the house. It was pouring buckets the last couple days which means the lawn is a little shaggier than I would have liked, but it will have to do. Now if we could just get a buyer . . ..
We have decided how we are going to proceed – my wife is going to finish her Fine Arts degree at the University of Victoria after which it will be my turn. I have my sights set on the combined Physics/Computer Science degree, also at UVic. I will probably be the oldest freshman on campus when I start, but that also means I will probably be the most used to buckling down and working to get what I want. All in all, it is more than a little nerve-wracking.
Firefox 18.104.22.168 was released this morning which fixes the following security issues:
MFSA 2006-64 Crashes with evidence of memory corruption (rv:22.214.171.124)
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
If you haven’t yet heard of it, XFN promises a simple way to harness XHTML rel attributes to define relationships on the web. With simple additions to urls such as rel=”friend met colleague neighbor” you could define a link as going to a site owned by someone you consider a friend, who works in the same field as you, that you have met in person, and in fact, lives close to you.
To see where all this is going, be sure to check out the XFN: What’s Out There? page, and take a look at the new XFN lookup service at RubHub. And of course, I had to add bookmarklets to make things easy to search RubHub.
Search RubHub in a new window
In other news I have seen a plugin for Blosxom (the Perl kind) that checks links in stories against a tab-delimitted list of values to add XFN information to links within the story. While the simplicity of having that handled automatically is nice, I have to wonder what kind of perfomance hit that would make. I first thought about doing something like that for PyBlosxom, but I think I will look into other ways to do it, rather than to require extra pre-processing on every story display.