Alguém chegou a encontrar o porque de não instalar o Flash? Não encontrei citação nenhuma falando de exploit nenhum que possa ser explorado através do Flash...
-- Gustavo Y. Kawamoto 2010/3/3 Marcos Costa Feliciano <marcos.costa.felici...@gmail.com> > With the Pwn2Own hacking > contest<http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010>coming up > at Vancouver's CanSecWest security conference later this month, > Italian computer security blog OneITSecurity took some time to interview > Charlie > Miller<http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/>. > Miller, in case you're not familiar, is a security expert who has won > Pwn2Own two years running by hacking Apple's Safari browser with incredible > speed. Safari isn't the only target -- this year, all major browsers and a > selection of mobile operating systems will serve as Pwn2Own challenges - but > it's fair to say that Miller knows a thing or two about keeping your browser > secure. > > Here are the highlights from Miller's interview: > > He thinks Windows 7 <http://www.downloadsquad.com/tag/Windows7/> will > prove more secure than OS X Snow Leopard this year, in part because it > doesn't have Java and Flash enabled by default. Windows' full ASLR (address > space layout randomization) also gives it a security advantage. > > When asked what he thought would make the safest OS and browser combo, he > opted for Chrome <http://www.downloadsquad.com/tag/Chrome/> or IE8 on > Windows 7, with no Flash <http://www.downloadsquad.com/tag/Flash/>installed, > although "there probably isn't enough difference between the > browsers to get worked up about." > > For my money, the juiciest quote from the interview was "*The main thing > is not to install Flash!*" > > On the mobile side, Miller guessed that the > iPhone<http://www.downloadsquad.com/tag/iPhone/>3GS would be more easily > exploitable than the Motorola Droid, mainly because > the iPhone's been around longer, and has been subjected to more extensive > security research. > > > You can check out Miller's full answers (in English or Italian!) at > OneITSecurity<http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/> > . > > details > http://www.downloadsquad.com/2010/03/02/reigning-pwn2own-champion-the-main-thing-is-not-to-install-fla/ > > Marcos Costa Feliciano - marcos.costa.felici...@gmail.com > Adobe Flash Media Server Especialist > Adobe Flash Media Server Certified > > -- > Você recebeu esta mensagem porque está inscrito na lista "flexdev" > Para enviar uma mensagem, envie um e-mail para flexdev@googlegroups.com > Para sair da lista, envie um email em branco para > flexdev-unsubscr...@googlegroups.com > Mais opções estão disponíveis em http://groups.google.com/group/flexdev -- Você recebeu esta mensagem porque está inscrito na lista "flexdev" Para enviar uma mensagem, envie um e-mail para flexdev@googlegroups.com Para sair da lista, envie um email em branco para flexdev-unsubscr...@googlegroups.com Mais opções estão disponíveis em http://groups.google.com/group/flexdev
