EXPLOITS

(A)bort, (R)etry, (T)ake down entire network?

Keeping all the ducks in a row is more likely to benefit the foxes than the ducks.

D. R. Morrison

As in most competitive industries, we don't reveal very many of our tools to the general public, because ignorance is better for our business, and our knowledge provides our competitive advantage. Note that many computer manufacturers also prefer this situation. If you knew how unsafe most of your computers are, you might start insisting on better quality control and responsibility.

Our bag of tricks relies on vulnerabilities in network protocols, firewalls, mail programs, word processors, spreadsheets, databases, routing protocols, operating systems, web servers, browsers, mail servers, modem pools, rpc calls, race conditions, buffer overflows, social engineering, physical assaults, environmental conditions, denial of service attacks, viruses, remote access protocols, multimedia distribution, and our own locally developed tools.

If this is too boring, you might want to close your browser.

As a small demonstration, we now present some "stupid net tricks" (a term coined by Bill Cheswick?). As a result of lame reasoning by software developers, the browser has become a user's method of viewing their own computer as well as the Internet. This mixture of documents and programs is just the sort of fuzzy thinking that causes security failures to creep in, because you lose sight of which documents you can trust and which ones you should not trust. Since we have no interest in bringing about the downfall of the Internet, we don't reveal the worst flaws here. These are just for fun, but you can see a much worse one at L0pht. Didn't even need CaptiveX...

Depending on which version you are using, these may or may not work on your browser. Now just turn on Javascript and Java, and hang on for the ride. You might want to save your files first...

---------- POLICE LINE - DO NOT CROSS ---------

Check out the latest java security bug

Install a virus if you use Microsoft Internet Explorer (in addition to MSIE).

Try our new remote administration system for Microsoft Internet Explorer.

WHATEVER YOU DO, DON'T TOUCH THIS OR THIS.

AND WHATEVER YOU DO, DON'T TOUCH THIS or THIS OR THIS IF YOU ARE USING NETSCAPE 2.0.

AND KEEP AWAY FROM THIS LINK with Netscape 3.0 and 4.0b1.

TRY Server Pushy® (only with Netscape Communicator 4.0)

AND WHATEVER YOU DO, DON'T TOUCH THIS WITH MICROSOFT INTERNET EXPLORER!

AND WHATEVER YOU DO, DON'T TOUCH THIS IF YOU HAVE A JAVASCRIPT CAPABLE BROWSER.

AND WHATEVER YOU DO, DON'T TOUCH THIS IF YOU RUN MICROSOFT WINDOWS.

Have Netscape install a mailbox for DigiCrime on your machine.

AND DON'T CLICK HERE IF YOU HAVE MICROSOFT INTERNET EXPLORER AND A POSTSCRIPT PRINTER.

BUT YOU CAN CLICK HERE TO SEE SOMETHING INTERESTING IN MICROSOFT WINDOWS.


DigiCrime is comically hosted at Southwest Cyberport, in Albuquerque, New Mexico.