[Owasp-board] OWASP tied to trojaned Firefox Add-on

Tom Brennan tomb at owasp.org
Thu Jul 15 19:03:00 UTC 2010


they are talking about

http://www.owasp.org/index.php/Phoenix/Tools


On Thu, Jul 15, 2010 at 2:59 PM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
> Paulo,
>
> Can you look though your list of people who have started OWASP projects
> and see if this is an official OWASP project?
>
> If so, please reach out to the project leader and let them know about
> the situation.  Hopefully, they can update their Firefox Add-on
> collection quickly.
>
> Background:
> http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-was-backdoored.html
>
> "I was giving the OWASP Firefox Security Collection a try, installed a
> bundle of extensions unknown to me ..."
>
> Apparently the trojaned Add-on looked for any submitted login
> credentials and submitted them to a specific IP along with the URL and
> some other meta-data.
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>



More information about the Owasp-board mailing list