|
| From: | Eric Hughes |
| Subject: | [Gnash-dev] Re: Building in security |
| Date: | Wed, 02 May 2007 06:56:30 -0600 |
At 03:19 AM 5/2/2007, Udo Giacomozzi wrote:
Allow me this question: What *real* security risk is there when a Flash movie loads data from wherever it likes?
[...]
So, I'm curious about any real security risk scenario involved with loading/exchanging data from anywhere.
These days, there aren't very many practical attacks that, in isolation, with a single step, lead to a breach. Instead, combinations of methods, some apparently trivial, create a chain of action that lead in total to a security. So the kind of scenario you're looking for will involve arbitrary other things that might happen, in combination with the designated security-issue-at-question, and may seem like cheating, because it involves pulling rabbits out of hats.
Now, look!, nothing up my sleeve. Arbitrary data exchange is a foundation for DDOS (distributed denial of service), for example, which provides a generic class of malicious use of clients. What are the other details? I can't say right now. What I can say is that allowing arbitrary operations by a client is the moral equivalent of providing a programmable network server. Would you grant login/password to every web site you visit?
To approach to security in this environment is to focus on preserving some set of invariants of authorized use. What those invariants are I cannot say yet.
Eric
| [Prev in Thread] | Current Thread | [Next in Thread] |