[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Moox firefox/thunderbird builds. Anyone looked at these yet?
- To: "Michal Zalewski" <lcamtuf@xxxxxxxxxxx>, "TK-421" <ryanarchy@xxxxxxxxx>
- Subject: RE: [Full-Disclosure] Moox firefox/thunderbird builds. Anyone looked at these yet?
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Thu, 11 Nov 2004 09:51:50 -0600
Subseven had a backdoor in it for years....
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
> Michal Zalewski
> Sent: Thursday, November 11, 2004 9:15 AM
> To: TK-421
> Cc: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Moox firefox/thunderbird
> builds. Anyone looked at these yet?
>
> On Thu, 11 Nov 2004, TK-421 wrote:
>
> > Yes, but because it's open source, you know that thousands
> of eyes are
> > looking at it daily. Especially in larger projects like
> > Mozilla/Firefox.
>
> Riight, 220 MB of sources. On a daily basis, just how many
> people with source code audit experience are desperate enough
> to download this and look at more than a couple of files?
>
> This does not work as advertised, quite simply; a well placed
> backdoor is indistinguishable from an unintentional security
> flaw, and unintentional security flaws can thrive in open
> source code for years or decades before being spotted.
>
> --
> ------------------------- bash$ :(){ :|:&};: -- Michal
> Zalewski * [http://lcamtuf.coredump.cx]
> Did you know that clones never use mirrors?
> --------------------------- 2004-11-11 16:12 --
>
> http://lcamtuf.coredump.cx/photo/current/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html