"Brown Orifice" Is Only The Beginning
Fake News written by on Thursday, August 10, 2000
Last week security holes were found in Netscape's Java implementation that allowed it to act as a web server. Earlier today, a hacker announced that he had found vulnerabilities in Mozilla M17 that allow it to operate as a web browser. And that's just the beginning.
Said "3l337h4x0r", the discoverer of the M17 exploit, "This is quite a hack! By manipulating some internal functions, I was able to use M17 to actually surf the web. Slashdot and Humorix rendered beautifully."
Mozilla engineers were stunned. "This shouldn't be possible. M17 contains a newsreader, a mail client, an instant messenger client, and a whole bunch of XUL acronymn-enriched stuff, but it shouldn't be able to handle HTTP or HTML. We haven't been planning on adding web-surfing functionality to Mozilla until M30... maybe M25 at the earliest. I suspect this whole thing is a hoax."
It doesn't appear to be a hoax, however. Mr. 3l337h4x0r demonstrated his hack for us here at Humorix World Headquarters. It was quite impressive. The Slashdot homepage loaded in about 0.003 seconds, which is a sharp improvement over Netscape 4.73, which often crashes before rendering anything. Said the hacker, "This modified Mozilla software really kicks butt. Internet Explorer is toast."
Exploits have also been discovered in other software programs during the past week. By exploiting a series of holes in the LISP interpreter, it's possible to use Emacs as a text editor. "Emacs has always made an excellent kitchen sink," said Reinhard Langer, the discoverer of the security flaw. "But the only thing that it can't do is edit text files. Until now."
One GNU project programmer responded, "Wow! I didn't know Emacs could be used for things beyond Eliza and Dissociated Press. And here I've been editing Emacs LISP source code with vi for all these years..."
Microsoft programs haven't been immune to exploits, either. An old maxim in the Unix community states, "All programs expand until they can read mail... except Microsoft Outlook." Well, that's no longer true. By taking advantage of loopholes in several undocumented APIs, a team of geeks were able to transform Outlook from a virus-delivery system into an actual mail client.
"It was quite a feat to accomplish this," said one of the geeks. "I mean, the rat's nest that is the Windows API can be used to frighten small children... or adults. And the frequency by which Outlook exploits are discovered is directly proportional to the number of times Bill Gates uses the word 'innovation'. But this is the first time somebody has discovered a beneficial exploit."
Microsoft has vowed to release a patch to fix the uncovered security flaws. "We simply cannot tolerate unauthorized reverse engineering and hacking of our innovative solutions. Our Security Response Team will pull an all-nighter to eliminate these known issues."