MalaRIA – I’m in your browser, surfin your webs

Via, we get news of a cross-domain flaw using Flash or Silverlight content that allows the attacker to use the victim’s browser as a proxy, including access to the user’s session. Erlend Oftedal, the developer, explains how the system works and demonstrates the concept with a video. The flaw stems from developers lackadaisically allowing cross-domain requests from Flash across their whole domain (which obviously includes the user-account interactions); even Flickr and YouTube were culprits at one point.


  1. 2010-04-07 10:00 am
    • 2010-04-07 10:08 am
      • 2010-04-07 9:12 pm
  2. 2010-04-07 10:57 am
    • 2010-04-07 11:10 am
      • 2010-04-07 4:09 pm
      • 2010-04-08 1:26 am