After feud, researcher promises daily browser bugs

The creator of the Metasploit hacking tool has promised to publish details on one browser vulnerability per day for the month of July.

The creator of a widely used hacking tool has promised to publish details on one browser vulnerability per day for the month of July.

HD Moore, the hacker behind the Metasploit toolkit, began publishing software that demonstrates bugs in a variety of Web browsers on July 1. He has dubbed his effort the Month of Browser Bugs. (http://browserfun.blogspot.com/)

Moore said he decided to do the month of bugs in order to show the kinds of results he's generated using a variety of automated security testing tools known as "fuzzers."

"This information is being published to create awareness about the types of bugs that plague modern browsers and to demonstrate the techniques I used to discover them," Moore said in a Sunday blog posting.

The Month of Browser Bugs code does not include details that would allow attackers to run unauthorized code on a victim's machine, Moore said.

To date, the security researcher has published information on bugs he found in Internet Explorer, Firefox, and Apple Computer's Safari browser.

Microsoft has had an advance look at the bugs, and some of them can cause the browser to crash, said Stephen Toulouse, security program manager with Microsoft's security response center. Others have been fixed in previous security updates, he said.

Some of the bugs were fixed in Microsoft's recent MS06-021 security update, Moore said in an e-mail interview, however "the actual details of these bugs have not been made public," he said.

The relationship between Microsoft and Moore -- a speaker at Microsoft's home-grown Blue Hat hacker conference -- has been strained of late. Two weeks ago, the security researcher blasted Microsoft for implying that he had been irresponsible in his disclosure of another Microsoft flaw -- this one concerning a recently patched vulnerability in the Remote Access Connection Manager (RASMAN) service used by Windows to create network connections over the telephone.

Moore published his code nine days after the bug was patched, but Microsoft criticized the disclosure, saying it came too soon.

This criticism did not sit well with Moore. "Microsoft is doing themselves a disservice by asking for vulnerability information on one hand and then condemning the folks who provide it with the other," he said in a blog posting, adding that the software vendor "obviously has some communication issues to resolve."

Thirty-one new browser bugs will certainly get Moore some attention, but the disclosures are not going to suddenly make the Web less safe for people who "practice reasonably safe surfing" and avoid suspicious Web sites, said Russ Cooper, a senior information security analyst at Cybertrust.

"Saying we are at risk due to browser vulnerabilities is akin to saying we are at risk due to being in a car," he said via instant message. "Yes, this is true... but you can certainly reduce the risk of harm while in a car through reasonable knowledge, use, and maintenance. The same is true with browsers."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender solutions stop attacks before they even begin! Get cybersecurity that 500 MILLION users already have and trust.

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?