Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR)

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Eduardo Tongson" <propolice () gmail com> wrote:

> You don't run AIR inside a browser. This is similar to Flash
> applications compiled to exe. Basically you can program desktop
> applications using Flash, JS etc. A sample application/game developed
> in AIR I looked at [1].
>
> [1] <http://blog.eonsec.com/2008/02/tongits-is-in-air.html>

- From the description the InfoWorld article of the AIR application
developed & used by NASDAQ:

http://www.infoworld.com/article/08/02/24/adobe-air_1.html

...it sounds very much like a "widget" -type of application,
pulling content from a third-party location.

If this is true, then I see a wide adoption of this (as we already
see with widgets on social networking sites, etc.), as well as
wide-spread possibility for exploitation.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHwl3Lq1pz9mNUZTMRAr/5AJ4iJf6bwko2mwweUfAmsfhd1Ef8IACgheR0
fITbFeyAQAYxhxovZw+VfFo=
=rprJ
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.