redirected to arch-dev-public. I would be pleased if you would use our bug tracker or arch-general next time. However: I am not sure if we could fix this ourselfs. We'll have to wait for a new release from adobe. ---------- Weitergeleitete Nachricht ---------- Betreff: Information! Datum: Samstag 11 Oktober 2008 Von: JaDa <jada@usalug.net> An: pierre@archlinux.de Good morning Pierre I am using you, because I have no write access to the mailing liste. Why I am using you and what do I want from you! flashplugin 9.0.124.0-1 developers = none Linux users are sometimes smug because most worms are Windows-specific and don't affect them. But email and Web site attacks are often cross-platform. Linux users are just as vulnerable to phishing attacks and advance fee fraud (419 scams) as Windows users. So be very careful before clicking on email links, or posting private data to Web sites. Also, consider screening your email with SpamAssassin and ClamAV. From an attacker’s perspective the most important thing is that a) they know where to click and b) they know the URL of the page they want you to click, in the case of cross domain access. So if either one of these two requirements aren’t met, the attack falls down. Frame busting code is the best defense if you run web-servers, if it works (and in our tests it doesn’t always work). I should note some people have mentioned security=restricted as a way to break frame busting code, and that is true, although it also fails to send cookies, which might break any significant attacks against most sites that check credentials. Flash Player workaround available for "Clickjacking" issue Release date: October 7, 2008 Vulnerability identifier: APSA08-08 Platform: All Platforms Affected Software: Adobe Flash Player 9.0.124.0 and earlier Follow the work around http://www.adobe.com/support/security/advisories/apsa08-08.html or update to Flash 10 RC2 http://labs.adobe.com/technologies/flashplayer10/ regards Uwe ------------------------------------------------------- -- Pierre Schmitz Clemens-August-Straße 76 53115 Bonn Telefon 0228 9716608 Mobil 0160 95269831 Jabber pierre@jabber.archlinux.de WWW http://www.archlinux.de