Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Moox firefox/thunderbird builds. Anyone looked at these yet?
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 11 Nov 2004 09:51:50 -0600

Subseven had a backdoor in it for years.... 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Michal Zalewski
Sent: Thursday, November 11, 2004 9:15 AM
To: TK-421
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Moox firefox/thunderbird 
builds. Anyone looked at these yet?

On Thu, 11 Nov 2004, TK-421 wrote:

Yes, but because it's open source, you know that thousands 
of eyes are 
looking at it daily.  Especially in larger projects like 
Mozilla/Firefox.

Riight, 220 MB of sources. On a daily basis, just how many 
people with source code audit experience are desperate enough 
to download this and look at more than a couple of files?

This does not work as advertised, quite simply; a well placed 
backdoor is indistinguishable from an unintentional security 
flaw, and unintentional security flaws can thrive in open 
source code for years or decades before being spotted.

--
------------------------- bash$ :(){ :|:&};: --  Michal 
Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-11-11 16:12 --

   http://lcamtuf.coredump.cx/photo/current/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • RE: Moox firefox/thunderbird builds. Anyone looked at these yet? Todd Towles (Nov 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]