>
> ------------------------------
>
> Message: 4
> Date: Tue, 10 Oct 2006 15:34:37 -0700
> From: Dragos Ruiu <dr@xxxxxxx>
> Subject: [Full-disclosure] pacsec hype security advisory: seven words
> of warning about Flash player nine.
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID: <200610101534.37257.dr@xxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> PacSec Hype Security Team Advisory:
>
> "The new Flash player adds network functions!"
>
> Details:
>
> With a minor amount of fanfare "binary socket" support has been
> added to Flash Player 9 / ActionScript 3.0. The Flash sandbox model
> is primarily focused on preventing modifications to the local system,
> and thus there are many ways to bypass the only-connect-back-upstream
> and port < 1024 limitations on the SWF applet Socket() class. A
> (potentially malicious) server can override the limit with a
> cross domain policy file on the server, or it can be overriden
> locally at the player with a global setting/policy change, or
> by configuring the applet as trusted.
>
> Adobe has a paper on flash security configuration at:
>
> 9_security.pdf
>
> The potential for network misuse possible in Flash just went up
> several orders of magnitude, and as the Adobe site triumphantly
> proclaims it's apparently in use at 97.3% of networked computers.
> I'll avoid some of the more exotic scenarios, lest they give
> anyone some bad ideas - and leave this caveat at this warning.
>
> Audited the trusted Flash applets on your system lately?
>
> Forewarned is Forearmed.
>
> cheers,
> --dr
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Tokyo, Japan November 27-30 2006
> pgpkey kyxpgp
>
>
>
