[arch-dev-public] Fwd: Information!

Pierre Schmitz pierre at archlinux.de
Sat Oct 11 05:33:58 EDT 2008 

redirected to arch-dev-public. I would be pleased if you would use our bug 
tracker or arch-general next time. 

However: I am not sure if we could fix this ourselfs. We'll have to wait for a 
new release from adobe.

----------  Weitergeleitete Nachricht  ----------

Betreff: Information!
Datum: Samstag 11 Oktober 2008
Von: JaDa <jada at usalug.net>
An: pierre at archlinux.de

Good morning Pierre

I am using you, because I have no write access to the mailing liste.

Why I am using you and what do I want from you!

flashplugin 9.0.124.0-1

developers = none

Linux users are sometimes smug because most worms are Windows-specific and  
don't affect them. But email and Web site attacks are often  
cross-platform. Linux users are just as vulnerable to phishing attacks and  
advance fee fraud (419 scams) as Windows users. So be very careful before  
clicking on email links, or posting private data to Web sites. Also,  
consider screening your email with SpamAssassin and ClamAV.

 From an attacker’s perspective the most important thing is that a) they  
know where to click and b) they know the URL of the page they want you to  
click, in the case of cross domain access. So if either one of these two  
requirements aren’t met, the attack falls down. Frame busting code is the  
best defense if you run web-servers, if it works (and in our tests it  
doesn’t always work). I should note some people have mentioned  
security=restricted as a way to break frame busting code, and that is  
true, although it also fails to send cookies, which might break any  
significant attacks against most sites that check credentials.

Flash Player workaround available for "Clickjacking" issue

Release date: October 7, 2008

Vulnerability identifier: APSA08-08

Platform: All Platforms

Affected Software: Adobe Flash Player 9.0.124.0 and earlier

Follow the work around  
http://www.adobe.com/support/security/advisories/apsa08-08.html

or update to Flash 10 RC2 http://labs.adobe.com/technologies/flashplayer10/

regards
Uwe

-------------------------------------------------------
-- 

Pierre Schmitz


Clemens-August-Straße 76
53115 Bonn

Telefon		0228 9716608
Mobil		0160 95269831
Jabber		pierre at jabber.archlinux.de
WWW		http://www.archlinux.de

More information about the arch-dev-public mailing list