Archive for August, 2008

Reliving your childhood through every browser

Tuesday, August 19th, 2008

This is what fMAME is all about, it’s a MAME (Arcade Games Emulator) written in Flash that is running in every browser with no installation. I get enthusiastic remarks like “Wow I used to play this on the arcade” from most of the people I’ve sent the link to. For now, there’s no sound and only a handful of games are supported, but, it’ll surly improve in the future.

Of course I could have sent them the info of how to download and run the desktop MAME emulator and how to find roms for it. It’ll give them the same experience of traveling back in time. But, how many will bother to do that? Yes it’s simple but the common users want it to be very simple. They don’t want to be bothered with downloads and installation they want to follow a link and start the experience.

The second thing I hear from the people I’ve sent this link to, is, “how did they do that?!” then I need to explain that Flash isn’t just for Ajax like website it’s a complete platform that is only (mainly) stoppable by the creators imagination.

Did I mention it runs in every browser?! ;)

Play fMAME

Donkey_Kong

Ghostsn_Goblins

Bubble_Bobble

Posted in Flash Games, Flash General, Games | No Comments »

Mysteries Flash exploit is hijacking the clipboard?

Sunday, August 17th, 2008

Update: Adobe Product Security Incident Response Team (PSIRT) has referred to this “Clipboard attack”

Update 2: Aviv Raff has updated me about the fact that it won’t be that easy to replicate this attack using Javascript on the latest browsers and with the default security settings. Thanx.

Lately there were some rumors about a mysteries Flash exploit that is hijacking the users clipboard and will always fill it with a URL to some malicious website, no matter what you’ll copy to the clipboard it’ll will always paste the same URL. This malicious website will ask you to download a fake anti-virus. It’s also been mentioned in some places that in order to clear this behavior you’ll have to restart your machine.

But is it really an exploit, a bug in the Flash player that let the attacker demolish the users clipboard until restart?! From what I’ve seen so far it’s not an exploit and no restart is needed, it’s just a bad use of a Flash and JavaScript feature. Both of these allow a valid script to write text to the user’s clipboard. I’m surprised that only now this questionable feature is starting to get abused. The abusing code is probably residing in some Flash AD, in one of the user tabs and consistently rewriting the clipboard.

Although this attack can be done using simple JavaScript, Flash it the right vessel for this kind of attacks. I think that, encapsulating attacks inside RIA code, mainly Flash and SilverLight, is just starting to gain attention and will become a major security issue. I have some other examples which I attend to write about soon.

Posted in Flash General, Flash Security, Javascript, RIA, Security, Silverlight | 1 Comment »