lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 May 2008 17:28:38 -0400 From: "Dr. J Swift" <fdiscsplat@...il.com> To: n3td3v <xploitable@...il.com> Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk Subject: Re: First case of Cyber Rolling? On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable@...il.com> wrote: > Scaring people with fullScreen > > * Posted by bunnyhero > * 2008 May 10 > > When Flash Player 9 goes into full screen mode, it pops up a little > security message that tells the user how to exit full screen mode. It > appears as white text on a semi-transparent black background so it is > generally always visible (which is good). Still, I wondered if it > could be obscured. > > The message is always on top, so it is impossible to draw over it. But > what if we tried distracting the user from the actual security > message? > > Here's a silly test: > > Of course, you can press Esc (or alt+tab to another window) to escape. > > UPDATE: I have made the source code available, warts and all, under a > ZLib licence. Share and enjoy :) > > http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/ > Mr. Wallace, Are you bunnyhero? Why would you publish this exploit? Did you contact the affected vendors prior to your publishing this? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists