Linked by Kroc Camen on Wed 7th Apr 2010 08:19 UTC
Bugs & Viruses Via Ha.ckers.org, we get news of a cross-domain flaw using Flash or Silverlight content that allows the attacker to use the victim's browser as a proxy, including access to the user's session. Erlend Oftedal, the developer, explains how the system works and demonstrates the concept with a video. The flaw stems from developers lackadaisically allowing cross-domain requests from Flash across their whole domain (which obviously includes the user-account interactions); even Flickr and YouTube were culprits at one point.
Permalink for comment 417560
To read all comments associated with this story, please click here.
RE[2]: Not news, or a flaw
by Laurence on Wed 7th Apr 2010 16:09 UTC in reply to "RE: Not news, or a flaw"
Laurence
Member since:
2007-03-26

It’s a human flaw—but a flaw it still is. Hackers exploit all flaws, including human ones.


Very true.
Flamewars and personal opinions aside even I'd admit that most of the instances of malware on Windows is down to flawd humans.

In fact, I can think of at least one occasion when a computer has been set up properly (virus scanner et al) and the user /DISABLED/ the security apps because a porn site told him too!

Reply Parent Score: 4