Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
The Aurora IE Exploit That Penetrated Google in Action (praetorianprefect.com)
14 points by Prefect on Jan 16, 2010 | hide | past | favorite | 2 comments



This is basically just a video version of this:

http://blog.metasploit.com/2010/01/reproducing-aurora-ie-exp...

posted earlier as:

http://news.ycombinator.com/item?id=1055986

which already has some discussion. If you're interested in how the vulnerability actually works, there's a Haml reduction of what may be the core cause (a DOM object lifecycle bug) posted on that thread.

I'm also not sure it's been established that this code is what got the attackers into Google, although it appears to have gotten them Adobe.


You mean like it basically says right in the beginning of the post? ;)

"Earlier today this entry from yesterday at Wepawet (an online analysis engine for malware) was pointed out to H.D. Moore, and within hours Metasploit has an exploit of the vulnerability integrated. McAfee has confirmed that the exploit is out and the same one they saw during the investigation" Source: http://praetorianprefect.com/archives/2010/01/the-aurora-ie-...

On your second item, here's what McAfee has stated:

"Computer code that exploits the yet-to-be-patched Internet Explorer vulnerability used in Operation Aurora to attack Google and others in December has now been published on the Internet." Source: http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploi...




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: