[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a46d7eaa0905301838y4b981d97t35aa61be82364ce6@mail.gmail.com>
Date: Sun, 31 May 2009 02:38:20 +0100
From: saphex <saphex@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Is FFSpy a hoax?
I decided not to answer any more, but this as become funny,
registering a e-maill account called ffspybuster? lol you're
definitely creative. Anyway, peace, be good.
On Sat, May 30, 2009 at 8:01 AM, FFSpy Buster <ffspybuster@...il.com> wrote:
> Hi,
>
> I have been watching the discussion on FFSpy since the last few weeks.
> Duarte Silva, the author first posted it here: http://myf00.net/?p=18
>
> He also believes that the addon mechanism of all software is flawed from
> security standpoint. He says that while it is not much of a nuisance in
> other software, it is very much a nuisance in Firefox. The discussion can be
> found here: http://myf00.net/?p=97 (See comments)
>
> He suggests that Firefox must do something to notify the user when an addon
> has been compromised by a remote attacker. He agrees that the remote
> attacker has to gain physical or local access of the system by remotely
> logging in or something. Let us say the attacker ssh-ed or telnet-ed into
> the user's PC and modified an addon. What measures can Firefox take to
> notify the user of the modification?
>
> I can't imagine of any because if it is digital signature or checksum based,
> the attacker can very well modify the public key or the checksum in
> Firefox's store. So, this whole FFSpy thing sounds like a hoax to me, an
> unnecessary panic being created by Duarte Silva. Please correct me, if I am
> wrong.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists