:::: MENU ::::

Posts Categorized / Web 2.0

  • Mar 23 / 2009
  • 2
Web 2.0, Web Security

HP SWFScan – FREE Flash Security Tool

swfscan_logo_small

Today we have released a FREE flash security tool, SWFScan (Pronounced “Swiff Scan”), that will help developers find, fix and prevent security vulnerabilities in applications developed on the Adobe Flash platform.  In the last few years, especially with the release of Adobe Flex (ActionScript 3), we have seen an explosion of web sites built on or containing Adobe Flash components. (Opera Developer Center Study in October 2008 found 30-40% of web sites contained Flash)  However, like with the explosion of any technology, there is also an explosion in discovery of ways that the technology has been exploited by hackers, too often developers building applications on the Adobe Flash platform leave unintended security vulnerabilities in their code. (eg.  Hard coding passwords and encryption keys into their applications)

Here’s a quick video of Billy Hoffman talking of a specific example called Billy ‘Wins’ a Cheesburger:


During the research and development of HP SWFScan, the HP Web Security Research Group tested about 4,000 SWF files and found the following issues to be the most alarming:

  • 16% of Flash applications using Flash 8 and below have XSS vulnerabilities
  • 77% of Flash 9 and 10 applications contain developer debugging information and source code file references
  • 35% of all Flash applications violate Adobe’s security best practices

So…How does it work?

HP SWFScan takes an application developed on the Adobe Flash Platform and decompiles it revealing the ActionScript source code.  The tool then takes the ActionScript and performs static analysis to understand the applications behaviors. SWFScan will then identify the vulnerabilities that lie under the surface of the application which are not detectable with traditional dynamic methods.  (It is also the first security tool to address both ActionScript 2 & 3)

It not only identifies the vulnerability within the code, but also describes how it can be exploited as well as suggested ways of remediating (Including Adobe’s Best Practices)

HP SWFScan can analyze any SWF file regardless of the version of Flash or ActionScript, and no matter whether it is located on your local computer or available via a URL.

The HP Web Security Research Group have developed HP SWFScan in the name of helping our customers and developers around the world make the web a safer place.

Download a FREE copy here: www.hp.com/go/swfscan

FAQs

swfscan-screen-shot-500

  • Feb 12 / 2009
  • 1
Web 2.0, Web Security

Twitter Security Tip – ‘Hot Stove’ Theory

Following on from my most successful blog post last month, here is another internet security tip for all you Twitter users.  My buddy Jack Bauer was kind enough to share this with me:

jbauertwit

The Twitter folk are also onto it:

WARNING: If you see a link prefaced by “don’t click,” it is a trick
and you *really* should not click (we’re on it)

but I would back Jack Bauer anyday over anyone else.

If you do click these links (Even though they say “don’t”; A bit of the hot stove theory, ‘don’t touch the stove, it’s hot’ but you always touch it just to check for yourself and then get burnt as a result) you will probably end up with some form of malware on your computer.

Stay Safe

  • Jan 14 / 2009
  • 2
Web 2.0

Wakoopa – Social Networking Your Applications

wakoopa_smAs you already know, I love discovering and trying out new cool applications. Last week I came across this application that literally feeds me new applications to try out. 

How cool?!!  This application is called Wakoopa (http://wakoopa.com).

Wakoopa tracks the software (both web and desktop) you are using and for how long.  You can measure your productivity?!? (I spend way to much time answering email) This information is also shared within Wakoopa community.  You can see what cool applications others are using and gives everyone a place to review them .  It also gives you a list of people who use similar applications and you can ’stalk’ out other apps you may like to try.  It even makes application recommendations that you may like!

It’s really simple to use:

mtomlins_dashboard1

  1. Sign Up
  2. Download and install the small (About 300kb) tracker that runs silently in the background.
  3. Configure settings (Username, password, proxy etc)
  4. Every 15 mins your software use information is uploaded to your online Wakoopa account and tabulated into dashboards and tables for your use and vieing by the community.

Another note, if you use more than one pc, it can handle your results from multiple sources. 

I fully understand this kind of application may freak some people out (Particularly those who spend too much time on Facebook!!) but has definately opened me to some other cool applications which I will share in the future.  For me this application is harmless fun!

See what I am using by clicking “App Tracker” above.

dashboard

  • Dec 23 / 2008
  • 4
Web 2.0

Digsby – My Favourite Application of 2008

digsby_100x100If you only could install one application on your computer in 2009, install Digsby!Have you also been caught up in the Web 2.0 world where IM and Social Networking have taken over you life like me?Previously I had about 4 IM programs running not to mention the browser constantly open with Facebook, Twitter and my webmail.  Digsby consolidates all your Instant Messaging, Social Networking and Email under one roof.  I had tried this previously with iGoogle but nothing has produced the success and ease of use of Digsby.It has support for the following:

Instant Messaging clients:

Email Accounts:

Social Networking:

It works, it is light on your system and life just got easier!  Download Now!

Unfortunately it isn’t available for Mac OS yet, but I’m sure it is not far off.

Installation Tips:  When the installation wizard comes up click ‘Accept’ for Digsby and then for the following pages 8 or so pages, click “Decline” otherwise you will end up with a whole lot more ‘advertising’ apps than your bargained for.  Once installed you never get any advertising!

Happy Digsbying!

Pages:12