Feeds

back to article Chinese researchers inadvertently release IE7 exploit code

Chinese security researchers have admitted that they inadvertently released code that might be misused to exploit an unpatched Internet Explorer 7 vulnerability. Scripts to pull off the trick were already on sale in underground forums before the inadvertent release. Even so, anything that increases the likelihood of digital …

COMMENTS

This topic is closed for new posts.
Pirate

It was isc.sans.org that gave it away for me.

The ISC handlers' diary includes a screenshot of the exploit code:

http://handlers.sans.org/bzdrnja/xml.png

that, although mildly obfuscated, contains all the search terms anyone needs

http://www.google.co.uk/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=SPAN+DATASRC%3D%23I+DATAFLD%3DC+DATAFORMATAS%3DHTML&btnG=Search&meta=

to seek out a copy of the exploit itself:

http://www.fuckhacker.net/?action=show&id=313

0
0

'tards...

Yet this freetard commentard notes that the Microserftards continue to claim that the Mactards, Linuxtards and Unixtards are only spared because of market share rather than fundamental differences in their security models. As in, Microserftards don't have one.

I also note, following Orlowski's latest uncommentable diatribe, that the editards and some journotards of the Reg continue to think that putting 'tard after words is oh so funny or descriptive. Rather than realizing that many of us readertards consider it to be really childish, intelligence insulting, and quite retarded.

If you thought the above was funny, I guess you're a target market for the direction El Reg is going in.

0
0
Alert

@yeah, right

I was waiting for you to correct the way they speak in London.

They don't speak like that in America, yet it's funny how many people seek to 'correct' their grammar.

They just don't get it, Scott.

They should read the Japanese posts and correct their grammar. Now *that's a challenge!

0
0
Gold badge
Pirate

Not necessarily a bad thing.

They should do this more often.

If an exploit is already available underground for 15k a pop and someone gives it away for free, who gets hurt........?

It might be a sensible change of tactic to make a point of reverse-engineering and releasing FOSS versions of existing exploit packages and take the profit motivation out of the coding side of the business altogether.

0
0
Bronze badge
Alert

Hmmmm

Yes we believe you. Of course it was an accident!

0
0
Pirate

@TeeCee

There is already a massive community dedicated to the development and understanding of exploits and sharing them in an open and full-disclosure manner; see milw0rm or metasploit for more information. (A couple of years ago I would have suggested regularly reading the full-disclosure list, but it's got a lamentably low SNR these days; still comes out with some gems now and again though.)

0
0
Thumb Down

Money for nothin and chicks for free

Researchers need Porsches too.

I'm sure that incident with the Rosenbergs was just an accident too.

0
0
Boffin

Mandarin is not writing

You don't write in Mandarin. You speak it. Chinese script is comprehended by all readers, regardless of their dialect. Properly it is Chinese, or Hanzi.

0
0
This topic is closed for new posts.