[Owasp-board] Trojaned FF Add-on - the final word

Matt Tesauro matt.tesauro at owasp.org
Tue Jul 20 17:55:43 UTC 2010


FYI:  Confirmation from the source who found the backdoored Firefox 
Add-on.  It is as we suspected, not part of an official OWASP thing but 
interestingly enough because it came from the OWASP RSS aggregation, the 
perception was initially that it was OWASP endorsed.

Time for a planet.owasp.org?


-------- Original Message --------
Subject: Contact / Web Form
Date: Mon, 19 Jul 2010 08:23:03 +0200
From: Johann-Peter Hartmann <hartmann at mayflower.de>
To: matt.tesauro at owasp.org

Hi,

> I saw your review and the various news stories about the Mozilla
> Sniffer Add-on.  As a member of the OWASP Foundation Board, I'm
> curious where you got this collection from.  I don't believe its an
> official OWASP project so I'd like to look further into the situation.
  > Since I'm finding multiple collections using the OWASP name, I'd
> appreciate your assistance pointing me at the collection where you
> found the trojaned Add-on.

You are perfectly right, this Add-on wasn't part of any official OWASP
security add-on collection.

I just got this wrong because i got the link to it from the owasp.org
start-page.

It was there due to this blog article:
http://adammuntner.blogspot.com/2010/07/updated-web-application-security.html
that got aggregated in the RSS feed area.

Please see
http://adammuntner.blogspot.com/2010/07/backdoored-plugin-in-web-application.html

for further information about this collection.

It is correct that i first misunderstood that this Add-on was part of an
official owasp-collection, but the mozilla guys pointed this out very fast.

Sorry if i caused you any trouble, i always have been a fan of the owasp
activities and did not mean to.

Best regards,

Johann





More information about the Owasp-board mailing list