Neat, New, and Ridiculous Flash Hacks presented at BlackHatDC 2010

by Mike "mckt" Bailey,

URL : https://www.blackhat.com/presentations/bh-dc-10/Bailey_Mike/BlackHat-DC-2010-Bailey-Neat-New-Ridiculous-flash-hacks-slides.pdf

Summary : Flash is scary stuff. It's installed on just about everybody's web browser, used everywhere, and has a poor security track record. Even within the web application security community, its quirks are poorly understood. Known and intentional behavior can have serious consequences which merit exploration.
This talk is a discussion of new flash-based attacks, repurposing of old attacks, and demonstrations of working (and sometimes ridiculously complex) attacks on Gmail, Twitter, and other major websites.