Web Design News | Adobe Fixes Flash Privacy Panel so Hackers Can’t Check You Out

Step 1

Enter your contact information.

Step 2

Enter your project information.

Step 3

Choose the PHP programmers you want to hire.

Compare Free PHP Quotes

Adobe Fixes Flash Privacy Panel so Hackers Can’t Check You Out

Attention PHP Programmers - Add A Free Listing! Get more clients.

Adobe has made changes to a page on an Adobe website that controls Flash user’s security settings—or more specifically, to the Flash .SWF file embedded in the page that opens the Flash website privacy settings panel. The changes are intended to prevent a clickjacking attack that uses the file to activate and access users’ webcams and microphones to spy on them.

The change comes a few days after a Stanford student revealed the vulnerability on his website. Feross Aboukhadijeh posted the exploit, along with a demo and a video demonstration, on October 18. He said in a blog post that he had notified Adobe weeks earlier of the problem, reporting the vulnerability to Adobe through the Stanford Security lab.

The exploit demonstrated by Aboukhadijeh uses an elaborate clickjack “game” that overlays the SWF panel over buttons in a transparent iframe. Here’s a screenshot of the panel before Adobe’s changes:

Through a series of clicks, the exploit was able to clear the privacy settings for Flash’s web camera controls and then authorize a new site to activate and access the camera video.The changes did not prompt any pop-ups or other user notifications.

The changes made by Adobe are to the behavior of the widgets in the privacy settings panel. Here’s a screenshot of the new panel, after the exploit was attempted:

While my test of the exploit still added feross.com to my list of sites in the privacy panel, it was only successfully added with an “always ask” setting for establishing a video link.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

See Also:

Source http://www.webmonkey.com/?p=52071
Mon, 24 Oct 2011 15:59:40 GMT
Tags: Uncategorized,

Attention PHP Programmers - Add A Free Listing! Get more clients.

Uncategorized

Pow: Simplify Ruby on Rails for OS X

Attention Ruby on Rails fans, 37 Signals — the folks who created Ruby on Rails — have put together a new, configuration-free, version of Rack for OS X, the Ruby web server interface. Pow, as the new tool is know, allows you to install and run

Simplify Firefox: Experimental Add-on Hides the URL Bar

Mozilla Labs has released a new experimental Firefox add-on, dubbed LessChrome HD, which hides the URL bar to give webpages a bit more room. The idea is to only show the Firefox user interface when needed, the rest of the time the screen real estate is gi

Stop Typekit Fonts From Slowing Down Your Site

That’s a fancy-lookin’ T you got there. Typekit is one of the easiest ways to get fancy fonts working on your website. Just sign up for an account, pick a font and paste a few lines of code into your pages. TypeKit takes care of the rest, ens

Members:

Fort Collins

AnS International Web Design

AnS International specializes in web design, search engine optimization, web marketing, social media marketing, copywriting, and website hosting services. We are based out of Colorado.

Fort Collins, Colorado US

Milwaukee

Thoreson Web Designs

Thoreson Web Designs is a Wisconsin-based web design business located in Milwaukee. I have experience with an array of tools and programs, and understand the importance of project management.

Milwaukee, Wisconsin US

Las Vegas

NetDynamic - PHP/MySQL - Experienced Dev

PHP/MySQL Web Developer 15+ years experience. We are a team of developers and designers. Address: 3513 E Russell Road, Las Vegas, NV Call us: 877-704-0005 or 702-509-5050

Las Vegas, Nevada US

Melfa