Supercookies
Matej Kovacic
matej.kovacic at owca.info
Fri Aug 21 07:41:54 UTC 2009
Uuups, it seems BetterPrivacy allows remote code execution:
This plugin is currently dangerous for anyone to have installed as it is
vulnerable to a 0 day exploit which allows remote code execution. I wont
post the code but lets just say I have a working exploit ( though benign
) running on http://www.scenereleases.info/. The code isn't on the
actual website, its a a banner ad but if you want to test your luck just
visit http://www.scenereleases.info/ a few times and within 3 or 4
tries, as soon as the add reaches you in rotation you will start hearing
funny sounds, sound fx from movies, an explosion, some rumbling followed
by a very creepy loop of someone saying "Ive got a virus, Ive got a
virus very echoed. If you start task manager and then click on the
applications tab you will see an .exe running called Better Privacy.
Once you kill that process the sounds will stop. USE THIS PLUGIN ONLY IF
YOU WANT TO CHANCE GETTING INFECTED BY SOMETHING THAT ACTUALLLY DOES
DAMAGE. Most people arent as nice as I am to just show you a harmless
demonstration.
See reviews at: https://addons.mozilla.org/en-US/firefox/addon/6623
More information about the tor-talk
mailing list