Pen Testing capabilities of Flash Files

From: roger.franks@middleeastadvertising.com
Date: Sun Mar 13 2005 - 16:45:11 EST

• Next message: John GALLET: "Re: PHP Directory Transversal"
• Previous message: Ola: "RE: Terminal Services"
• Next in thread: Fausto Napolitano: "Re: Pen Testing capabilities of Flash Files"
• Reply: Fausto Napolitano: "Re: Pen Testing capabilities of Flash Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good Day

Does anyone know of any work/papers/articles where a flash file is covertly used
to pen-test a persons PC's? We have a number of clients for whom we run
advertising campaigns for, who have loads of "extra scripts" enabled in the
flash files, I am talking about stuff like enabling audio which I guess allows
for the ability to listen to peoples audio channels..is this possible or indeed
legal? I guess this is an issue on client side security which I note allows for
such controls.

Roger Franks, Security Manager
Middle East Advertising - AlClick | http://www.middleeastadvertising.com
Dubai, United Arab Emirates | Tel:(9714) 319 7575, Fax: (9714) 319 7573

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

• Next message: John GALLET: "Re: PHP Directory Transversal"
• Previous message: Ola: "RE: Terminal Services"
• Next in thread: Fausto Napolitano: "Re: Pen Testing capabilities of Flash Files"
• Reply: Fausto Napolitano: "Re: Pen Testing capabilities of Flash Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:18 EDT