davidh
October 10th, 2006, 02:03 PM
more dangers of Adobe Macromedia Flash Player
crossdomain.xml statistics
http://jeremiahgrossman.blogspot.com/2006/10/crossdomainxml-statistics.html
"Swiss gov 'mulls' spyware to tap VoIP calls ...
As well as allowing VoIP calls to be monitored, the software is surreptitiously turning on the built-in microphones or webcams on target PCs. ..."
http://www.theregister.com/2006/10/10/swiss_voip_wiretap_plan/
FYI: Flash player contains controls for turning your web cam and microphone on and off. Just right click on any Flash movie in your browser, to check this out.
I haven't seen any exploits of this yet. But it probably wouldn't really be challenging for a bonafide hacker to do.
For example, open up a pop-under window containing a snooper Flash movie with the browser when the browser visits a compromized or hacked site. In theory, the "movie" would be indistinguishable from an ordinary image (because a "movie" does NOT have to move or be animated) and the image would be invisible until the overlying windows were closed or minimized. In fact the "movie" probably could be an invisible single pixel movie in a minimized (apparently blank) window which might well stay running until the browser were closed completely.
AFAIK Flash contains no facility for automatic critical security updates.
PITA
DH
crossdomain.xml statistics
http://jeremiahgrossman.blogspot.com/2006/10/crossdomainxml-statistics.html
"Swiss gov 'mulls' spyware to tap VoIP calls ...
As well as allowing VoIP calls to be monitored, the software is surreptitiously turning on the built-in microphones or webcams on target PCs. ..."
http://www.theregister.com/2006/10/10/swiss_voip_wiretap_plan/
FYI: Flash player contains controls for turning your web cam and microphone on and off. Just right click on any Flash movie in your browser, to check this out.
I haven't seen any exploits of this yet. But it probably wouldn't really be challenging for a bonafide hacker to do.
For example, open up a pop-under window containing a snooper Flash movie with the browser when the browser visits a compromized or hacked site. In theory, the "movie" would be indistinguishable from an ordinary image (because a "movie" does NOT have to move or be animated) and the image would be invisible until the overlying windows were closed or minimized. In fact the "movie" probably could be an invisible single pixel movie in a minimized (apparently blank) window which might well stay running until the browser were closed completely.
AFAIK Flash contains no facility for automatic critical security updates.
PITA
DH