One of the speakers at a Toorcon security conference session last weekend has admitted that claims he and an accomplice made regarding an “unfixable” flaw in Firefox, and a video of the two purportedly exploiting this flaw, were a not-so-elaborate hoax.
“The main purpose of our talk was to be humorous,” admitted Mischa Spiegelmock, in a statement made through Mozilla.org this afternoon.
How does a sophomoronic dweeb like get to be on the stage at a conference purported to be technically legitimate?
“As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.
“I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code,” Spiegelmock added.
A Mozilla spokesperson told BetaNews this afternoon, “Mozilla takes painstaking measures to maintain the security of Firefox, and immediately started investigating these reports these past weekend.” The company’s security chief, Window Snyder, posted a statement saying the company will continue to investigate further, assuming there’s actually anything that needs to be investigated.
So, who repays Mozilla for the time and money they had to waste investigating the specious claims of this merry prankster?
This is just spin control now. Somebody says something truthful, and then discovers it was hurtful, and then says they were only joking. How many times does this happen in our personal lives every day? They realized it was mistake to publicize this, and now they’re trying to take it back. Well too late, the Genie has already been let out of the bottle. Many people will now rightfully be suspicious of the superior security claims of Firefox, and justly so!
Didn’t read the article or the Post, eh!
Yeah, I read it. Sounds like a bunch of backtracking to me. I wouldn’t know what to believe anymore. The damage to the reputation of Firefox has been done.
A dweeb admitting to a hoax is “backtracking”? Should he genuflect at the same time? 🙂
Let’s see if we can predict which of you are still using Internet Explorer with ActiveX still enabled. Hmm.
I really doubt that firefox’s reputation got damaged, at least not to the people that actually use it. Firefox users tend to be tech savvy, and know that 100% security is impossible. So we focus on minimizing the impact by using extensions like NoScript and Google’s anti-phishing plugin.
To IE users no damage done either. They will remain happily ignorant of why their browser sucks, because if they knew, they would have already switched.
The “unfixable” part should have been a bit of a clue to the clueless that think it might still be a correct claim.
“How does a sophomoronic dweeb like get to be on the stage at a conference purported to be technically legitimate?”
Didn’t you just answer your own question?
Sounds like an attempt at anti Firefox FUD created by either some with or at the direction of M$. Dirty tricks are certainly not beyond the fokes at Redmond especially with all the bad press IE has been getting.
once we make the world “safe”.. do we all get to stop thinking?
Geesse
Next time smoke the joint after you get off the stage not before.
What a smuck.
The malformed javascript does crash Firefox and IE
https://bugzilla.mozilla.org/attachment.cgi?id=241005
A “crash and eat up system resources” bug is nontrivial when you rely on a browser for actual work. Five days in, there is no Firefox fix.
This is more than specious claims of a merry prankster.