digg

Facebook Connect Join Digg About
See the original image at networkworld.com

Researcher hides IE bug on his blog

networkworld.com Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack. "Somewhere in my blog, I embedded a proof-of-concept code which exploits this 0day vulnerability," Raff wrote.

Who dugg this? Made popular May 9, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

79 Comments

show profanity settings
expand all
  • unluckier, on 05/09/2008, -2/+55Sounds like a scheme to get page views and clicks, if you ask me...
  • GRTWHT, on 05/09/2008, -6/+45Burying to try to stop this asshat from getting page views for NOT identifying the vulnerability.

    Identify it and I would support him 100%, pull this crap and he's just a lowlife.
  • fuhcough, on 05/09/2008, -2/+31I'm discovered both the meaning of life AND the location of the fountain of youth... I've hidden both in my eBay auction's high bidder notification email........
  • Chucara, on 05/09/2008, -3/+31Somewhere in my van, I've hidden candy.. Just come on in to check it out.. Really..

    Buried for same reasons as above.
  • MrFurious2k, on 05/09/2008, -4/+19Translation: My blog needs hits!
  • ironmim, on 05/09/2008, -7/+19IE is a giant bug !
  • michaelGregoire, on 05/09/2008, -0/+10Non-IE page views anyway. IF I used IE I wouldn't be visiting his site anytime soon.
  • SevenTwo, on 05/09/2008, -5/+15Using IE is the bug.
  • kris33, on 05/09/2008, -0/+9Do you have any idea of what you are talking about? IE8 is still in beta 1 and is not even close to pass the ACID3 test.
  • justjoehere, on 05/09/2008, -1/+10Talk about social engineering...
  • Bigbro69, on 05/09/2008, -0/+7Obviously you don't...
  • pdiddy827, on 05/09/2008, -10/+16IE nothing but bugs
  • DanBoodro, on 05/09/2008, -0/+5"When triggered, Raff's proof-of-concept code launches two copies of Microsoft's calculator software on the victim's computer, but it could be altered to do something malicious."

    Divide by zero?
  • inactive, on 05/09/2008, -1/+6WTF?! I guess that doesn't surprise me. Well.....yeah it does!
  • mikephimikephi, on 05/09/2008, -1/+5I'm digging you down because I don't want to see another one of those god-damn comment threads that are 50 responses long and they all start with
    "*obligatory -insert dumbass comment"
  • ElbertF, on 05/09/2008, -0/+4So? 6 and 7 could also still be victim of a zero-day exploit.
  • iRelinquish, on 05/09/2008, -0/+4and then later to see it on the front page as a .gif
  • AlfredR, on 05/09/2008, -0/+3http://en.wikipedia.org/wiki/Zero_day_attack
  • shadowspawn, on 05/09/2008, -0/+3I'd think it would be any OS's (win32/win64) IE, since it has to do with registry changes...
  • mikephimikephi, on 05/09/2008, -1/+4Don't digg much, do you?
  • luchid, on 05/09/2008, -0/+2Link?

    Besides 16k people is NOTHING compared to the amount of people who got had by IE's ***** security. That number is more in the hundreds of millions.
  • FKnight, on 05/09/2008, -0/+2I clicked that KNOWING it was a Rick-Roll. I love that song.
  • purzzzell, on 05/09/2008, -0/+2I like puzzles. Unfortunately, I'm not programming savvy enough to solve this one :(
  • VortexSpin, on 05/09/2008, -2/+4I stopped using IE when it began breaking webpages...
  • purzzzell, on 05/09/2008, -5/+7Dugg b/c the idea was TO get hits for the purpose of forcing a patch - he said he made them aware of the vulnerability, since they didn't patch it immediately, he was going public.

