The Friendly Traitor: Our Software Wants To Kill Us presented at ShmooCon 2011

by Kevin Johnson, Mike Poor,

Summary : During this presentation, Kevin Johnson and Mike Poor, focused on examples using features of client applications. They explained that SWF has wide-spread support, and ActionScript adds powerful feature sets that can be used for cross domain attacks.
Johnson and Poor used a simple Python “scanner script” to demonstrate an attack using these basic steps: read the Alexa Top 1 million domains list, compare the domain to the Google Safe List and discard if not listed, and retrieve and parse crossdomain.xml.