Linked by Kroc Camen on Wed 7th Apr 2010 08:19 UTC
Bugs & Viruses Via, we get news of a cross-domain flaw using Flash or Silverlight content that allows the attacker to use the victim's browser as a proxy, including access to the user's session. Erlend Oftedal, the developer, explains how the system works and demonstrates the concept with a video. The flaw stems from developers lackadaisically allowing cross-domain requests from Flash across their whole domain (which obviously includes the user-account interactions); even Flickr and YouTube were culprits at one point.
Permalink for comment 417671
To read all comments associated with this story, please click here.
RE[2]: Not news, or a flaw
by dvhh on Thu 8th Apr 2010 01:26 UTC in reply to "RE: Not news, or a flaw"
Member since:

As we already know, 98% of computer [security|software|etc...] problems usually stand between the screen and the chair.

Reply Parent Score: 1