Results 1 to 10 of 11
-
January 14th, 2009, 04:35 PM #1Banned
- Join Date
- Dec 2007
- Location
-
Behind You, Watching, Always Watching
- Age
- 66
- Posts
- 5,410
- Rep Power
- 0
Major Security Hole In Your Computer - and you probably don't know it
My partner and our sys admin stumbled upon a MAJOR security hole for Windows users that have the Macromedia Flash player installed (most do, it's what makes sites like youtube work)
It seem Flash drops a cookie onto your system that is NOT deleted when you clear your cookies normally and the dangerous part is these cookies work across different browsers.
Now for those of you that don't know a cookie is a little bit of information saved in a tiny file on your system (like when you click 'save my log in info or things like that) but the nice thing about cookies is they are only good for the browser you are using when the cookie is set. In other words if you use Internet Explorer for browsing and Firefox for your online banking Internet Explorer can NOT see the cookies from Firefox .... not so with these Flash cookies.
The way they found it was an online Flash survey. He did it in FF and then tried to do it in Internet Explorer and it told him he already voted ... the sysadmin was really confused because that's NOT supposed to be able to happen (unless they are tracking IP addresses) so they started digging when they found these.
They are stored in:
C:\Documents and Settings\[your account name]\Application Data\Flash Player\#Shared Objects\[some goofy number]
All of the folders in there are Flash cookies and trust me when I say this is a DANGEROUS ideal Adobe had
Sure enough once they deleted the contents of that folder he could vote in the survey in Internet Explorer. From what we can tell even Opera, Chrome and Safari are able to read from this folder.
The problem hasn't been exploited yet that we know of and they sent a scathing email to Adobe about it ... this is a security hole just waiting for a hacker to find and dig into your personal info!
So do yourself a favor and empty out that folder regularly ... esp if you do any online banking or anything like that.
-
January 14th, 2009, 04:44 PM #2Super Member
- Join Date
- Sep 2006
- Location
-
Pennsylvania
(Schuylkill County) - Posts
- 528
- Rep Power
- 226719
Re: Major Security Hole In Your Computer - and you probably don't know it
Evidently your sys admin friend is not a very good one.
Any app can read/write files on your windows box. Windows ACLs really don't mean anything because most PCs are single user, or all users are in the admin group.
So why, after you INSTALL Flash on your PC (that then links into your browser) are you excited that it has access to your file system?
Would your buddy be surprised if a virus he INSTALLED has access to the file system?
I will agree that most hacks into a computer are by a 3rd party app (ie flash). Most hacker competitions for prizes usually always hit flash or the browser.
-
January 14th, 2009, 05:06 PM #3Banned
- Join Date
- Dec 2007
- Location
-
Behind You, Watching, Always Watching
- Age
- 66
- Posts
- 5,410
- Rep Power
- 0
Re: Major Security Hole In Your Computer - and you probably don't know it
NOT SO! You install the Flash plugins for IE and FF separately, you do NOT just install Flash and it links to your browsers. I know, I redo machines all the time. So if you have two different plugins used for two different browsers communicating between them you have a problem ... period
-
January 14th, 2009, 05:12 PM #4
Re: Major Security Hole In Your Computer - and you probably don't know it
Ummmm, I installed Flash once, for IE, and it works fine for FF without the separate install. You just need to point FF to the install of Flash.
Bill USAF 1976 - 1986, NRA Endowment, USCCA
-
January 14th, 2009, 05:22 PM #5Banned
- Join Date
- Dec 2007
- Location
-
Behind You, Watching, Always Watching
- Age
- 66
- Posts
- 5,410
- Rep Power
- 0
-
January 14th, 2009, 05:31 PM #6
Re: Major Security Hole In Your Computer - and you probably don't know it
Buy a Mac and you can forget about all these garbage cookies, patches etc......
Hope you are feeling better after your weekend DC.
-
January 14th, 2009, 05:45 PM #7Banned
- Join Date
- Dec 2007
- Location
-
Behind You, Watching, Always Watching
- Age
- 66
- Posts
- 5,410
- Rep Power
- 0
Re: Major Security Hole In Your Computer - and you probably don't know it
-
January 14th, 2009, 05:53 PM #8
-
January 14th, 2009, 05:57 PM #9
Re: Major Security Hole In Your Computer - and you probably don't know it
-
January 14th, 2009, 06:10 PM #10
Similar Threads
-
Lee Deluxe 4 Hole Turret Press Kit
By xXWildPonyXx in forum GeneralReplies: 2Last Post: December 15th, 2008, 02:32 PM -
RCBS 5 hole shell plates
By bluck in forum GeneralReplies: 0Last Post: October 19th, 2008, 08:54 PM -
Cheap Lee 4 hole turrets
By Chunky Monkey in forum GeneralReplies: 5Last Post: February 7th, 2008, 09:03 AM -
Pa ARFCOMER ADs into leg(bullet hole pics)
By fultonCoShooter in forum GeneralReplies: 32Last Post: September 22nd, 2007, 09:51 AM -
3 .45acp rounds in one hole @ 15yds
By Steve in PA in forum GeneralReplies: 6Last Post: July 4th, 2007, 08:41 AM
Bookmarks