|
A serious flaw in the way people use Adobe's Flash software could leave tens of thousands of websites vulnerable to hackers. The problem lies in Shockwave Flash files (SWFs), which appear on websites and allow the site author to include short movies or animated graphics. (Source: half-serious.com) The way the software currently works means it's possible for hackers to insert their own code into these files. For example, they could program the file to send them copies of personal information that the user types while visiting a site. At the moment, there are no patches available.
The problem is uncovered in the new book, 'Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions'. The authors include researchers from Google and iSEC partners, a firm that specialises in security testing. According to the book, which won't be officially released until January, more than 500,000 SWFs are vulnerable to hackers, including those on sites for financial firms and government agencies. Author Alex Stamos warned that the only sure-fire way to get around the problem is to remove the SWFs from the site until a solution is found. The issue is made worse by the fact that many of the most common programs used for creating such animations automatically generate code that includes the bugs. Site owners will need to manually examine every SWF and check for problems. The authors have been coordinating with Adobe on the problem and the software firm says a solution should be available in the next few weeks. (Source: computerworld.com)
-- Related newsletter articles:
2007/11/30 Al Gore's Website Hit by Spammers (hackers)
2007/09/21 Web Protectors Falling Behind (hackers)
2005/02/17 Different types of Hackers? (hackers)
2007/11/12 Anti-Spyware Offer Revealed As Front For Hackers (hackers)
2007/10/16 Storm Worm Continues to Scare (hackers)
2007/11/20 Playstation 3 First Console to Get Internet Security Software (hackers)
2007/04/05 MS Critical Security Fix: Released Ahead of Schedule (hackers)
2006/12/29 Vista Activation Crack Improved (hackers)
2007/02/13 New Excel Attack Threatens Office (hackers)
-- Recent articles (from all channels): 2008/05/12 Today in History: for Monday, May 12, 2008
2008/05/12 [ShellX 20080512]: 'Remote Manager', and 'Cyber Bandwidth ...
2008/05/12 Video Gaming Trade Group Struggling
2008/05/12 T-Mobile Finally Joins 3G Phone Race
2008/05/12 Apple Slammed by Environment Watchdog
2008/05/09 [ShellX 20080509]: 'Advanced Run', and 'Diver Windows Manager'
2008/05/09 Texas Refuses Facebook Friend Request
2008/05/09 Photo-Enforcement Technology Replaces Officers On Patrol
2008/05/09 Cuban Government Says 'Ok Computer'
2008/05/09 Excel Can E-Mail Your Weekly Reports For You!
2008/05/08 [ShellX 20080508]: 'Shell Enhancer', and 'Lansweeper'
2008/05/08 Xobni: MS Outlook Social Networking Technology for your Inbox
2008/05/08 Music Companies Jump on GTA IV Bandwagon
2008/05/08 Fascinating: Memristor to replace Binary
2008/05/08 Adobe Hopes To Make Flash Master Of The (Mobile) Universe
2008/05/08 Spiffy Envelopes and Labels in MS Word
2008/05/07 [ShellX 20080507]: 'Winbin2iso', and 'Loop Typer'
2008/05/07 Yahoo Adds Security Warnings To Search Results
2008/05/07 Apple to Lose Money on iTunes Movie Releases
2008/05/07 Amazon.com takes New York Tax to Court
2008/05/07 Need Glasses for the Slide Sorter View in MS PowerPoint?
2008/05/07 After Winning The DVD Format War, Blu-Ray Sales Tank
2008/05/06 [ShellX 20080506]: 'Visual Basic 6.0 Portable', and 'Double-...
2008/05/06 Yahoo Outsources to Jajah
2008/05/06 New HP Circuit Could Change Technology Forever
2008/05/06 Movie Downloads To Match DVD Release Dates
2008/05/06 Microsoft Ends Yahoo Bid
2008/05/05 [ShellX 20080505]: 'Ie7 Pro', and 'Desktop Ok'
2008/05/05 The WB Network Hops Online
2008/05/05 Microsoft Slashes Price of Xbox 360 Overseas
2008/05/05 Google CEO Wants YouTube to Take More of Your Money
|
