lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 May 2008 10:41:06 -0400 From: Ureleet <ureleet@...il.com> To: "Dr. J Swift" <fdiscsplat@...il.com> Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk Subject: Re: First case of Cyber Rolling? plus i thought you were unsubscribing? On Sun, May 11, 2008 at 5:28 PM, Dr. J Swift <fdiscsplat@...il.com> wrote: > On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable@...il.com> wrote: > > Scaring people with fullScreen > > > > * Posted by bunnyhero > > * 2008 May 10 > > > > When Flash Player 9 goes into full screen mode, it pops up a little > > security message that tells the user how to exit full screen mode. It > > appears as white text on a semi-transparent black background so it is > > generally always visible (which is good). Still, I wondered if it > > could be obscured. > > > > The message is always on top, so it is impossible to draw over it. But > > what if we tried distracting the user from the actual security > > message? > > > > Here's a silly test: > > > > Of course, you can press Esc (or alt+tab to another window) to escape. > > > > UPDATE: I have made the source code available, warts and all, under a > > ZLib licence. Share and enjoy :) > > > > http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/ > > > > Mr. Wallace, > > Are you bunnyhero? > > Why would you publish this exploit? > > Did you contact the affected vendors prior to your publishing this? > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists