Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : Adobe doesn't have a great reputation in the security community, given the long string of exploits and 0-days that have come out over the past few years. Most of the research that I've seen, however, has been attacking the Flash player directly, rather than using it to attack web applications. This is akin to looking for buffer overflows in a Javascript parser, but completely disregarding cross-site scripting as an attack strategy. The attackers, on the other hand, aren't so picky. From the LiveJournal worm that came out a few weeks ago, as well as some other things-I-can't-talk-about, it's clear that they are beginning to play with the interaction of Flash and web applications. So, I've been researching this stuff as well. I've found a lot of interesting things, all of which will get released eventually. The first piece, on how to abuse a quirk in Flash's origin policy complete with a ridiculous multistage Gmail exploit , just went live on Foreground Security's website. Eventually, there will be a whitepaper, a talk, and some tools released. Stay tuned.

Les mots clés de la revue de presse pour cet article : flash
Les videos sur SecuObs pour les mots clés : flash
Les éléments de la revue Twitter pour les mots clé : flash





Les derniers articles du site "Skeptikal.org" :

- Incentivizing Good Behavior
- A Penetration Test Is Not A Vulnerability Assessment
- McAf.ee is Stupid
- Cross-subdomain Session Fixation
- Another day, another Twitter XSS
- Getting The Gist Of Things
- Are Secure Web Apps Possible Yes and no
- Once More, With Feeling URL Shorteners
- On Language and XSS
- Why Diversity Is Mostly Bad

---

S'abonner au fil RSS global de la revue de presse

---