Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
* Social Responsibility's Strategic Benefits
October 29
Apply today for a FREE subscription to CIO Magazine!
March 28, 2008 — IDG News Service —
Adobe is working on an update to its Flash Player software that will address a widespread vulnerability found on hundreds of thousands of Web sites.
The issue, first reported in December by Google researcher Rich Cannings, allows attackers to use buggy Shockwave Flash (.swf) files in order to attack Web surfers. Using what is known as a cross-site scripting attack, criminals could create fake phishing pages or, much worse, gain access to online banking sessions or Web accounts of victims in some situations.
After Cannings went public with his findings, Adobe and other software vendors fixed their development tools so they would no longer create the vulnerable Flash files, but there are still more than 500,000 of these files posted on different sites on the Internet, according to Cannings.
Because of the amount of work it would take to clean up the mess, Cannings had been encouraging Adobe to make changes to its Player software that would nullify these cross-site scripting attacks.
This fix is being developed and will be available "soon," said Adobe spokesman Matt Rozen in an e-mail message.
Security experts say that Adobe's chief problem now is to work out a way of fixing this bug without making it hard for users to view older Flash files.
In an interview on Friday, Cannings said that some of Adobe's early approaches to this problem had "broken" existing Flash files in the player, but that a satisfactory fix was technically possible. If Adobe could convince browser-makers to make some changes as well, it might simplify things, he added.
Three months after he went public with the problem, Cannings estimates that more than 10,000 Web sites remain vulnerable to this attack.
Copyright © 2008 IDG News Service. All rights reserved. IDG News Service is a trademark of International Data Group, Inc.
The Latest Advancements in SSL Technology
Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
How to Offer the Strongest SSL Encryption
End-Node Power Management: Practical Policy Considerations
The Hydra and the Onion: A Multi-Layered Security Model for Today's Dynamic IT Threat Environment
Data Loss Prevention Starts at the Endpoint: Seeking Safety from the Data Loss Pandemic
Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response
Enterprise Content Management: From Strategy to Solution
Building Competitive Advantage with Next-Generation Wireless Infrastructure
Get a grip on your mobile workforce Webcast
Enabling the Global Enterprise
Defining a Mobile Architecture for Success: How, When and Why to Use a Multichannel Access Gateway
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
GeoEye Imaging Satellite Launched
Analysts: Google Spreading Itself Too Thin
At 10, Google Reiterates Commitment to CIOs
Nokia Adds Address, Calendar Sync to Ovi
Oracle Said to Be Making Progress on Fusion Apps
Libertarian Barr, EPIC Outline Privacy Agenda
As Google Turns 10, Enterprise Success in Question
Innovative Thinking Gets a Kick in the Pants
Disk Storage Drove Ahead in Q2
MySQL Cofounder May Resign
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
