As a developer advising a client, can you advise them to use Flash as a frontend for any application that requires a username or password?
Over 80% of exploits in 2009 were through Flash and PDF vectors. I was looking at AIR to be a solid base for portable applications, but now it seems that those applications could not hold any important personal information for it to be feasible. There is also little explanation of these exploits. Is it that the website needs to have written Flash code that abuses exploits on the Client machine, requiring the client to load one of these Flash movies? In that case the website developers themselves would be the ones trying to gain remote access to the client machine. Or is it that Flash itself contains exploits which can be attacked externally? i.e. the .swf file itself can be manipulated through URLs or other means to allow code execution on the client machine? If not Flash, then what other visual environment is there for writing applications that is portable? http://digg.com/microsoft/Flash_exploit_served_by_Microsoft_says_Flash_Magazine http://blogs.zdnet.com/security/?p=5473 http://blogs.zdnet.com/security/?p=3773&tag=content;col1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:312204 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
