Re: Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them
Alfonso De Gregorio
alfonso.degregorio at gmail.com
Sat Sep 5 08:48:48 PDT 2015
On Sat, Sep 5, 2015 at 3:35 PM, Georgi Guninski <guninski at guninski.com> wrote:
> Just to change the current boring discussion about fucked RFCs.
>
> http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/
>
> Hackers spent at least a year spying on Mozilla to discover Firefox
> security holes – and exploit them
> Bugzilla infiltrated, private vulns slurped since at least 2014
>
> ====
> comments:
>
> 2014 appears too high bound for me, might be wrong.
>
> Likely the mozilla u$a comrades caught the less skilled attackers,
> not those with r00t access (having in mind what a mess
> their code is).
>
Yesterday Mudge highlighted on Twitter
https://twitter.com/dotMudge/status/639866226592882689 :
1990's CERT compromised for vendor vulns.
2015 Mozilla's Bugzilla popped for the same reason.
Tactics only change when they stop working.
Which is quite true. Therefore, I ask vulnerability sellers: How
effective your favorite exploit acquisition platform / program is at
preventing this from happening again?
Cheers,
-- Alfonso
More information about the cypherpunks
mailing list