On Sat, Sep 5, 2015 at 3:35 PM, Georgi Guninski <guninski@guninski.com> wrote:
Just to change the current boring discussion about fucked RFCs.
http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/
Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them Bugzilla infiltrated, private vulns slurped since at least 2014
==== comments:
2014 appears too high bound for me, might be wrong.
Likely the mozilla u$a comrades caught the less skilled attackers, not those with r00t access (having in mind what a mess their code is).
Yesterday Mudge highlighted on Twitter https://twitter.com/dotMudge/status/639866226592882689 : 1990's CERT compromised for vendor vulns. 2015 Mozilla's Bugzilla popped for the same reason. Tactics only change when they stop working. Which is quite true. Therefore, I ask vulnerability sellers: How effective your favorite exploit acquisition platform / program is at preventing this from happening again? Cheers, -- Alfonso