Firefox “View-Source” Vulnerability

By imv at 10:10 pm on February 9, 2008Comments Off on Firefox “View-Source” Vulnerability

I thought that since most of us use Firefox people might care – apparently the default installation/settings of Firefox’s latest release allow all scripts written on websites to be executed.  I don’t know with what privileges the code executes, but presumably whatever privileges Firefox has. Anyway, it can be disabled via the NoScript plugin (Or just don’t select “view-source”? The article’s not very clear on whether the exploited error was merely in the view-source mechanism, or whether the user must in fact click “view-source”).  Either way, it’s cool that someone discovered the error in a release only several hours old as of this posting.

The original, very brief blog post reporting this can be found here on slashdot.

Filed under: Current EventsComments Off on Firefox “View-Source” Vulnerability

Hackers Declare War On Scientology

By jerins at 7:58 pm on | 2 Comments

In the past couple of weeks, a loosely organized group of people have come together to attack the church of Scientology in a variety of technological related ways. The core group that has headed up these attacks calls themselves “Anonymous”, and has called for anyone who agrees with their cause to do everything they can do inhibit the smooth operation of the technological aspects of the church of Scientology. This is only the latest of many causes that have been taken up by Anonymous, and the group’s accusations of the church of Scientology mainly center around misinformation and suppression of dissent, vowing to not stop until they have crippled the church. The attacks that have taken place so far include a wide array of tactics, such as taking down servers (some for days),  bombarding main websites to overload them, creating searches in Google to link the church to negative keywords (cult, dangerous, etc.),  stealing “secret” information from church databases and spreading such information through file-sharing services, and even bombarding the church with all-black faxes in order to waste ink. Anonymous has no leaders or headquarters, but is simply a very large group of amateur internet users, among which there are varied levels of hacking skills, who have united under a common mission.

The group claims to have been watching the activities of the church for some time now, and as the perceived injustices of the church have steadily grown, they finally decided that it was time to act. The story has received media attention due to the shear magnitude of the various technological security issues that have recently taken place in such a short time as a result of it.  It is difficult to say what the church, or anyone else could have done in order to prevent such attacks, as they have come out of nowhere in such great magnitude from so many isolated sources. To some extent, it appears that their databases and web server systems could have been made to be more robust in their security as it seems that those are the two areas where the attackers have had the best and most damaging success. Especially since it seems that most of these attackers (and their tactics) are quite amateur in nature, it seems that the church could have done a better job of securing their system and protecting themselves given the success of the attacks thus far.

One of the interesting aspects of this story is that although many of the attacks being carried out are in fact illegal, many of them are not (or are at least more debatable in their legal standing), such as bombardment of their website, Google track-record, phones and fax machines. It is also an interesting societal situation where a group of people who share a similar cause has been able to use aspects of technology to attack an organization rather than the former means such as picketing or mass meetings. This is a group of people who have never seen or met each other before that have been able to use the internet to accomplish their goals. This introduces the reality of the publics ability to affect the world around them in completely new ways as every aspect of our lives become more and more intertwined with technology.

For many of the more blatantly illegal issues (such as hacking the servers and database), there are most likely ways to trace this activity back to it’s proponents and take reactionry action in that way. However for the other types of attacks being made, there is really little that can be done to regulate where people call, or fax, or browse to on the internet. So it seems that the only way in order to solve these problems is by somehow reaching and changing the minds of the people who are carrying out the attacks. Due to the fact that many of the attackers in this situation are normal people who happen to possess some technological know-how, responding to the issue becomes less an act of locating a particular small group of people and punishing them, and more an issue of reaching and changing the mind of a large group of activists.

Filed under: Current Events2 Comments »

Security Review: Tor

By jkivligh at 1:22 pm on | 1 Comment

Tor ( is a service and application to enable anonymous access to the Internet.  It works by relaying network requests through a number of peers before ultimately accessing the resources requested.  In this way, those listening on your connection will find it extremely difficult to follow the sites you visit or your physical location. (Read on …)

Filed under: Security Reviews1 Comment »