Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It" 106
chicksdaddy writes "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a 'critical vulnerability' in a Chrome DLL. 'It has silent and automatically (sp) download function and it works on all Windows systems,' he told Security Ledger. However, more than a few questions hang over Gobejishvili's talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a 'general discussion' about it, but won't release source code for it. 'I know this is a very dangerous issue that's why I am not publishing more details about this vulnerability,' he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."
Certainly has a legitimate track record (Score:3, Insightful)
Re:Certainly has a legitimate track record (Score:5, Insightful)
He's doing it for fame, not for profit. By selling out a single hole, he gets a one-time check. By talking about it in the abstract, he gets attention. Perhaps a lot of attention, and people listening to him speak. Some people value attention more than money.
Re: (Score:2, Interesting)
He's doing it for fame, not for profit. By selling out a single hole, he gets a one-time check. By talking about it in the abstract, he gets attention. Perhaps a lot of attention, and people listening to him speak. Some people value attention more than money.
or maybe he just wants to advertise his product before setting the price
Re: (Score:1)
http://mobile.slashdot.org/story/12/11/19/0438206/windows-phone-8-users-hit-some-snags?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+(Slashdot) [slashdot.org]
Of course it's defective! Which part of "Microsoft Product" did you not understand?
Re: (Score:1)
Re:Certainly has a legitimate track record (Score:5, Interesting)
He's advertising to sell to one of the big 0-day sellers in the world. Probably get a lot more than 60,000 for something this useful
Re: (Score:2)
Re:Certainly has a legitimate track record (Score:5, Informative)
I seriously doubt any of the big zero-day sellers (or buyers for that matter) would be interested in an "exploit" where you use java script to change the *status bar* (Not address bar) to spoof what URL a link actually goes to.
Yes, that really is what this person considers an exploit, and he has never discovered nor shown he understands anything more complex than that :P
Re: (Score:2)
Re:Certainly has a legitimate track record (Score:5, Insightful)
Sorry, but this is one of the most clueless security researchers on the planet.
See https://code.google.com/p/chromium/issues/detail?id=108651
Re:Certainly has a legitimate track record (Score:5, Interesting)
No, it just means Google had an error.
The issue in question has this source code:
<script>
var cxrili=new Array("1337","longrifle0x?");
var a=0;
while (a=1)
{
document.write(cxrili[a])
a++;
}
</script>
Researcher claims this crashes chrome, turns out it just crashes the tab nicely with what they call a "sad" tab.
Researcher then says: "Hmm.. really? I tested it on two other PC and got result." because he clearly didn't understand what they said.
They then close the "bug".
Nice ad hominem and appeal to authority though. Jackass.
Re:Certainly has a legitimate track record (Score:4, Insightful)
And Google staff has a great temper on that one. I would have pointed out "Programming for Dummies" to the guy straight out and I would have banned him from my bug tracker. I mean, by this bug alone you can see the guy is utterly clueless about CS in general.
Re:Certainly has a legitimate track record (Score:5, Interesting)
I particularly like this part from his bug report:
VERSION
Chrome Version:Ubuntu 11.4 version
Operating System: [Ubuntu 11.4]
Man I love that version of chrome. What do you call a security researcher who cant even identify his platform in his bug reports?
Re: (Score:2, Insightful)
However, I do not believe that is the case here.
Re: (Score:2)
When you go to the Chrome "about" screen, I dont believe the words "ubuntu 11.4 version" ever pop up. I believe the version is an all numeric string that is the same regardless of what language you speak, like "23.0.1271.64 m"
Re: (Score:2)
Version 20.0.1132.47 Ubuntu 12.04 (144678)
Comment removed (Score:5, Informative)
He has a video up of this exploit.... (Score:1)
He has a video of the Google Chrome exploit that he discovered up already:
http://youtu.be/AvkbhFmJcn4
He can get your browser to launch an arbitrary application on your PC when you open a webpage.
Re: (Score:2)
Re: (Score:2)
So putty opened all by itself, right?
Re: (Score:1)
The word document, which was already on his local system, which is already preset to trusted which can execute macros, executed putty.
Re: (Score:2)
Well, this guy MAY actually have something.
Re: (Score:1)
Well, this guy MAY actually have something.
Or maybe the page has a hidden image loaded from a webserver running on localhost. The webserver is configured to start putty when someone connects...
