Chinese security researchers have admitted that they inadvertently released code that might be misused to exploit an unpatched Internet Explorer 7 vulnerability. Scripts to pull off the trick were already on sale in underground forums before the inadvertent release. Even so, anything that increases the likelihood of digital …
It was isc.sans.org that gave it away for me.
The ISC handlers' diary includes a screenshot of the exploit code:
that, although mildly obfuscated, contains all the search terms anyone needs
to seek out a copy of the exploit itself:
Yet this freetard commentard notes that the Microserftards continue to claim that the Mactards, Linuxtards and Unixtards are only spared because of market share rather than fundamental differences in their security models. As in, Microserftards don't have one.
I also note, following Orlowski's latest uncommentable diatribe, that the editards and some journotards of the Reg continue to think that putting 'tard after words is oh so funny or descriptive. Rather than realizing that many of us readertards consider it to be really childish, intelligence insulting, and quite retarded.
If you thought the above was funny, I guess you're a target market for the direction El Reg is going in.
I was waiting for you to correct the way they speak in London.
They don't speak like that in America, yet it's funny how many people seek to 'correct' their grammar.
They just don't get it, Scott.
They should read the Japanese posts and correct their grammar. Now *that's a challenge!
Not necessarily a bad thing.
They should do this more often.
If an exploit is already available underground for 15k a pop and someone gives it away for free, who gets hurt........?
It might be a sensible change of tactic to make a point of reverse-engineering and releasing FOSS versions of existing exploit packages and take the profit motivation out of the coding side of the business altogether.
Yes we believe you. Of course it was an accident!
There is already a massive community dedicated to the development and understanding of exploits and sharing them in an open and full-disclosure manner; see milw0rm or metasploit for more information. (A couple of years ago I would have suggested regularly reading the full-disclosure list, but it's got a lamentably low SNR these days; still comes out with some gems now and again though.)
Money for nothin and chicks for free
Researchers need Porsches too.
I'm sure that incident with the Rosenbergs was just an accident too.
Mandarin is not writing
You don't write in Mandarin. You speak it. Chinese script is comprehended by all readers, regardless of their dialect. Properly it is Chinese, or Hanzi.