mozilla :: #security

 
25 Jul 2017
06:40freddyb:)
06:40freddybmorning
06:42globyo!
12:31ulfrthis is concerning https://yro.slashdot.org/story/17/07/14/183237/popular-chrome-extension-sold-to-new-dev-who-immediately-turns-it-into-adware
12:31freddybplease clarify? do you mean the fact that people still read slashdot?
12:32ulfrthat too
12:32freddybin all seriousness, yes this is concerning
12:32freddybtricky to mitigate :/
12:37freddybespecially when "selling an extension" is just a means of giving someone else the password and that's all we see.
12:37freddybdetecting code changes is tricky. maybe?
12:40ulfrwe could detect changes in access patterns to amo, but that'd be noisy
12:41freddybyup
12:41freddybwe could also try to detect changes in addon behavior, but all we have right now is static analysis
 
25 Jul 2017
   
Last message: 8 hours and 7 minutes ago