Adobe Flash Player Applications : How secure are they ?

Discussion in 'Computer Support' started by pokhara67, Jul 9, 2007.

  1. pokhara67

    pokhara67 Guest

    a colleague at work suggested he could write a Flash application which
    could compromise a user's hard drive data.

    is this possible ?
     
    pokhara67, Jul 9, 2007
    #1
    1. Advertisements

  2. Report your colleague to Homeland Security.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
    #2
    1. Advertisements

  3. In answer to your question (however intelligent that was) is yes. Flash
    files can be malicious. Hell, I can write a batch file that will do away
    with all your data. Would I be successful? Depends on how stupid you
    are. Would it propogate? Depends on how smart I am.

    You are posting through AOL, which would normally indicate a US address.
    However, I'll grant you, there are stupid people in other countries.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
    #3
  4. pokhara67

    pokhara67 Guest

    I know any kind of file can be malicious. I can program too.

    The question I should have posed was :

    Is it possible for a Flash Application to load in my browser (firefox
    on OSX and Linux ) and perform data reads/writes of my disk without my
    consent.


    ps
    AOL in the UK is an excellent and cheap service. 30 dollars per month
    for unlimited usage and no censorship - that I have noticed.

    The only minor annoyance is that they dont have any newsservers,

    Apart from that their ADSL service has never been down once in 4
    months.
     
    pokhara67, Jul 9, 2007
    #4
  5. pokhara67

    Pennywise Guest

    Finding a flaw (buffer overflow) like this one
    http://xforce.iss.net/xforce/xfdb/27601 and having it call Rôgêrs
    batch file - yea; it's finding that flaw that's the hard part.
     
    Pennywise, Jul 9, 2007
    #5
  6. Heh, I like the list of potential platforms affected. They didn't
    mention my Whirlpool microwave though.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
    #6
  7. I hereby humbly apologize for comments I made. You seem to have some
    smarts. But as a side note, you are posting through AOL and Google
    Groups. You are at a double disadvantage going into the conversation,
    but you've shown that you aren't typical. So my apology stands, if
    you're willing to accept it.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
    #7
  8. pokhara67

    pokhara67 Guest

    no probs. any thoughts on the security or otherwise of embedded flash
    applications ?
     
    pokhara67, Jul 9, 2007
    #8
  9. I will from time to time allow flash events on my machine, as opposed to
    Active X (someone else was asking about its security). But I'd rather
    not have to have things running that can have a mind of their own. You
    have to trust the website author and I'm just not that trusting most of
    the time.
     
    =?ISO-8859-1?Q?R=F4g=EAr?=, Jul 9, 2007
    #9
  10. pokhara67

    pokhara67 Guest

    so what about something like this

    www.sankey-music.com

    it doesnt ask for permission to run it just runs.

    there appears to be nowhere in firefox to control the behaviour of
    adobe flash applications
     
    pokhara67, Jul 10, 2007
    #10
  11. pokhara67

    Pennywise Guest

    Myself I don't care. There is a lot of good SWF files out (your
    robot); and I like to see what's out "there".

    I just keep the flash program updated, along with the other basic safe
    guards.

    If you want to disable flash you can do this within your browser or
    uninstall flash. FireFox - Tools/options/Content/File Types
    You can delete the entry or change how it is treated
    (Opera you can have it do nothing, not FireFox)

    A good practice is to use a HOSTS file, others have found the bad
    sites to an extent and you can add any you don't wish to access.
    http://someonewhocares.org/hosts/hosts - It will also keep you from
    reading all the spam/ads on websites.
     
    Pennywise, Jul 10, 2007
    #11
  12. pokhara67

    pokhara67 Guest

    it isnt mine, it belongs to a producer of trash-techno music
    What are the basic safeguards were flash applications are concerned ?
    How do you prevent a flash application from behaving in a way you dont
    like ?
    Do flash applications have a builtin sandbox like java applets ?
     
    pokhara67, Jul 10, 2007
    #12
  13. pokhara67

    Pennywise Guest


    Anti-virus, regprot, and a bit of hopeful trust in MS.

    MicroSoft writes a lot of corruptible code, to the point that SP2 has
    a new feature called DEP (Data Execution Prevention). If a file causes
    a buffer overflow DEP blocks the memory from being used, and killing
    the program.

    DEP is also a Hardware feature, Linux and OSX should be able to do the
    same. http://technet.microsoft.com/en-us/library/bb457155.aspx

    But really I don't worry about SWF files, in your case I wouldn't let
    this friend who made the claim near my computer :)
    In a way.
    www.adobe.com/devnet/flash/articles/fplayer8_security_04.html
    "This section describes the various local sandboxes into which SWFs
    are placed."
     
    Pennywise, Jul 10, 2007
    #13
  14. pokhara67

    pokhara67 Guest

    Thanks but I dont use M$
    well if hes on my computer he wouldnt need a flash application.
    ok, now we are getting somewhere.
    i must admit i dont understand that security model at all.
     
    pokhara67, Jul 10, 2007
    #14
  15. pokhara67

    Pennywise Guest

    Pennywise, Jul 17, 2007
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.