On Sat, Sep 5, 2015 at 3:35 PM, Georgi Guninski <[email protected]> wrote: > Just to change the current boring discussion about fucked RFCs. > > http://www.theregister.co.uk/2015/09/04/mozilla_firefox_bugzilla_leak/ > > Hackers spent at least a year spying on Mozilla to discover Firefox > security holes – and exploit them > Bugzilla infiltrated, private vulns slurped since at least 2014 > > ==== > comments: > > 2014 appears too high bound for me, might be wrong. > > Likely the mozilla u$a comrades caught the less skilled attackers, > not those with r00t access (having in mind what a mess > their code is). >
Yesterday Mudge highlighted on Twitter https://twitter.com/dotMudge/status/639866226592882689 : 1990's CERT compromised for vendor vulns. 2015 Mozilla's Bugzilla popped for the same reason. Tactics only change when they stop working. Which is quite true. Therefore, I ask vulnerability sellers: How effective your favorite exploit acquisition platform / program is at preventing this from happening again? Cheers, -- Alfonso
