| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles)
Subject: Moox firefox/thunderbird builds. Anyone looked at these yet?
Subseven had a backdoor in it for years....
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Michal Zalewski
> Sent: Thursday, November 11, 2004 9:15 AM
> To: TK-421
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Moox firefox/thunderbird
> builds. Anyone looked at these yet?
>
> On Thu, 11 Nov 2004, TK-421 wrote:
>
> > Yes, but because it's open source, you know that thousands
> of eyes are
> > looking at it daily. Especially in larger projects like
> > Mozilla/Firefox.
>
> Riight, 220 MB of sources. On a daily basis, just how many
> people with source code audit experience are desperate enough
> to download this and look at more than a couple of files?
>
> This does not work as advertised, quite simply; a well placed
> backdoor is indistinguishable from an unintentional security
> flaw, and unintentional security flaws can thrive in open
> source code for years or decades before being spotted.
>
> --
> ------------------------- bash$ :(){ :|:&};: -- Michal
> Zalewski * [http://lcamtuf.coredump.cx]
> Did you know that clones never use mirrors?
> --------------------------- 2004-11-11 16:12 --
>
> http://lcamtuf.coredump.cx/photo/current/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists