The Digg Crew wants to hear your thoughts!
Please take our short survey about Digg and potential feature ideas.
Uproar over latest MOAB vulnerability #16. Proof of malicious acts?
groups-beta.google.com — It seems KF and LMH of MOAB went to great lengths to "test" their latest exploit before posting it. Around 10pm PST, many users of the Colloquy IRC client began dropping off the freenode network as KF and LMH "tested" their malicious script on real users. Linked is a discussion with proof that they originally attacked the #macdev channel.
kijiro- 62 diggs
- digg it
- Pepper, on 10/12/2007, -2/+5That is really -really- low to be using it on regular chatters.
- NSResponder, on 10/12/2007, -1/+12This is what's known in the security field as "dick waving". It's not just low, it's childish.
-jcr - Pepper, on 10/12/2007, -0/+4Haha, I love your analogy.
- NSResponder, on 10/12/2007, -1/+12This is what's known in the security field as "dick waving". It's not just low, it's childish.
- melee, on 10/12/2007, -0/+3not only that, but they are denying that they used it on freenode in #macdev in the first place. they claim on their blog (http://applefun.blogspot.com/) that it was just an unfortunate prank.
- NSResponder, on 10/12/2007, -0/+8Clearly, they have underestimated Rosyna. He and I have certainly had our disagreements in the past, but he's about as skilled as any developer I've ever encountered.
The MOAB boys were acting churlishly, and they got caught at it. End of story.
-jcr - StarManta, on 10/12/2007, -1/+13Before it started, I was actually in support of MOAB. Someone being responsible, calling Apple out on bugs that should have been fixed and forcing them to fix them? Great!
Within two days, though, they cheated - they listed a VLC bug which 1) is not published by Apple, 2) affects both Mac and Windows versions of VLC, and 3) *is actually worse on the Windows version*! That's the very moment I realized these guys were full of ***** and started ignoring the whole thing.
But this is beyond stupid. This is beyond irresponsible. It's just plain dirty. (this hits especially close to home, not only because freenode is my favorite IRC server and usually free of crap like this, but because I've been active in Colloquy myself) ***** these guys. Seriously. - homestar14, on 10/12/2007, -0/+1I was wondering why Colloquy quit on me. This is very, very low. It's one thing to come out in public about a vulnerability and how to abuse it (which is pretty low in itself), but it's a _completely_ different thing when they actually execute the vulnerability.
- fr1j0l3, on 10/12/2007, -0/+9this has been a mess from the start. after going for 3rd party bugs so close to the start, to antics like this, these guys are all about pushing traffic to their blog, and not about real security.
- deadbaby, on 10/12/2007, -0/+5Out of these 16 bugs so far none of them are really concerning to me. Do I really care if someone can DoS my machine using malicious code that exploits a bug in HFS? Not really.. I'd be more worried about "rm -rf ~" The only bug that seemed serious to me was the QuickTime streaming bug but I couldn't get their sample code to work so I'm a bit suspicious of how serious it really is.
- melee, on 10/12/2007, -0/+2some should. roughly half, if not more, of the MOAB bugs and sploits are about gaining root privileges (in which case it would be more like "rm -rf /" and not "rm -rf ~" that you should be worried about) and/or executing arbitrary code.
- dqbiggerfam, on 10/12/2007, -0/+3As someone that was present during the maybe half hour turnaround between a dev being informed of this(NOT by MOAB), fixing it, then publishing a fixed app, all before or shortly after it was blogged on MOAB's site, I can honestly say this is why I love applications like Colloquy. Small apps with small development teams can push out updates much faster(than say, a certain OS developer we all love to hate...) and they need our support.
- ilgaz, on 10/12/2007, -1/+1Attacking anything at freenode generally means locking down an hospitals ER department. Only GNAA and some other (which are self declared troll orgs,) did this.
Check out the new & improved 
© Digg Inc. 2008 — Content posted by Digg users is