CF18 Posted September 1, 2003 Posted September 1, 2003 It's a rather old exploit, although I just learn about it after seeing it happens in an other board: http://www.flashguru.co.uk/000065.php Basically since an attached .swf or on-site avatar .swf can execute within the security context of of this site, a malicious .swf file can steal other user cookie which can then allow those userid to be taken over. This is why most sites disallow users from posting HTML. MW is one of the few sites I know that still allows .swf attachment. Off-site .swf linking should be still OK. Quote
TheLoneWolf Posted September 1, 2003 Posted September 1, 2003 Thanks for the heads up. While I didn't know about this particular exploit, I can't say that I'm surprised. Security holes have plagued MW from day one. I suppose it's not a very big priority here. Quote
Agent ONE Posted September 1, 2003 Posted September 1, 2003 I am not too concearned about it... This isn't the department of defense. It wouldn't be worth the trouble, and besides, the last board was hackable without any .swf exploit. Just ask Duke Togo. Quote
Commander McBride Posted September 2, 2003 Posted September 2, 2003 I am not too concearned about it... This isn't the department of defense. It wouldn't be worth the trouble, and besides, the last board was hackable without any .swf exploit. Just ask Duke Togo. You really think he was hacked? Quote
Agent ONE Posted September 2, 2003 Posted September 2, 2003 Someone messed with him the first time for sure, that is why he switched from being Duke Togo to Godzilla. I think someone figured out his password, the second time he thought he was hacked was a changing of a poll's status from being a poll only to a poll that allowed for comments... I don't know about that incident, a great deal happened that afternoon and resulted in him leaving MW. Lets face it though, everything is hackable. I am sure that the team that wrote the software for Invision can hack any account in nothing flat... The hack for any board is out there, it is just a matter of getting someone to tell you. Quote
dna Posted September 2, 2003 Posted September 2, 2003 I am not too concearned about it... This isn't the department of defense. It wouldn't be worth the trouble, and besides, the last board was hackable without any .swf exploit. Just ask Duke Togo. Not to argue, but something like that shouldn't be any trouble - it's just a check box away. I say if there's a concern, might as well do it. But you're right about anything being hackable. It's just a matter of dedication to finding it. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.