Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the Mozilla Sniffer Backdoor Was Discovered

Posted by CmdrTaco on from the hate-when-that-happens dept.

An anonymous reader writes "Mozilla pulled one of their Firefox add-ons earlier this week for containing a backdoor which stole passwords from its users. Netcraft has taken a closer look at how the rogue extension worked, and how it was discovered by chance rather than through any code review process. Mozilla are working on a new security model to stop this kind of backdoor happening again."

2 of 201 comments (clear)

  1. That's what you get... by The+MAZZTer · · Score: 0, Redundant

    .. when you install an unverified, experimental Firefox extension from an untrusted author! Firefox extensions are great because of their power to affect the entire browser and even the host computer, which is what made Firefox popular IMO. But this comes with obvious risks you shouldn't ignore!

  2. Re:next time use better typos/mistakes by troll8901 · · Score: 0, Redundant

    The typos he has NOT made give it away, among other clues:

    Perhaps the first few words' proper capitalization, and the clean layout, and pastel background, gave us a positive first impression.

    I'm reading way too much into this. Someone, please mod this post redundant.