Firefox vulnerability

A few weeks ago, Microsoft had its VML zero day exploit; this week, it's Firefox's turn.

Obviously, as more people are switching from Internet Explorer to Firefox, hackers are doing the same.

The thing that struck me about this particular problem was that the hackers gave no advance warning to Mozilla prior to their presentation, and

The hackers claim they know of about 30 unpatched Firefox flaws. They don't plan to disclose them, instead holding onto the bugs.
why are they holding on to them? one of the hackers explains:
what we're doing is really for the greater good of the Internet. We're setting up communication networks for black hats
for the greater good of the Internet? yeah right.

The scary thing is though that one of the hackers works for Six Apart, the company behind popular blogging software like Movable Type, Live Journal and Typepad.

Six Apart needs to do some major damage control, fire this guy immediately and review all code he may have had access to. It doesn't exactly ease my mind to know my weblog is running on code this guy may have had access to. Maybe it's time to move to WordPress...

UPDATE: it looks like this may have just been a hoax. Still not exactly good publicity for six apart though...

TrackBack URL for this entry: http://www.hutteman.com/scgi-bin/mt/mt-tb.cgi/214
Comments

Even WordPress might not be as safe as we think:

http://tech.netscape.com/story/2006/10/02/hacking-into-blogs-is-your-blog-safe

Posted by Tom Simpson at October 2, 2006 10:00 PM

Easy Peasy

Trackback from AndrewDotHay.Net at October 3, 2006 2:18 AM

Well, since IE is merged in with Windows, browserbased viruses/trojans will have a much easier way in.
Firefox will still be safer.

Setting up a black hat community could be, in a lot of ways, a good thing. But not disclosing the vulnerabilities won't do any good for the internet.

Posted by Jesper Date at October 6, 2006 8:07 AM
This discussion has been closed. If you wish to contact me about this post, you can do so by email.