mozilla :: #security

25 Jul 2017
12:31ulfrthis is concerning
12:31freddybplease clarify? do you mean the fact that people still read slashdot?
12:32ulfrthat too
12:32freddybin all seriousness, yes this is concerning
12:32freddybtricky to mitigate :/
12:37freddybespecially when "selling an extension" is just a means of giving someone else the password and that's all we see.
12:37freddybdetecting code changes is tricky. maybe?
12:40ulfrwe could detect changes in access patterns to amo, but that'd be noisy
12:41freddybwe could also try to detect changes in addon behavior, but all we have right now is static analysis
25 Jul 2017
Last message: 8 hours and 7 minutes ago