Comments on: Encapsulating CSRF attacks inside massively distributed Flash movies – Real world example

By: restaurant lille

restaurant lille — Fri, 25 Mar 2011 00:34:26 +0000

hmm nice article thank you for sharing her give my appetite want to read again and again ^ ^ my restaurant>> restaurant lille

By: making up

making up — Wed, 16 Mar 2011 05:10:36 +0000

Need to find more insight the the mind of the ex-girlfriend I think. Anyhow well done.

By: making up

making up — Wed, 16 Mar 2011 05:10:02 +0000

Is getting back with the ex-wife wise? What made you leave is still there.

By: ex-girlfriend

ex-girlfriend — Wed, 16 Mar 2011 05:09:39 +0000

Well done. I agree mostly with what you say. I think people go about making up because of always only remembering the good times.

By: jobs in graphic design

jobs in graphic design — Thu, 17 Feb 2011 16:16:42 +0000

I unquestionably accept as true with what you have stated. In reality, I browsed through your additional content articles and I do believe you are completely correct. Great job with this particular site.

By: String

String — Thu, 20 Jan 2011 13:29:42 +0000

Great article! This is a really good blog! Thank you! You'll find more informations on Lingerie de charme. There's everything that you need!

By: Making Money » Blog Archive » What are ways of making money for copyright and having a website?

Tue, 25 Nov 2008 19:59:30 +0000

[...] GUYA.NET » Blog Archive » Encapsulating CSRF attacks inside … [...]

By: guya

guya — Mon, 22 Sep 2008 13:23:50 +0000

Adobe knows about this.
Again, all that is needed to make this kind of attack much less effective is to default the allowScriptAccess to “never”.

I guess Adobe don’t wont to break any more existing applications for the sake of security. Every change in the behavior of an existing feature cause some applications to break and frustration for their developers.

Every Flash Player release gets more secure, similar to the browsers and most platforms. Apparently this fix won’t get into the upcoming release of Flash 10 which already have its share of similar security updates, Maybe latter.

let me just clarify that CSRF flaws aren’t Flash related, it relate to insecure website development. This is just an example of using Flash to elaborate such an attack and to make it more successful.

By: Infosec Update

Infosec Update — Mon, 22 Sep 2008 11:37:06 +0000

This is some scary stuff. Have you spoken to Adobe about this?

By: CSRF attack through flash files

CSRF attack through flash files — Fri, 19 Sep 2008 09:31:57 +0000

[...] came across this interesting blog by guya. He has also provided working PoC alongwith. A nice explanation of this attack [...]