Date: Tue, 10 Jul 2012 00:25:10 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: Carsten Mattner <carstenmattner@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD vs Hurd what is the differences? Message-ID: <201207092225.q69MPBDu047281@fire.js.berklix.net> In-Reply-To: Your message "Fri, 06 Jul 2012 14:47:43 %2B0200." <CACY%2BHvrtMC6mHOPN%2BVeFa3vVCURYn0bGc0DifMKS2%2BOot=Td6A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Carsten Mattner wrote: > On Fri, Jul 6, 2012 at 2:42 AM, Julian H. Stacey <jhs@berklix.com> wrote: > > Hi, > > Reference: > >> From: Carsten Mattner <carstenmattner@gmail.com> > >> Date: Fri, 6 Jul 2012 00:28:32 +0200 > >> Message-id: <CACY+Hvpb08W4bJgucJb1ghVf-JgPZs0869qVxFrYRtXEF917wA@mail.gmail.com> > > > > Carsten Mattner wrote: > >> On Thu, Jul 5, 2012 at 4:39 PM, Wojciech Puchar > >> <wojtek@wojtek.tensor.gdynia.pl> wrote: > >> >>> As for reading anything else than internal firefox data it is not > >> >>> possible > >> >>> except very basic bug is there. > >> >> > >> >> > >> >> Yes otherwise all the flash sites would have gathered files from local > >> >> disks. > >> > > >> > > >> > true. javascript activity is sandboxed. But within that sandbox there are > >> > million bugs. > >> > > >> > i've already seen trojans that completely took control over firefox. > >> > But - in spite it was windoze - ONLY firefox. Everything else was fine. > >> > > >> > Deleting firefox user data removed the trojan. > >> > >> Nothing is impossible at that complexity. > >> > >> I'd still like to know what Julian saw as you didn't see that. > >> Did it really contain a script which made it fetch random files from the > >> local disk? > > > > I don't know. > > I wrote how I obtained the data patern I saw, in my: > > Fair enough :). > > >> Message-id: <201207050936.q659aWCI016222@fire.js.berklix.net> > >> Date: Thu, 05 Jul 2012 11:36:32 +0200 > > > > Others very welcome to try it. > > Of course. > > >> Julian? > > > >> Which Firefox version? > > > > Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 > > I don't want to be that guy whos says it but that version is old and > may contain widely known holes. Good point. ( Till now I I just built ports in current when odd ports from RELEASE broke, That's too simplistic, Thanks.) > >> I am a little concerned. > > > > Me too ! > > Not had tme to pursued it though. > > & I dont feel like exporting that data public > > in case its already gone too far. > > You don't have to export it at all. > Can you confirm the data within is the same as say the same > file in /etc or ~/.ssh? If that's really the case, it's a problem. No I happily can not confirm that, despite a quick-ish look. ( I wouldn't particularly xpect it, if a trojan took control, it would be pretty easy to store data [hidden or scrambled] in different format.) The string I saw was in file jquery.js: /^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage Some machines have more valuable data in user files, than /etc/ passwords. If 'only' /etc/*passwd got harvested, but data beyond did not yet get harvested, waiting for a 2nd pass with trojan, damage would be less. > > I suggest others create a dummy guest account & then accesss URL & do > > page save as I wrote. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207092225.q69MPBDu047281>