[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] First case of Cyber Rolling?
- To: "Dr. J Swift" <fdiscsplat@xxxxxxxxx>
- Subject: Re: [Full-disclosure] First case of Cyber Rolling?
- From: Ureleet <ureleet@xxxxxxxxx>
- Date: Mon, 12 May 2008 10:41:06 -0400
plus i thought you were unsubscribing?
On Sun, May 11, 2008 at 5:28 PM, Dr. J Swift <fdiscsplat@xxxxxxxxx> wrote:
> On Sat, May 10, 2008 at 11:03 PM, n3td3v <xploitable@xxxxxxxxx> wrote:
> > Scaring people with fullScreen
> >
> > * Posted by bunnyhero
> > * 2008 May 10
> >
> > When Flash Player 9 goes into full screen mode, it pops up a little
> > security message that tells the user how to exit full screen mode. It
> > appears as white text on a semi-transparent black background so it is
> > generally always visible (which is good). Still, I wondered if it
> > could be obscured.
> >
> > The message is always on top, so it is impossible to draw over it. But
> > what if we tried distracting the user from the actual security
> > message?
> >
> > Here's a silly test:
> >
> > Of course, you can press Esc (or alt+tab to another window) to escape.
> >
> > UPDATE: I have made the source code available, warts and all, under a
> > ZLib licence. Share and enjoy :)
> >
> > http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/
> >
>
> Mr. Wallace,
>
> Are you bunnyhero?
>
> Why would you publish this exploit?
>
> Did you contact the affected vendors prior to your publishing this?
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/