lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 25 May 2009 23:54:55 +0530
From: FUDder Guy <fudderguy@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: FFSpy, a firefox malware PoC

On Mon, May 25, 2009 at 8:26 PM, saphex <saphex@...il.com> wrote:
> This isn't about making the user install a malware add-on. It's about
> gaining access to the system trough an exploit, or physical access,
> modify an existing add-on with your code. And Firefox wont even
> notice. Instead of installing a fancy rootkit or keylogger, just go
> straight to the browser, simple. Go tell your average user to check
> the codebase of the plug-ins he has installed in is Firefox from time
> to time in order to make sure they haven't been tampered with, yeah
> good choice...........
>

I agree that attacking Firefox is a simpler way to carry out the
attack than installing rootkit or keylogger. However, this is no
simpler than asking someone to download a cool game, script of
screensaver from my site.

Moreover, only addons.mozilla.org and update.mozilla.org are set as
allowed sites for addon installations by default in the browser. If
one tries to install addons from other site, Firefox issues a warning.
So, this is pretty good. As far as the possibility of malicious addon
on Mozilla site is concerened, the probability is pretty low as the
addons on the Mozilla site appear for download only after a review
process.

So, I don't see this type of attack particularly more dangerous than a
user downloading a software or script with trojan and running it. I
also don't see this type of attack any simpler than fooling a user to
run a cool game or script.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