WabiSabiLabi answered my question on their blog in no uncertain terms.
The exploit for sale on their site is not the same as the RTSP exploit currently being exploited in the wild.
The auction states the flaw affects 7.2 which is an older version but I wouldn't be surprised if with some tweaking you would find similar vulnerable code in 7.3. With that being said I think Apple should buy it. Think about it, they have one QuickTime vuln in the wild and another for sale. It would just take one more to make a perfect storm! Plus its only a thousand euro. Although with the current exchange rate that's like 9,213,456 dollars, but hey, Apple can afford it. To me that would mean that a company is taking the security of its clients more seriously than its image.
Mozilla kinda does it with their bug bounty program and I am pretty impressed with their response time to flaws.
Showing posts with label mozilla. Show all posts
Showing posts with label mozilla. Show all posts
Wednesday, November 28, 2007
Monday, January 15, 2007
Myspace Hacking and browser technologies
http://seclists.org/fulldisclosure/2007/Jan/0270.html
This is not good. If you have a Myspace account you may wish to start changing passwords.
Update:
This appears to be from some sort of phising scam. Some of the entries are pretty funny:
youmustbecompleteretards@idiot.com:doyouhonestlythinkiwillputmyrealpasswordhere
This is not good. If you have a Myspace account you may wish to start changing passwords.
Update:
This appears to be from some sort of phising scam. Some of the entries are pretty funny:
youmustbecompleteretards@idiot.com:doyouhonestlythinkiwillputmyrealpasswordhere
Update 2:
This is something I have wanted to look at for a long time but have never gotten around to it. I have been curious about the anti-phishing technology in both IE7 and Firefox 2.0. They both work but I have to say it did take Firefox a few moments before popping up the warning so if I was not paying attention and quick I could have attempted to login. The pictures above are a side-by-side comparison of the anti-phishing technology in both browsers (IE7 on the top, Firefox 2.0 on the bottom). Which is better? I would say IE because it wouldn't even display the page if it’s a phishing site but in the end it really is up to the user.
This is something I have wanted to look at for a long time but have never gotten around to it. I have been curious about the anti-phishing technology in both IE7 and Firefox 2.0. They both work but I have to say it did take Firefox a few moments before popping up the warning so if I was not paying attention and quick I could have attempted to login. The pictures above are a side-by-side comparison of the anti-phishing technology in both browsers (IE7 on the top, Firefox 2.0 on the bottom). Which is better? I would say IE because it wouldn't even display the page if it’s a phishing site but in the end it really is up to the user.
Subscribe to:
Posts (Atom)