Full Disclosure mailing list archives
RE: Moox firefox/thunderbird builds. Anyone looked at these yet?
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 11 Nov 2004 09:51:50 -0600
Subseven had a backdoor in it for years....
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michal Zalewski Sent: Thursday, November 11, 2004 9:15 AM To: TK-421 Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Moox firefox/thunderbird builds. Anyone looked at these yet? On Thu, 11 Nov 2004, TK-421 wrote:Yes, but because it's open source, you know that thousandsof eyes arelooking at it daily. Especially in larger projects like Mozilla/Firefox.Riight, 220 MB of sources. On a daily basis, just how many people with source code audit experience are desperate enough to download this and look at more than a couple of files? This does not work as advertised, quite simply; a well placed backdoor is indistinguishable from an unintentional security flaw, and unintentional security flaws can thrive in open source code for years or decades before being spotted. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2004-11-11 16:12 -- http://lcamtuf.coredump.cx/photo/current/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Moox firefox/thunderbird builds. Anyone looked at these yet? Todd Towles (Nov 11)