TELCOM 2821: Network Security: Flash Cookies, Passwords, Hacking

Wednesday, February 03, 2010

Here are three unrelated, but interesting articles:

1. An article on Flash cookies (courtesy Nathalie)

2. An article titled "Hacking for Fun and Profit in the Chinese Underworld" at NY Times

3. An article from MSNBC.com that says 73% of people use their banking passwords elsewhere

James said...: LS0's are becoming more and more of a problem with regards to client side scripting attacks as well...these are generally stored in a format compatible with MySQL, similar to Mozilla's HTTP cookies. This requires a MySQL like program to access such objects, increasing the likelihood of client side SQL injection - perhaps through a browser exploit once a malicious site is visited. This kind of attack will most likely become more and more common as these new types of cookies are used.

Usual Windows path to LSOs:
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects; 2:34 PM