Firefox & Mozilla Advisory

Discussion:

(too old to reply)

Morning Wood

2005-05-10 18:20:54 UTC

wtf??? - - - - this HAS BEEN PATCHED

no "heads-up" needed ( you missed the boat by a week )

BUT THANKS FOR PLAYING!

----- Original Message -----
From: "P Ellison" <***@btinternet.com>
To: <full-***@lists.grok.org.uk>
Sent: Tuesday, May 10, 2005 9:21 AM
Subject: [Full-disclosure] Firefox & Mozilla Advisory

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Todd Towles

2005-05-10 18:42:17 UTC

Permalink

Well, the patch the mozilla server was modified to fix the issue. Paul
told everyone the whole story about it on here yesterday. I heard about
this on the weekend.

I am surprised no one has talked about the Google DNS issue. Users were
tricked into going to SoGoSearch.com because of IE's great domain search
function. When IE can't find a site, it starts to search. Well,
SoGoSearch.com owns www.google.com.net, and therefore that is why people
were getting spyware/adware junk.

-----Original Message-----
Of Morning Wood
Sent: Tuesday, May 10, 2005 1:21 PM
Subject: Re: [Full-disclosure] Firefox & Mozilla Advisory
wtf??? - - - - this HAS BEEN PATCHED
no "heads-up" needed ( you missed the boat by a week )
BUT THANKS FOR PLAYING!
----- Original Message -----
Sent: Tuesday, May 10, 2005 9:21 AM
Subject: [Full-disclosure] Firefox & Mozilla Advisory
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Ben Vaisvil

2005-05-10 20:06:30 UTC

Permalink

Engadget.com was claiming (incorrectly) that google got hacked
http://64.233.167.104/search?q=cache:aAAhpPYRP5cJ:www.engadget.com/entry/1234000610042620/+engadget+google+hacked&hl=en

Didn't take long for baseless speculation!

Post by Todd Towles
Well, the patch the mozilla server was modified to fix the issue. Paul
told everyone the whole story about it on here yesterday. I heard about
this on the weekend.
I am surprised no one has talked about the Google DNS issue. Users were
tricked into going to SoGoSearch.com because of IE's great domain search
function. When IE can't find a site, it starts to search. Well,
SoGoSearch.com owns www.google.com.net, and therefore that is why people
were getting spyware/adware junk.

Todd Towles

2005-05-10 21:31:03 UTC

Permalink

I was just taking a guess at what could have happened. But it sounds
like it would work. You buy www.google.com.net and then you wait for
their DNS to mess up and you get thousands and thousands of hits to your
spyware site. Possible Passive Pharming attack?

Anyone know for sure what happen?

-----Original Message-----
Of Ben Vaisvil
Sent: Tuesday, May 10, 2005 3:07 PM
Subject: Re: [Full-disclosure] Firefox & Mozilla Advisory
Engadget.com was claiming (incorrectly) that google got
hacked
http://64.233.167.104/search?q=cache:aAAhpPYRP5cJ:www.engadget
.com/entry/1234000610042620/+engadget+google+hacked&hl=en
Didn't take long for baseless speculation!

Post by Todd Towles
Well, the patch the mozilla server was modified to fix the

issue. Paul

Post by Todd Towles
told everyone the whole story about it on here yesterday. I heard
about this on the weekend.
I am surprised no one has talked about the Google DNS issue. Users
were tricked into going to SoGoSearch.com because of IE's

great domain

Post by Todd Towles
search function. When IE can't find a site, it starts to

search. Well,

Post by Todd Towles
SoGoSearch.com owns www.google.com.net, and therefore that is why
people were getting spyware/adware junk.

-----Original Message-----
Morning Wood
Sent: Tuesday, May 10, 2005 1:21 PM
Subject: Re: [Full-disclosure] Firefox & Mozilla Advisory
wtf??? - - - - this HAS BEEN PATCHED
no "heads-up" needed ( you missed the boat by a week )
BUT THANKS FOR PLAYING!
----- Original Message -----
Sent: Tuesday, May 10, 2005 9:21 AM
Subject: [Full-disclosure] Firefox & Mozilla Advisory
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Ben Vaisvil

2005-05-10 21:36:17 UTC

Permalink

Your guess is probably correct - and The Register reports about the same:

http://www.theregister.co.uk/2005/05/09/google_dns_glitch/

Post by Todd Towles
I was just taking a guess at what could have happened. But it sounds
like it would work. You buy www.google.com.net and then you wait for
their DNS to mess up and you get thousands and thousands of hits to your
spyware site. Possible Passive Pharming attack?
Anyone know for sure what happen?

Post by Todd Towles
Well, the patch the mozilla server was modified to fix the

issue. Paul

great domain

Post by Todd Towles
search function. When IE can't find a site, it starts to

search. Well,

Post by Todd Towles
SoGoSearch.com owns www.google.com.net, and therefore that is why
people were getting spyware/adware junk.