I did something like that 15+ years ago, so it's nothing new at all.
Re: (Score:2)
Re:Certainly has a legitimate track record (Score:5, Informative)
LMAO
The very first video where he purportedly shows an Office 2010 0-day vulnerability ("it has silent and automatically download function"), I noticed he right clicked the desktop and clicked pressed "refresh"...
He then moves on to show that he really is running Office 2010, and then he opens a link, not a word file, which opens MS Word and then opens a local, not silently downloaded, executable: Putty. He finishes by typing "1337" in the connectbox of Putty.
There are unthinkably many scenarios that lead to this behavior, but this dude having been able to find an actual 0-day vulnerability in any software is not one of them.
Re: (Score:2)
and then he opens a link, not a word file
How can you tell it's a link (and what do you mean by "link" - shortcut? URL file?) and not a Word file? The filename of whatever he clicks on (which admittedly doesn't look like any Word .doc icon I've seen, but I don't see very many) does seem to match the filename showing in the titlebar of the opened Word window.
Not that I don't believe this guy really is clueless.
Re: (Score:1)
If you look closely sometimes you see the little icon that designates a shortcut. I don't know why it isn't visible all the time, may have something to do with the recorder he used. Also look at some of his other video's, he basically does the exact same thing everytime.
He could have bound a keyboard shortcut to open Putty for all we know, and he just times pressing the combination to "prove" he has an exploit. Kinda stupid that he never ever gives the source for his exploits, maybe he's just furious that h
Re: (Score:3)
If you look closely sometimes you see the little icon that designates a shortcut.
Oh, I see what you mean now - I think you've mistaken the optional Windows item selection checkbox for a shortcut indicator.
http://www.sevenforums.com/tutorials/10111-select-items-check-boxes.html
But yes, you're right, that video is proof of nothing.
Re: (Score:1)
Oh right, anyway it would still be anything, like a batch script of which he changed the icon or whatever.
Re: (Score:2)
He certainly has a history of uncovering exploits. Here are his youtube videos: http://www.youtube.com/user/longrifle0x [youtube.com]
Notice the comment section was disabled on all his video. He certainly does not like having his crap exposed publicly.
Re: (Score:2)
Four out of five U.S. Presidents (Score:1)
Never trust a guy with 7+ vowels in his name...
Do you know how easy it'd be for someone with a middle name to trip that heuristic? By that measure, you'd trust only one of the last five U.S. Presidents.
Re: (Score:2)
Never trust a guy with 7+ vowels in his name...
Do you know how easy it'd be for someone with a middle name to trip that heuristic? By that measure, you'd trust only one of the last five U.S. Presidents.
Your point being?
But apples vs. oranges anyway. I don't know Ucha Gobejishvili's middle name (if he even has one), else I might have upped the minimum number, if I hadn't been completely joking... Though 7 vowels in just a first+last name seems excessive; I blame his parents.
Stephanie Peterson (Score:2)
if I hadn't been completely joking
For me, it was just a fun thought exercise to see how your heuristic held up against real-world American names or otherwise plausible anglophone names like Stephanie Peterson: eaieeeo (7).
Though 7 vowels in just a first+last name seems excessive; I blame his parents.
For one thing, different languages have different standards for a last name. Russian, for example, has lots of surnames that carry the suffix "-ov" (fem. "-ova"), "-ev" (fem. "-eva") or "-in" (fem. "-ina"). Greek has the suffix "-opoulos", which corresponds to English "-son" but has four vowels by itself. I just wanted to
Re: (Score:2)
Dude(tte?). You have *way* too much free time. Although, I wish you had been in my college Semantics class way back when, instead of the lazy ass-clowns (hyphen intentional) who took it looking for an easy grade. I had to wait until after class to ask the professor any serious questions to avoid the ire of my classmates.
Racism? Vowels don't see race, color, gender, etc ... - or orientation, though that (sometimes) "Y" is a little sketchy. Sure, maybe after a little wine... :-)
BTW. Your example, "Steph
Re: (Score:1)
Georgian names aren't entirely dissimilar: "-shvili" is like "child of" (sort of like the Icelandic "-sson" or "-sonur"), and I wouldn't be surprised if "Gobeji" was the name of a village or something.
