[Owasp-board] OWASP tied to trojaned Firefox Add-on

Paulo Coimbra paulo.coimbra at owasp.org
Fri Jul 16 15:52:48 UTC 2010


Matt et al,

 

Excellent, I am glad this episode has been clarified. If you ultimately
think any further action should be taken, please let me know.

 

Thanks,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Matt Tesauro [mailto:matt.tesauro at owasp.org] 
Sent: sexta-feira, 16 de Julho de 2010 16:44
To: Paulo Coimbra
Cc: 'Matt Tesauro'; 'OWASP Foundation Board List'
Subject: Re: OWASP tied to trojaned Firefox Add-on

 

Paulo,

 

Nothing else to do.  This is perfect.  I knew I had seen an email about it
but didn't have the skills to find it like you do.

 

BTW, Dave had the great idea to email Michael Coats since he now works for
Mozilla and we determined that it wasn't an official OWASP project but
probably Adam's post to the Phoenix list.

 

Here's what Michael had to say:

http://michael-coates.blogspot.com/2010/07/owasps-nonrole-in-backdoored-fire
fox.html

 

--

-- Matt Tesauro

OWASP Board Member

OWASP Live CD Project Lead

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

http://AppSecLive.org - Community and Download site

 

On 7/16/10 6:03 AM, Paulo Coimbra wrote:

> Matt,

> 

> I've gone through the tools I use to manage OWASP Projects and 

> couldn't find any record of this being an official OWASP Project.

> 

> I've checked all my exchanged emails and couldn't find anything that 

> indicates we have set up such a project, although I have identified a 

> thread in which you are involved that may or not be related to this 

> issue. Please see the enclosed email.

> 

> Additionally, we've built an OWASP Projects dashboard which is kind of 

> a GPC repository for all OWASP Projects and we haven't listed this 

> project either.

> 

> http://www.owasp.org/index.php/OWASP_Projects_Dashboard

> 

> Please let me know whether or not I should take further action.

> 

> Thanks,

> 

> Paulo Coimbra,

> 

> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>

> 

> *From:* Matt Tesauro [mailto:matt.tesauro at owasp.org]

> *Sent:* quinta-feira, 15 de Julho de 2010 19:59

> *To:* Paulo Coimbra; OWASP Foundation Board List

> *Subject:* OWASP tied to trojaned Firefox Add-on

> 

> Paulo,

> 

> Can you look though your list of people who have started OWASP 

> projects and see if this is an official OWASP project?

> 

> If so, please reach out to the project leader and let them know about 

> the situation. Hopefully, they can update their Firefox Add-on 

> collection quickly.

> 

> Background:

> 

> http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add

> -on-was-backdoored.html

> 

> "I was giving the OWASP Firefox Security Collection a try, installed a 

> bundle of extensions unknown to me ..."

> 

> Apparently the trojaned Add-on looked for any submitted login 

> credentials and submitted them to a specific IP along with the URL and 

> some other meta-data.

> 

> --

> 

> -- Matt Tesauro

> 

> OWASP Board Member

> 

> OWASP Live CD Project Lead

> 

> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

> 

> http://AppSecLive.org - Community and Download site

> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100716/03291666/attachment-0002.html>


More information about the Owasp-board mailing list