On Wednesday 04 November 2009 11:46:47 pm Anders Johansson wrote:
On Thursday 05 November 2009 04:44:06 Basil Chupin wrote:
The bottom line, then, is that what the OP raised about Adobe Flash is an exploitable feature in Linux, right?
The OP complained that flash stored cookies and cached objects. I didn't see any mention of any exploit or security issue.
Anders
I am the OP of this thread and I pointed to an entire article which discussed just that as well as security issues. That and subsequent articles mentioned explicitly that these 'flookies' can store entire programs if the malware author wishes. On my machine, as a user, I can run a mailer, (both as a client and as a server), send and receive E-Mail, compose text, html, data and other files, sending them anywhere, read all the directories in any directory I have access to as a user including 'hidden' directories. Any software that runs 'as me' have the same rights and abilities and if a 'flookie' contains executable code that writes E-Mail (phishing, or whatever), sends it to everyone on my contacts list or reads the headers of all messages stored on my machine (sent or received (including mailing lists)) and generates messages to the derived addresses even though not in my contacts list. It could also get bank account information by reading my incoming mail from my financial institutions or anywhere else I might have stored it, possibly derive my SSN, peruse any and all 'cookies' or other 'flookies' for whatever information it can derive. It could also initiate a ftp or http communication by opening a session with a 'drop' IP for collected information, in the background any time I am using the internet for any reason, and because I have the right to open sessions over the internet, (browser, ftp, ssh, whatever) legitimately, my firewall will ask its 'rules' if "he' is authorized to use http on port 80...yes, ok, let this message/packet go.... All because a 'flookie' was executing code due to a hack. So Anders, if that isn't clear enough, I consider that both a exploit or security issue that is made harder to detect and correct because it is closed-source that cannot by its' nature, be scrutinized nearly as closely by either me or by the open-source community which is huge and alert enough to prevent such exploits from being successful because they can't/don't remain hidden (for long, if at all). So, once again Anders, this thread started by stating a perceived weakness in Flash by Adobe because it is closed-source (not necessarily because Adobe is an evil entity), pointed to an article which got me to thinking about the issue that heretofor I hadn't considered and I requested, so far unanswered, information regarding what, if, and which is best, of any alternatives to Adobe Flash which, unlike Adobe's product,is open-source. Richard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org