Re: Flash sites

[RSnake <rsnake () shocking com>]

        Safest from the server's perspective?  Probably.... Like an image it is
just a binary, and is not interpreded by the webserver in any way.  Safe for
the person running it?  That's debatable.  Unlike an image it is actually
executed by the client, so it is possible that a MITM attack could introduce
malicious code in the binary in transit to do things that was not inititally
intended, which is made easier by the fact the binary is static.  However, you
could do the same things with HTML/Java/Javascript/VB script, so again, it's
debatable.  For your auditing purposes, yes, it's probably completely safe.

On Wed, 3 Sep 2003, John Madden wrote:

| Date: Wed, 3 Sep 2003 09:14:11 -0700 (PDT)
| From: John Madden <chiwawa999 () yahoo com>
| To: webappsec () securityfocus com
| Subject: Flash sites
|
| Hello all,
|
| If a web site contains only flash files and has no
| write permissions to modify those flash files, no
| default files or other potentially dangerous scripts
| can we say that is the "safest" form of a web site ?
|
| Are there any other concerns in auditing a flash based
| site ?
|
| Thanks
|
| John
|
| __________________________________
| Do you Yahoo!?
| Yahoo! SiteBuilder - Free, easy-to-use web site design software
| http://sitebuilder.yahoo.com
|

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.