Re: (Score:1)
Softpedia profiled this person in an article: http://news.softpedia.com/news/Hackers-Around-the-World-No-Flaws-Escape-This-Georgian-s-Longrifle0x-252180.shtml [softpedia.com]
However, a subsequent comment by the author says:
"When this article was published the researcher was a respected member of an important security research team. In the meantime, his work became
Researcher Claims To Have Chrome Zero-Day (Score:1, Funny)
Google Says "Prove It"
World yawns
Clueless (Score:2, Insightful)
Maybe he's talking about this [google.com] lol. Or mybe this one [google.com]. tl;dr dude is clueless.
Re: (Score:1)
oop link is https://code.google.com/p/chromium/issues/detail?id=108651
This researcher has a poor track record (Score:5, Informative)
This security researcher has a track record of not understanding even basic security concepts.
Basic misunderstanding of "memory corruption" vs. an "out of memory" condition: https://code.google.com/p/chromium/issues/detail?id=108651
Basic misunderstanding of web security and the capabilities of Javascript: https://code.google.com/p/chromium/issues/detail?id=148636
This does not preclude the case where he's stumbled across something real, but it seems highly unlikely.
Re: (Score:1)
Oh dear God, check this one:
https://code.google.com/p/chromium/issues/detail?id=142864
Re: (Score:2)
Re: (Score:1)
The same goes for, you chief - be constructive (No - i'm not the person who originally posted this)
This security researcher has a track record of not understanding even basic security concepts.
Basic misunderstanding of "memory corruption" vs. an "out of memory" condition: https://code.google.com/p/chromium/issues/detail?id=108651 [google.com]
Basic misunderstanding of web security and the capabilities of Javascript: https://code.google.com/p/chromium/issues/detail?id=148636 [google.com]
This does not preclude the case where he's stumb
Re: (Score:2)
In Firefox, just select the url, right click, and "Open Link in New Tab".
You can't do this in Chrome (last time I tried about a year ago) which is one of the reasons I stayed with FF.
Re: (Score:2)
Thanks ACs. I still probably won't try it again, as I didn't find it any fast, and hated that auto-updater that ran constantly in the background it installed.
(I'm not sure if it still does that either, but I'm happy with FF at moment.)
Fermat's Last Exploit (Score:5, Funny)
I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.
Re: (Score:2)
Re:Fermat's Last Exploit (Score:5, Funny)
Re: (Score:2)
FTFY
Re: (Score:2, Insightful)
i don't think the repliers got the fermat's reference :)
Re: (Score:2)
I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.
The user?
Looks like it fits well enough in this post...
Re: (Score:1)
Re: (Score:2)
Yeah, too bad you have to either be admin, give admin permissions, use sudo or be root, ...
(You won't believe how many local "exploits" get reported where the prerequisite is that the user is administrator or root to begin with. Or require scripts to be run with similar permissions. (Hint:
Odd indeed. (Score:2)
Re: (Score:2)
If he gives this lecture and somebody watching figures out how it works, then that somebody else could claim the bounty.
I just wish I was going to the conference. The lecture is sure to be fun.
Re: (Score:2)
fun != funny
Big deal... (Score:1)
"it works on all Windows systems,"
Stopped reading after that
Additional photo of hacker (Score:2)
I did some analysis (too advanced and secret for me to disclose) and came up with this [rodneyolsen.net]. Needless to say it's almost an exact match for his photo in the article. No wonder he's not disclosing his 0-day.
Re: (Score:1)
Re: (Score:1)
that will be $340 please
Re: (Score:1)
WANTED: GOOGLE CHROME ZERO-DAY EXPLOITS
WILL PAY BIG BUX
GO TO http://www.mybotnet.somerussianwebsite.com/just-for-morons/drive-by-windows-malware/google-advert/really-dumb-fucks/specially-designed-for-nigerians/click-me-page.asp [somerussianwebsite.com]
Wait for the conference (Score:3)
I'm sure this will attract more attention to the MalCon tent.
Giving MalCon a bad name (Score:2)
I can't believe MalCon is letting this guy present based on the other examples posted in this story of how clueless this guy is. If I was running MalCon I would DEMAND evidence of an actual exploit before agreeing that he be allowed to present anything this stupid and discredit the whole conference.
Re: (Score:1)
Who modded this offtopic? It's not offtopic because it was the security researcher posting.
Re: (Score:1)