On Sat, Dec 18, 2010 at 3:30 PM, Victor Rigo <victor_r...@yahoo.com> wrote:
> Let's see, flash is: > > - Cross-platform > - Cross-architecture > - Has it's own programming language > - Is embedded on websites > - Access to javascript to popup, local caches, etc. > > It's not ineptness, it's what you get when you right software that can > actually do stuff. > > If Java applets were still the hip thing, you'd see the same thing about > that. > > Victor Rigo, CISSP This insight reminds me, I really must get around to going up for my CISSP. > Computer Security Consultant > +5411-4316-1900 > Buenos Aires, Argentina > > --- On *Sat, 12/18/10, Jeffrey Walton <noloa...@gmail.com>* wrote: > > > From: Jeffrey Walton <noloa...@gmail.com> > Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection > again! > To: "Maciej Gojny" <v...@ariko-security.com> > Cc: full-disclosure@lists.grok.org.uk > Date: Saturday, December 18, 2010, 5:53 PM > > > On Sat, Dec 18, 2010 at 11:58 AM, Maciej Gojny > <v...@ariko-security.com<http://mc/compose?to=v...@ariko-security.com>> > wrote: > > hello full disclosure! > > > > After six months from the first contact with Adobe security team, > important > > adobe.com subdomain is still vulnerable to SQL injection attacks. We > hope > > that this time, serious people will try to solve the problem. > There's a reason Adobe is the most attacked software [1,2], and its > probably because they write the most vulnerable software (or > adversaries are looking for a challenge, which seems less intuitive > and highly unlikely to me). > > It appears "insecurity" is an enterprise wide practice, and not just > limited to their software. > > Jeff > > [1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009) > http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ > > [2] "Adobe predicted as top 2010 hacker target" (Dec 2009) > http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
