Tuesday, September 18, 2007

Revisiting the "Firefox Myths" Part 1

A blogger claiming to be the "Andrew K" behind the "Firefox Myths" page has posted a few replies to my original article about the Firefox Myths page.

Naturally, I can't be sure the posts REALLY came from Andrew K. Because of this, I'm going to respond to the comments as if the author of the posts to my blog and firefoxmyths.com are one in the same. As you read on, please remember that I could be responding to a prankster.

First, I'll respond to the shorter of the two quotes.

September 18, 2007 1:53 PM
Freewheelinfrank is a Firefox Fanboy spammer who has done nothing but spread lies and libel about my page. This is why he is listed on my page as such.

He has never been able to provide me with a URL that proves "auto-installing" spyware on IE.

FYI, they like to link to sites where the comments were closed before I could respond or my acount was banned simply for defending myself.
No one really cares if Freewheelinfrank is a "fanboy" or not. His motivations are secondary. Tossing around phrases like "Fanboy" is a juvenile tactic to begin with. Andrew's decision to use it as his first volley makes him look like his argument is weak and unfounded. Already, this alleged "Andrew K" has tried to direct the debate away from raw facts and into attacks on character and motive.

Andrew K's next comment is even more comical. He claims Freewheelinfrank has never provided "a URL that proves "auto-installing" spyware on IE." Freewheelinfrank's post included a link to the Washington Post article "Internet Explorer Unsafe for 284 Days in 2006" that discussed such exploits. The article linked to yet ANOTHER article entitled "Hacking Made Easy".

Both articles discuss what are known as "Drive by" infections. Specifically, these are viruses, trojans and key loggers that install themselves when you simply visit an infected web site with a vulnerable browser. All you do is "Drive by" the site, and you find your PC infected with a virus or keylogger. Andrew K's comical claim that no such viruses exist for IE betrays either willful ignorance or a profound lack of understanding.

Allow me to provide some more of the references Andrew K claims he's never received. 2006 was not a good year for Internet Explorer users.

The article Drive-By IE Attacks Subside; Threat Remains discusses the zero-day drive-by attacks that were taking place in March of 2006. A vulnerability in Internet Explorer's implementation of createTextRange() allowed for the installation of arbitrary code on the victim machine, simply by visiting an infected web site. No downloads, "OK" buttons or other user activity needed. Most of the infected web sites were spreading SDBot to capture user activity and send it back to the hackers.

Drive-by Ie Attacks Subside; Threat Remains further discusses the same round of exploits, and goes into a bit more detail about how Microsoft spent a lot of time spinning the attacks and tracking down malicious web sites.

Somehow I suspect Andrew K won't be happy without exploit code, so I'll provide a link to the IE createTextRange() vulnerability exploit code.

Of course that was all IE 6 and below. What about IE 7? A similar buffer overflow bug was found in IE 7. Fortunately, this was found by a security researcher and proof of concept exploit code turned over to Microsoft, so there aren't any known infections of IE 7 from this bug. The article "Microsoft Hunts Down New IE Bug" has more to say about the incident.

You don't have to dig very hard to find proof of zero day, drive by IE vulnerabilities. A few seconds on Google turned up the links above and when you can find proof so easily you can't help but wonder why Andrew K is so determined to insist no such proof exists.

"Andrew K" ends his comment by whining about his accounts being closed before he could respond to the accusations made against him. This too is a classic misdirection tactic. No one cares if he didn't get the chance to respond to a criticism in a given forum. What matters is the response he gives to the accusation NOW.

So far, I'm not impressed. A couple of insults, a bit of whining, and an easily debunked claim about Drive By IE Exploits hardly constitutes a viable defense of FirefoxMyths.com.

1 comment:

Divided By Zer0 said...

Ohoh, Mr Khan it seems you have slipped there *big grin*