[arch-dev-public] Fwd: Information!
pierre at archlinux.de
Sat Oct 11 05:33:58 EDT 2008
redirected to arch-dev-public. I would be pleased if you would use our bug
tracker or arch-general next time.
However: I am not sure if we could fix this ourselfs. We'll have to wait for a
new release from adobe.
---------- Weitergeleitete Nachricht ----------
Datum: Samstag 11 Oktober 2008
Von: JaDa <jada at usalug.net>
An: pierre at archlinux.de
Good morning Pierre
I am using you, because I have no write access to the mailing liste.
Why I am using you and what do I want from you!
developers = none
Linux users are sometimes smug because most worms are Windows-specific and
don't affect them. But email and Web site attacks are often
cross-platform. Linux users are just as vulnerable to phishing attacks and
advance fee fraud (419 scams) as Windows users. So be very careful before
clicking on email links, or posting private data to Web sites. Also,
consider screening your email with SpamAssassin and ClamAV.
From an attacker’s perspective the most important thing is that a) they
know where to click and b) they know the URL of the page they want you to
click, in the case of cross domain access. So if either one of these two
requirements aren’t met, the attack falls down. Frame busting code is the
best defense if you run web-servers, if it works (and in our tests it
doesn’t always work). I should note some people have mentioned
security=restricted as a way to break frame busting code, and that is
true, although it also fails to send cookies, which might break any
significant attacks against most sites that check credentials.
Flash Player workaround available for "Clickjacking" issue
Release date: October 7, 2008
Vulnerability identifier: APSA08-08
Platform: All Platforms
Affected Software: Adobe Flash Player 220.127.116.11 and earlier
Follow the work around
or update to Flash 10 RC2 http://labs.adobe.com/technologies/flashplayer10/
Telefon 0228 9716608
Mobil 0160 95269831
Jabber pierre at jabber.archlinux.de
More information about the arch-dev-public