On 14 Aug 2009 at 12:48, Kurt Buff wrote:
> ... If you want to see something really scary, read about the Flash
> "fscommand" operator - basically it's the equivalent of system(3) in UNIX
> circa 1985. Running Flash in your browser is the equivalent of giving a
> command prompt to everyone who owns every website you visit.
Yep, which is why I pretty much only 'surf' from machines where I'm a limited
user, and why I usually download any flash content and view it offline using a
standalone non-Adobe player like VLC or the "FLV Player" from
martijndevisser.com -- AFAIK these players don't support ActionScript.
For the partially paranoid, SandboxIE is a possibility; for the truly paranoid
among us, use a Linux-based VM Browser Appliance.
http://www.google.com/search?q=browser+appliance
Build a Lightweight Browser Appliance
http://howto.gumph.org/content/build-a-lightweight-browser-appliance/
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+-----------------------------------+
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