    Just announcing it would have gotten a little publicity, making a game of it makes it HUGE, which forces them to patch it more quickly.
  • netsnake24, on 05/09/2008, -0/+2If there was a company called windows... amateurs!
  • grumpyrain, on 05/09/2008, -0/+2What I want to know is whether it can get around protected mode and UAC.
  • ElbertF, on 05/09/2008, -0/+2Who wears pants? And why?
  • inactive, on 05/09/2008, -2/+4On my web page I've hidden pr0n. See if you can find it.
  • jeriqo, on 05/09/2008, -1/+3Digg users are full of frustration and jealousy, this is not surprising at all.
  • mikephimikephi, on 05/09/2008, -0/+2I think if IE8 emulated IE6, that would make it truly useful for developers.
    (yes, i'm aware of ie tab in FF)
  • nakedman, on 05/09/2008, -2/+4I agree. Windows sure is a crap company.
  • Lubinski, on 05/12/2008, -0/+1Sorry wrong wording. Let me substitute in Microsoft. My Bad. They do have to be more agile though.
  • pudds, on 05/09/2008, -1/+2What a dick.
  • kevdotbadger, on 05/09/2008, -0/+1You got multiple IEs? (google it). You get standalone versions of 3.0/4.01/5.01/5.5/6. It's awesome, although i agree that if IE8 had the ability to emu IE6 it would be perfect (well, when i say perfect...).
  • kevdotbadger, on 05/09/2008, -3/+4It's in his pants.
  • dygel, on 05/09/2008, -3/+4Supremely lame. "Boost my traffic and ad revenue to find the 0day vulnerability!"
    2-to-1 says there is no exploit.
  • AlfredR, on 05/09/2008, -1/+2You know, if the bug was actually in firefox, telling people you hid an IE vulnerability would be a great way to drive them there.
  • inactive, on 05/09/2008, -0/+1I go on the Internet. That "majority" you speak off are the morons who don't know any better and just use the computer for email and chat.
  • grumpyrain, on 05/09/2008, -0/+1No, much worse than that. It could even install Norton on the unsuspecting user.
  • RubineBoy, on 05/09/2008, -0/+1Is this the google van?
  • luchid, on 05/09/2008, -0/+1Daok: market share for IE means NOTHING. Of course it's going to have the biggest market share, it's ***** shoved down everyone's throat, bundled in with Windows!
  • HillerMylife, on 07/24/2008, -1/+2This sounds like a really obscure bug.
  • RubineBoy, on 05/09/2008, -0/+1Yeah! Pics or it didn't happen!
  • galvo, on 05/09/2008, -2/+3I work in IT, and no one, and I mean no one, would ever take any browser over Firefox. Go ahead, call me a FF fan.. you sound like a corny ass IE douchebag fanboy. Look at all of your comments in this digg. You're an insecure piece of *****. Why do you feel the need to defend IE and bash Firefox when FF is clearly the better browser? Oh yeah, because you're an insecure piece of *****.
  • wallyhartshorn, on 05/09/2008, -2/+2If you RTFA (*gasp*), you will see that he isn't keeping this a secret. He had already told Microsoft about the vulnerability, but after waiting a few days with no response, he decided to semi-publish the exploit as a way to put pressure on Microsoft to fix it more quickly.

    From RTFA:
    When he has followed Microsoft's responsible disclosure guidelines in the past, the company has been too slow to fix bugs, he said via instant message. "The last time I used their Responsible Disclosure policy it took them six months to fix one line of code."

    He says that he will be publishing details of the exploit on Wednesday.
  • Shadowgamers, on 05/09/2008, -1/+1Now I wonder how many people will actually do it...
  • MagicIcarus, on 05/09/2008, -1/+1Pshh, this is the same thing I tell girls.

    "I've found your vulnerability in my pants. You will have to-" slap

    Yeah, how come if it works for him it doesn't work for me?
  • netsnake24, on 05/09/2008, -1/+1you, I guess!
  • FKnight, on 05/09/2008, -2/+2I noticed this 'researcher' didn't bother to mention which OS was vulnerable, seeing as IE under Vista (unlike XP) is locked inside an account restricted sandbox (unless you're a computer dork who turned off UAC because 'it's lame').
  • Fetching more discussions...
    Show 51 - 80 of 80 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.