Subseven had a backdoor in it for years.... > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Michal Zalewski > Sent: Thursday, November 11, 2004 9:15 AM > To: TK-421 > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Moox firefox/thunderbird > builds. Anyone looked at these yet? > > On Thu, 11 Nov 2004, TK-421 wrote: > > > Yes, but because it's open source, you know that thousands > of eyes are > > looking at it daily. Especially in larger projects like > > Mozilla/Firefox. > > Riight, 220 MB of sources. On a daily basis, just how many > people with source code audit experience are desperate enough > to download this and look at more than a couple of files? > > This does not work as advertised, quite simply; a well placed > backdoor is indistinguishable from an unintentional security > flaw, and unintentional security flaws can thrive in open > source code for years or decades before being spotted. > > -- > ------------------------- bash$ :(){ :|:&};: -- Michal > Zalewski * [http://lcamtuf.coredump.cx] > Did you know that clones never use mirrors? > --------------------------- 2004-11-11 16:12 -- > > http://lcamtuf.coredump.cx/photo/current/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html