Flash Player security

539 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
539
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Flash Player security

  1. 1. Flash Player SecurityThe core of the Platform is the Flash Player
  2. 2. Alberto González• +12 years working with the Flash Platform (Flash, Flex, AIR, ActionScript, Flash servers and more)• Information Security Consultant focused on web security, wireless communications, cryptography.• Co-founder of the AATC Activ
  3. 3. Adobe Flash Player• A cross-platform browser-based application runtime that provides viewing of expressive applications, content and videos across browsers and operating systems.
  4. 4. Flash Player settings
  5. 5. Flash Player settings
  6. 6. Virus invulnerability ?
  7. 7. Flashback!
  8. 8. Flashback• September 2011• Trojan• Send data like passwords, credit card numbers, etc. to malicious servers• A botnet member• New variant in 2012 (Java) – Window asking for an administrative password – Window asking you to accept a certificate from Apple
  9. 9. Prevention• Install all software directly from the vendor website – Download and install Flash Player from Adobe.com• Install the Java update with the Software Update in MAC OS• Check for infections at http://www.flashbackcheck.com/
  10. 10. Java update for MAC OS
  11. 11. Protect your MAC• Use an antivirus• Use an account without administrative privileges• Use strong and complex passwords• Use a web browser with sandbox to isolate external processes ( Chrome, Firefox )• Update Java, Flash Player and Adobe Reader• Disable connections when not in use (Airport, Bluetooth)• Encrypt the hard drive (FileVault)
  12. 12. FlashPlayer behaviour in browsers Temp
  13. 13. Protected mode, privacy mode and sandboxes • Flash Player runs in protected mode – Low-privilege processes • Flash Player runs within a sandbox – Limits OS permissions of Flash Player • Flash Player runs within the browser’s sandbox – Limited permissions on the device
  14. 14. Protected mode, privacy mode and sandboxes • Flash Player supports private browsing and storage deletion options • Security by default for webcam and microphone use
  15. 15. Flash Player background updater
  16. 16. DemoAudio Security
  17. 17. More security features in Flash Player• Support for SSL Socket connections – SSL >= 3.0 – TLS >= 1.0 – flash.net.SecureSocket• Secure Random Number generator – flash.crypto.generateRandomBytes()
  18. 18. Questions ? @albertx http://albertx.mx/blog

×