The Symantec article basically points out that downloading and running desktop applications from the Web can be dangerous. I think we already know this. ;-) An interesting question, which the Symantec doesn't address in the article, will Norton AV detect known malicious AIR applications.
Has anyone looked carefully at the ActionScript runtime library and all of the wonderful things that Flash applications can do from inside of a Web browser? For example, there must be no security issues in the ActionScript socket class, right? http://livedocs.adobe.com/flex/2/langref/flash/net/Socket.html Richard -----Original Message----- From: Paul Ferguson [mailto:[EMAIL PROTECTED] Sent: Monday, February 25, 2008 3:14 PM To: [EMAIL PROTECTED] Cc: [email protected] Subject: Re: [funsec] Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Richard M. Smith" <[EMAIL PROTECTED]> wrote: >I just don't see the big deal here. Developers can create insecure >applications in most any programming language. Why pick on AIR? I'm not picking on AIR -- I was simply mentioning that this is yet another emerging Web 2.0 technology which may introduce additional security concerns. I hope I'm wrong, but I'm not the only person who sees the unfortunate possibilities: http://www.symantec.com/enterprise/security_response/weblog/2008/02/running _on_air.html Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHwyGDq1pz9mNUZTMRAokWAKCoVfeL2q1gkHHvxFBjlvftR7Zv4QCeMt87 r6OVSQr+5ebFwVwCHRCG9V0= =H6Jf -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
