CF18 Posted September 1, 2003 Posted September 1, 2003 It's a rather old exploit, although I just learn about it after seeing it happens in an other board: http://www.flashguru.co.uk/000065.php Basically since an attached .swf or on-site avatar .swf can execute within the security context of of this site, a malicious .swf file can steal other user cookie which can then allow those userid to be taken over. This is why most sites disallow users from posting HTML. MW is one of the few sites I know that still allows .swf attachment. Off-site .swf linking should be still OK.
TheLoneWolf Posted September 1, 2003 Posted September 1, 2003 Thanks for the heads up. While I didn't know about this particular exploit, I can't say that I'm surprised. Security holes have plagued MW from day one. I suppose it's not a very big priority here.
Agent ONE Posted September 1, 2003 Posted September 1, 2003 I am not too concearned about it... This isn't the department of defense. It wouldn't be worth the trouble, and besides, the last board was hackable without any .swf exploit. Just ask Duke Togo.
Commander McBride Posted September 2, 2003 Posted September 2, 2003 I am not too concearned about it... This isn't the department of defense. It wouldn't be worth the trouble, and besides, the last board was hackable without any .swf exploit. Just ask Duke Togo. You really think he was hacked?
Agent ONE Posted September 2, 2003 Posted September 2, 2003 Someone messed with him the first time for sure, that is why he switched from being Duke Togo to Godzilla. I think someone figured out his password, the second time he thought he was hacked was a changing of a poll's status from being a poll only to a poll that allowed for comments... I don't know about that incident, a great deal happened that afternoon and resulted in him leaving MW. Lets face it though, everything is hackable. I am sure that the team that wrote the software for Invision can hack any account in nothing flat... The hack for any board is out there, it is just a matter of getting someone to tell you.
dna Posted September 2, 2003 Posted September 2, 2003 I am not too concearned about it... This isn't the department of defense. It wouldn't be worth the trouble, and besides, the last board was hackable without any .swf exploit. Just ask Duke Togo. Not to argue, but something like that shouldn't be any trouble - it's just a check box away. I say if there's a concern, might as well do it. But you're right about anything being hackable. It's just a matter of dedication to finding it.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now