Peaches Posted January 4, 2011 Report Share Posted January 4, 2011 </h2><h2>Accidental Leak Reveals Chinese Hackers Have IE Zero Day Google researcher's new fuzzer finds vulnerabilities in all browsers In a bizarre twist, an accidental leak of the address of the fuzzer prior to its release helped reveal some unexpected intelligence, namely that "third parties in China" apparently also know about an unpatched and exploitable bug he found in IE with the fuzzer. It all started when one of cross_fuzz's developers, who was working on crashes in the open-source WebKit browser engine used in Chrome and Safari, inadvertently leaked the address of the fuzzer in one of the crash traces that was uploaded. That made the fuzzer's directory, as well as the IE test results from the fuzzer indexed by GoogleBot, he says. Google’s Michael Zalewski says he was able to confirm afterward that there were no downloads or discoveries of the tool. But on Dec. 30, he says, an IP address in China queried keywords included in one of the indexed cross_fuzz files, specifically two DLL functions, BreakAASpecial and BreakCircularMemoryReferences, associated with and unique to the zero-day IE flaw he found with the fuzzer. More on this topic - http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/228901665/accidental-leak-reveals-chinese-hackers-have-ie-zero-day.html And here: http://news.cnet.com/security/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.