Flash same-origin vulnerability

The article at [1] seems pertinent to our discussions of security. 
Basically, as I understand it, the vulernability involves sites that allow 
a user to upload a file, and which then serve that file back without 
extensive checking.  When the attack succeeds, it's possible to get a SWF 
file to execute with the origin context of the site to which you uploaded. 
 That's a bit of an oversimplification.  See [1] for details.

Noah


[1] 
http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Friday, 13 November 2009 02:19:02 UTC