Recent Entries
Popular articles
Topics
Recommended links

RSS icon Subscribe

» View my profile
Technorati

del.icio.us My links on del.icio.us

Tags
analysis antivirus application security auditing botnets breaches compliance crime cryptography DNS encryption forensics humor interesting Linux Malware marketing network pdf pentest phishing php Privacy rant reference software ssl standards sysadmin tool tools trends ubuntu Virtualization virtualization security vmware vulnerabilities vulnerability+assessment web web application security webappsec web security windows Windows security xss

« Previous article — Next article »

Port scanning with Adobe Flash

August 20th, 2007 Posted by D Webber

The same origin policy for web browsers is completely blown. Last year SPI Dynamics demonstrated how to trick a browser into doing a port scan of the local network using plain old Javascript. Now researchers at the Chaos Communication Camp demonstrated that Adobe Flash can do the same thing. Very neat proof of concept.

Yet another reason not to trust Flash content and to run host-based firewalls on your intranet workstations and servers. With flaws like these and problems like DNS rebinding , code executed in browsers are no longer limited to accessing their origin server. We can retire the outdated concept of network perimeter.

It’s not practical to disable Flash, but if you use Firefox or another Mozilla browser, the FlashBlock extension at least lets you decide which Flash content your browser can execute.

Related posts:

Posted in Best practices, Web security |
Tags: , , , ,

One Response to “Port scanning with Adobe Flash”:

  1. (A lot of holiday) Week’s Links | lonerunners.net Says:
    October 29th, 2008 at 7:54 am

    [...] Port scanning with Adobe Flash [...]


Article contents copyright © Advosys Consulting Inc. Comments are copyright of the author
Icons courtesy Wikimedia Commons and are copyright of their authors.