Browser bugs, tricks, and hacks.

A really interesting development this month is that HD Moore has been stockpiling browser exploits, and is intending to release one per day for the month of July… see http://browserfun.blogspot.com/ . Most will be Internet Explorer/Windows, and most will be denial of service (that is IE crashers) as opposed to code-running exploits, but here’s the interesting part… just about any application crash can be turned into arbitrary code execution, if someone is determined enough to work at it. This presents Microsoft with a dilemma. They can’t patch and test them all within the month, so which ones do they deal with first? And will the Bad Guys choose one, some or none, to turn into code executers? And how long will it take them? We’ve baited our breath and are watching with interest.

In the mean time, our reaction is that we’ll simply add detection for them all as they’re released, and monitor the situation. That way our users will be protected, and if they never make it into the Wild, we’ll just remove them at an appropriate point in the future.

Cheers

Roger

CTO
ExpLabs.com

Atom 1.0 Feed

Advertisements

~ by hackcraft on July 8, 2006.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: