RE: Moox firefox/thunderbird builds. Anyone looked at these yet?

["Todd Towles" <toddtowles () brookshires com>]

Subseven had a backdoor in it for years.... 

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Michal Zalewski
> Sent: Thursday, November 11, 2004 9:15 AM
> To: TK-421
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Moox firefox/thunderbird 
> builds. Anyone looked at these yet?
>
> On Thu, 11 Nov 2004, TK-421 wrote:
>
> > Yes, but because it's open source, you know that thousands 
> of eyes are 
> > looking at it daily.  Especially in larger projects like 
> > Mozilla/Firefox.
>
> Riight, 220 MB of sources. On a daily basis, just how many 
> people with source code audit experience are desperate enough 
> to download this and look at more than a couple of files?
>
> This does not work as advertised, quite simply; a well placed 
> backdoor is indistinguishable from an unintentional security 
> flaw, and unintentional security flaws can thrive in open 
> source code for years or decades before being spotted.
>
> --
> ------------------------- bash$ :(){ :|:&};: --  Michal 
> Zalewski * [http://lcamtuf.coredump.cx]
>     Did you know that clones never use mirrors?
> --------------------------- 2004-11-11 16:12 --
>
>    http://lcamtuf.coredump.cx/photo/current/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html