[Owasp-board] OWASP tied to trojaned Firefox Add-on
matt.tesauro at owasp.org
Thu Jul 15 18:59:20 UTC 2010
Can you look though your list of people who have started OWASP projects
and see if this is an official OWASP project?
If so, please reach out to the project leader and let them know about
the situation. Hopefully, they can update their Firefox Add-on
"I was giving the OWASP Firefox Security Collection a try, installed a
bundle of extensions unknown to me ..."
Apparently the trojaned Add-on looked for any submitted login
credentials and submitted them to a specific IP along with the URL and
some other meta-data.
-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download site
More information about the Owasp-board