Slashdot Mirror


How the Mozilla Sniffer Backdoor Was Discovered

An anonymous reader writes "Mozilla pulled one of their Firefox add-ons earlier this week for containing a backdoor which stole passwords from its users. Netcraft has taken a closer look at how the rogue extension worked, and how it was discovered by chance rather than through any code review process. Mozilla are working on a new security model to stop this kind of backdoor happening again."

7 of 201 comments (clear)

  1. Re:Native features in browser by Tar-Alcarin · · Score: 5, Insightful

    there is no way some rogue developer could hide password stealing code in them.

    And since Opera is not open source, there is no way to be sure of that.

  2. Re:Native features in browser by Hijacked+Public · · Score: 5, Insightful

    And Firefox is open source, and there is no way to be sure of it.

    --
    "Sacrifice for the good of The State" - The State
  3. Re:Native features in browser by bsDaemon · · Score: 4, Insightful

    Unless you go through all the code yourself, there's no way to be sure of anything. And unless you're uber-bad-ass, its going to be really hard to understand every line in a massive code-base someone else wrote, let alone all they all play together. So, even if you do your own audit, you can't really be sure. Life's a bitch, isn't it?

  4. wait, add-ons don't have a permissions model? by FuckingNickName · · Score: 5, Insightful

    Do you mean to say that, when I install a Firefox add-on, Firefox won't give a list of requested privileges? Why has it taken 30 years for people who think in Unix security terms to not catch up to the VMS "fine-grained privileges to executables for users" security model?

    The whole regular user / root thing is awful. Microsoft is still doing it wrong because, while the NT kernel may approach the right idea, it builds atop it a mess of get-out-of-jail-free paths.

    It's not impossible.

    (1) By default, allow nothing;

    (2) Never allow everything - require software to specify exactly what it needs;

    (3) Classify permissions so the user is alerted more violently for more risky permissions - this may depend on the circumstances (e.g. a browser add-on usually shouldn't be asking for the same sort of privileges as backup software);

    (4) Software which needs an unusually privileged environment may benefit from auditing and signing, but never make this compulsory because this pisses off everyone;

    (5) But, by default, refuse in such circumstances and indicate why. The user needs to make a conscious effort to override a reasonable set of auto-refusal defaults;

    (6) Distinguish explicitly between once, occasional, time-limited and forever permissions. To take a particularly insidious example: iPhones ask if you want to give permission for your app to read your GPS location. This isn't permission for the next 15 minuts or day; it's permission forever. That is wrong. Looked at from the other end, don't do a Vista and ask every time. This is worse than not asking at all.

    More thoughts, guise?

    1. Re:wait, add-ons don't have a permissions model? by Karellen · · Score: 5, Insightful

      I have a feeling that the Mozilla guys don't think in Unix security terms. Mozilla/Firefox is targetted more heavily towards Windows than Linux, and it shows in a lot of places that a lot of the developers think that way too.

      e.g. The use/implementation of "profiles", which are a work-around to the problem of running on a system that does not support multiple user accounts (well), or where it is expected that multiple users use the same user account. Last I used Mozilla and Firefox on Windows, these were still pretty prominent. They're also included in Unix-based builds, where they're mostly pointless, instead of being IFDEFed out by default on those platforms.

      See also the automatic updater. This is required on Windows, which does not have a centralised update system for 3rd party apps, and assumes each user will install their own copy of the software, or will have write privs to system software locations, or will have the Administrator password. It's redundant and useless on most Unices/Linux distros, but the code is still included by default.

      It also prefers to bundle its own copies of 3rd party libraries, common practice on Windows where dependency handling doesn't exist, and 3rd parties generally do not bother to try to maintain backwards ABI compatibility between DLLs. Again this is contrary to the Unix way of doing things, where dependencies are well defined, and library authors take pains to ensure backwards-compatible ABIs. But still Mozilla software ships private copies of 3rd party libraries by default on Unix.

      Mozilla software appears to be primarily written for Windows by Windows-based developers. Yes, it does work on Unix/Linux systems, but that's not how the developers think, and it shows.

      --
      Why doesn't the gene pool have a life guard?
  5. Re:Native features in browser by jcochran · · Score: 4, Insightful

    Unless you go through all the code yourself, there's no way to be sure of anything.

    Only thing that can be made about that statement is to point to a nice little presentation by Ken Thompson. Take a look at 'Reflections on Trusting Trust'. Almost certain you haven't seen it given your comment.

  6. Addon called "Mozilla Sniffer" by DroppedAtBirth · · Score: 5, Insightful

    The addon was called "Mozilla Sniffer", and people still installed it? I would understand if this was some functionallity hidden in a valid sounding addon but its called "Mozilla Sniffer". User FAIL.

    --
    Rob