[Owasp-board] OWASP tied to trojaned Firefox Add-on

Matt Tesauro matt.tesauro at owasp.org
Thu Jul 15 18:59:20 UTC 2010


Paulo,

Can you look though your list of people who have started OWASP projects 
and see if this is an official OWASP project?

If so, please reach out to the project leader and let them know about 
the situation.  Hopefully, they can update their Firefox Add-on 
collection quickly.

Background:
http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-was-backdoored.html

"I was giving the OWASP Firefox Security Collection a try, installed a 
bundle of extensions unknown to me ..."

Apparently the trojaned Add-on looked for any submitted login 
credentials and submitted them to a specific IP along with the URL and 
some other meta-data.

-- 
-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site



More information about the Owasp-board mailing list