[Owasp-board] Trojaned FF Add-on - the final word
Matt Tesauro
matt.tesauro at owasp.org
Tue Jul 20 17:55:43 UTC 2010
FYI: Confirmation from the source who found the backdoored Firefox
Add-on. It is as we suspected, not part of an official OWASP thing but
interestingly enough because it came from the OWASP RSS aggregation, the
perception was initially that it was OWASP endorsed.
Time for a planet.owasp.org?
-------- Original Message --------
Subject: Contact / Web Form
Date: Mon, 19 Jul 2010 08:23:03 +0200
From: Johann-Peter Hartmann <hartmann at mayflower.de>
To: matt.tesauro at owasp.org
Hi,
> I saw your review and the various news stories about the Mozilla
> Sniffer Add-on. As a member of the OWASP Foundation Board, I'm
> curious where you got this collection from. I don't believe its an
> official OWASP project so I'd like to look further into the situation.
> Since I'm finding multiple collections using the OWASP name, I'd
> appreciate your assistance pointing me at the collection where you
> found the trojaned Add-on.
You are perfectly right, this Add-on wasn't part of any official OWASP
security add-on collection.
I just got this wrong because i got the link to it from the owasp.org
start-page.
It was there due to this blog article:
http://adammuntner.blogspot.com/2010/07/updated-web-application-security.html
that got aggregated in the RSS feed area.
Please see
http://adammuntner.blogspot.com/2010/07/backdoored-plugin-in-web-application.html
for further information about this collection.
It is correct that i first misunderstood that this Add-on was part of an
official owasp-collection, but the mozilla guys pointed this out very fast.
Sorry if i caused you any trouble, i always have been a fan of the owasp
activities and did not mean to.
Best regards,
Johann
More information about the Owasp-board
mailing list