[Owasp-board] OWASP tied to trojaned Firefox Add-on

Paulo Coimbra paulo.coimbra at owasp.org
Fri Jul 16 11:03:21 UTC 2010


Matt,

 

I've gone through the tools I use to manage OWASP Projects and couldn't find
any record of this being an official OWASP Project.

 

I've checked all my exchanged emails and couldn't find anything that
indicates we have set up such a project, although I have identified a thread
in which you are involved that may or not be related to this issue. Please
see the enclosed email.

 

Additionally, we've built an OWASP Projects dashboard which is kind of a GPC
repository for all OWASP Projects and we haven't listed this project either.

 

http://www.owasp.org/index.php/OWASP_Projects_Dashboard

 

Please let me know whether or not I should take further action.

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Matt Tesauro [mailto:matt.tesauro at owasp.org] 
Sent: quinta-feira, 15 de Julho de 2010 19:59
To: Paulo Coimbra; OWASP Foundation Board List
Subject: OWASP tied to trojaned Firefox Add-on

 

Paulo,

 

Can you look though your list of people who have started OWASP projects and
see if this is an official OWASP project?

 

If so, please reach out to the project leader and let them know about the
situation.  Hopefully, they can update their Firefox Add-on collection
quickly.

 

Background:

http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-wa
s-backdoored.html

 

"I was giving the OWASP Firefox Security Collection a try, installed a
bundle of extensions unknown to me ..."

 

Apparently the trojaned Add-on looked for any submitted login credentials
and submitted them to a specific IP along with the URL and some other
meta-data.

 

--

-- Matt Tesauro

OWASP Board Member

OWASP Live CD Project Lead

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

http://AppSecLive.org - Community and Download site

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100716/fc4006b8/attachment-0002.html>
-------------- next part --------------
An embedded message was scrubbed...
From: "Adam Muntner" <adam.muntner at quietmove.com>
Subject: Re: [Owasp-leaders] Firefox Web App Sec add-on "Collection"
Date: Wed, 10 Jun 2009 18:56:05 +0100
Size: 9899
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100716/fc4006b8/attachment-0002.mht>


More information about the Owasp-board mailing list