This is Yair Amit's Typepad Profile.
Join Typepad and start following Yair Amit's activity
Yair Amit
Recent Activity
@All, thanks for the feedback! :)
@Stefano, I agree that discoveries of this category of bugs will become more common, as the awareness to them rises.
However, after taking a look at some of the security changes that were applied by Adobe in ActionScript 3 (such as blocking the ability to implicitly use global parameters, a common programming error in AS2), it seems that they are in the right direction. :)
Commented Mar 29, 2010 on Cross-Site Scripting through Flash in Gmail Based Services at IBM Application Security Insider
Cross-Site Scripting through Flash in Gmail Based Services
Background I recently discovered a cross-site scripting through Flash issue in Gmail. Not only did it expose Gmail users to full account hijacking, but it also exposed corporate users that rely on Gmail through the Google Apps initiative. Technical Details Gmail uses a Flash movie, named uploade...
Hello Nils,
In order to refrain from putting Gmail users under risk, this issue has been responsibly disclosed to Google. Therefore, this write-up was published only after the aforementioned security hole was fixed.
Commented Mar 23, 2010 on Cross-Site Scripting through Flash in Gmail Based Services at IBM Application Security Insider
Cross-Site Scripting through Flash in Gmail Based Services
Background I recently discovered a cross-site scripting through Flash issue in Gmail. Not only did it expose Gmail users to full account hijacking, but it also exposed corporate users that rely on Gmail through the Google Apps initiative. Technical Details Gmail uses a Flash movie, named uploade...
Subscribe to Yair Amit’s Recent Activity