[Freepto] freepto and flash

Delete this message

Reply to this message
Author: vinc3nt
Date:  
To: freepto
Subject: [Freepto] freepto and flash
after the hackingteam hack[1][2] we updated our website whit the
following news:

http://www.freepto.mx/en/news/


> You may have known that the offensive security company HackingTeam has been hacked, so lot of their data has been accessible.
> As it appears, they have linux exploits, too. It seems that it mostly is about a Flash 0day.
> Freepto has been vulnerable to this, at least for 0.1.1.
>
> The current situation about Flash has much improved, because from 1.0 freepto has the flash-click-to-play feature.
> The click-to-play is useful, but is not a magic wand: the user could be convinced to allow flash if the domain "sounds familiar", despite the actual content may not be authentic.
> Therefore we don't believe that 1.0 is completely at safe from this attack.



We have also merged a pull request in order to removed Flash from Freepto:

https://github.com/AvANa-BBS/freepto-lb/pull/149

I think we should now discuss about:

- release a new version of Freepto (v1.1) which include the last commit
- provide documentation in order to mitigate flash based attack on
existing Freepto

What do you think about that?



-----
[1] https://wikileaks.org/hackingteam/emails
[2]
https://wikileaks.org/hackingteam/emails?q=freepto&mfrom=&mto=&title=&notitle=&date=&nofrom=&noto=&count=50&sort=0#searchresult
--
vinc3nt

+-------------------------------------------------------------+
|GPG Id key: 4096R/DAA26AC4 2012-12-07                        |
|GPG Fingerprint: 19D8011C 81891778 7A1986DC 28E8567F DAA26AC4|
|OTR Fingerprint: 86F3EE43 8A9340D2 FF92A828 81C84DC2 FEDD839E|
+-------------------------------------------------------------+