From owner-freebsd-chat Thu Aug 10 19: 4:48 2000 Delivered-To: freebsd-chat@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 4BDBE37BB96 for ; Thu, 10 Aug 2000 19:04:46 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA86655 for ; Thu, 10 Aug 2000 19:04:46 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 10 Aug 2000 19:04:46 -0700 (PDT) From: Kris Kennaway To: chat@freebsd.org Subject: [humorix] "Brown Orifice" Is Only The Beginning (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ---------- Forwarded message ---------- Date: Thu, 10 Aug 2000 17:00:33 -0500 From: James Baughn Reply-To: humorix@nl.linux.org To: humorix@nl.linux.org Subject: [humorix] "Brown Orifice" Is Only The Beginning "Brown Orifice" Is Only The Beginning August 10, 2000 Last week security holes were found in Netscape's Java implementation that allowed it to act as a web server. Earlier today, a hacker announced that he had found vulnerabilities in Mozilla M17 that allow it to operate as a web browser. And that's just the beginning. Said "3l337h4x0r", the discoverer of the M17 exploit, "This is quite a hack! By manipulating some internal functions, I was able to use M17 to actually surf the web. Slashdot and Humorix rendered beautifully." Mozilla engineers were stunned. "This shouldn't be possible. M17 contains a newsreader, a mail client, an instant messenger client, and a whole bunch of XUL acronymn-enriched stuff, but it shouldn't be able to handle HTTP or HTML. We haven't been planning on adding web-surfing functionality to Mozilla until M30... maybe M25 at the earliest. I suspect this whole thing is a hoax." It doesn't appear to be a hoax, however. Mr. 3l337h4x0r demonstrated his hack for us here at Humorix World Headquarters. It was quite impressive. The Slashdot homepage loaded in about 0.003 seconds, which is a sharp improvement over Netscape 4.73, which often crashes before rendering anything. Said the hacker, "This modified Mozilla software really kicks butt. Internet Explorer is toast." Exploits have also been discovered in other software programs during the past week. By exploiting a series of holes in the LISP interpreter, it's possible to use Emacs as a text editor. "Emacs has always made an excellent kitchen sink," said Reinhard Langer, the discoverer of the security flaw. "But the only thing that it can't do is edit text files. Until now." One GNU project programmer responded, "Wow! I didn't know Emacs could be used for things beyond Eliza and Dissociated Press. And here I've been editing Emacs LISP source code using vi for all these years..." Microsoft programs haven't been immune to exploits, either. An old maxim in the Unix community states, "All programs expand until they can read mail... except Microsoft Outlook." Well, that's no longer true. By taking advantage of loopholes in several undocumented APIs, a team of geeks were able to transform Outlook from a virus-delivery system into an actual mail client. "It was quite a feat to accomplish this," said one of the geeks. "I mean, the rat's nest that is the Windows API can be used to frighten small children... or adults. And the frequency by which Outlook exploits are discovered is directly proportional to the number of times Bill Gates uses the word 'innovation'. But this is the first time somebody has discovered a beneficial exploit." Microsoft has vowed to release a patch to fix the uncovered security flaws. "We simply cannot tolerate unauthorized reverse engineering and hacking of our innovative solutions. Our Security Response Team will pull an all-nighter to eliminate these known issues." - Humorix: Linux and Open Source(nontm) on a lighter note Archive: http://humbolt.nl.linux.org/lists/ Web site: http://www.i-want-a-website.com/about-linux/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message