On Tue, 06 Jan 2009 10:44:39 -0700, Joe Strout wrote: > Not that I have anything against Flash; I've started learning it just > last week, and apart from the nasty C-derived syntax, it's quite nice. > It has a good IDE, good performance, great portability, and it's easy to > use. It just surprises me that after all these years, the Python > community hasn't done something similar.
It's bad enough that every time I go to a website using Flash, my browser is running untrusted code in my browser, but at least Adobe has spent a bucket-load of time and money making it (almost) secure. I sure as hell don't want arbitrary Python code running in my browser. Oh, and even Adobe hasn't got it completely right: IBM research Mark Dowd has demonstrated an incredible vulnerability that allows a single Trojan to exploit Flash in either IE or Firefox while leaving the Flash runtime operating normally. And it can bypass Vista security. Although Dowd doesn't explicitly mention other OSes, I see no reason to believe the same technique wouldn't work on Linux. http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman- flash-exploit/ This is not your regular buffer overflow vulnerability. Read it and weep. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
