funsec mailing list archives
Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR)
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 25 Feb 2008 15:38:12 -0500
The Symantec article basically points out that downloading and running desktop applications from the Web can be dangerous. I think we already know this. ;-) An interesting question, which the Symantec doesn't address in the article, will Norton AV detect known malicious AIR applications. Has anyone looked carefully at the ActionScript runtime library and all of the wonderful things that Flash applications can do from inside of a Web browser? For example, there must be no security issues in the ActionScript socket class, right? http://livedocs.adobe.com/flex/2/langref/flash/net/Socket.html Richard -----Original Message----- From: Paul Ferguson [mailto:fergdawg () netzero net] Sent: Monday, February 25, 2008 3:14 PM To: rms () computerbytesman com Cc: funsec () linuxbox org Subject: Re: [funsec] Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Richard M. Smith" <rms () computerbytesman com> wrote:
I just don't see the big deal here. Developers can create insecure applications in most any programming language. Why pick on AIR?
I'm not picking on AIR -- I was simply mentioning that this is yet another emerging Web 2.0 technology which may introduce additional security concerns. I hope I'm wrong, but I'm not the only person who sees the unfortunate possibilities: http://www.symantec.com/enterprise/security_response/weblog/2008/02/running _on_air.html Cheers, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHwyGDq1pz9mNUZTMRAokWAKCoVfeL2q1gkHHvxFBjlvftR7Zv4QCeMt87 r6OVSQr+5ebFwVwCHRCG9V0= =H6Jf -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) Paul Ferguson (Feb 25)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) Richard M. Smith (Feb 25)