Penetration Testing mailing list archives

Re: Pen Testing capabilities of Flash Files

From: Fausto Napolitano <nembokid () olografix org>
Date: Mon, 14 Mar 2005 18:01:22 +0100

Sorry, no articles or papers, but, i used flasm (flasm.sourceforge.net)
for a few sites, and, you can get a lot of stuff from it :)

cheers,
fau

On Sun, 2005-03-13 at 21:45 +0000,
roger.franks () middleeastadvertising com wrote:

Good Day

Does anyone know of any work/papers/articles where a flash file is covertly used
to pen-test a persons PC's? We have a number of clients for whom we run
advertising campaigns for, who have loads of "extra scripts" enabled in the
flash files, I am talking about stuff like enabling audio which I guess allows
for the ability to listen to peoples audio channels..is this possible or indeed
legal? I guess this is an issue on client side security which I note allows for
such controls.

Roger Franks, Security Manager
Middle East Advertising - AlClick | http://www.middleeastadvertising.com
Dubai, United Arab Emirates | Tel:(9714) 319 7575, Fax: (9714) 319 7573

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Current thread:

Pen Testing capabilities of Flash Files roger . franks (Mar 14)
- Re: Pen Testing capabilities of Flash Files Fausto Napolitano (Mar 14)