HP's Free Adobe Flash Vulnerability Scanner

← Back to Stories (view on slashdot.org)

HP's Free Adobe Flash Vulnerability Scanner

Posted by kdawson on Tuesday March 24, 2009 @07:10AM from the practicing-safe-flash dept.

Catalyst writes "SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities. The scan detects things like XSS, SQL inside of the Flash app, hard-coded authentication credentials, weak encryption, insecure function calls, cross-domain privilege escalation, and violations of Adobe's security recommendations. There is also this video explaining a real, and amusing, attack against a Flash app. These issues are fairly widespread, with over 35% of SWF applications violating Adobe security advice."

82 comments

Min score:

Reason:

Sort:

SFWScan by MrEricSir · 2009-03-24 07:12 · Score: 4, Funny

Can they also make SFWScan?
That would help avoid potentially embarrassing situations at work.

--
There's no -1 for "I don't get it."
1. Re:SFWScan by Shakrai · 2009-03-24 07:24 · Score: 2, Funny
  
  Sure, here's some code to do that:
  if (strcmp(link.postedby, "Anonymous Coward") == 0 || strstr(link.url, "goatse" != NULL) return false;
  else return true;
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
2. Re:SFWScan by pdabbadabba · 2009-03-24 07:34 · Score: 1
  
  HP, is that you?
  
  --
  caritj.org
3. Re:SFWScan by ustolemyname · 2009-03-25 08:40 · Score: 1
  
  Sure, here's some code to do that:
  if (strcmp(link.postedby, "Anonymous Coward") == 0 || strstr(link.url, "goatse") != NULL) return false;
  else return true;
  Fixed that for you ;)
4. Re:SFWScan by Shakrai · 2009-03-25 13:14 · Score: 1
  
  Wow, I failed it big time :( *goes off into corner to cry to himself*
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
Wonder when they will release ... by 140Mandak262Jamuna · 2009-03-24 07:14 · Score: 1

... a vulnerability scanner for Windows Vista, for silverlight. If/when they do I will agree HP's intentions are bona fide.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Wonder when they will release ... by ShadowRangerRIT · 2009-03-24 07:27 · Score: 4, Insightful
  
  Paranoid much? This is for Flash developers to avoid doing stupid things with an app that endangers their site, perhaps with a few checks to help avoid exposing their customers to additional risk. Why on Earth do you think there is an ulterior motive here?
  Keep in mind there are already loads of .NET security analyzers out there. TFA notes that the current Flash analyzers are frequently not up to date with the latest Flash releases. Is it so horrible of them to try and be helpful?
  
  --
  $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
2. Re:Wonder when they will release ... by stonedcat · 2009-03-24 07:27 · Score: 2, Insightful
  
  It's safe to assume that no one actually uses Silverlight so this would be a moot point.
  
  --
  You can't take the sky from me.
3. Re:Wonder when they will release ... by Zero__Kelvin · 2009-03-24 07:35 · Score: 0
  
  Here is the BASH psuedocode:
  
  if ((`fdisk -l | grep FAT32`) || (`fdisk -l | grep NTFS`)) then; echo "Your system is infected!"
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
4. Re:Wonder when they will release ... by Ninnle+Labs,+LLC · 2009-03-24 07:43 · Score: 1
  
  If/when they do I will agree HP's intentions are bona fide.
  What evil, ulterior motive could there be for HP to write a tool so that Flash developers don't expose themselves or their users to security risks?
5. Re:Wonder when they will release ... by AndrewNeo · 2009-03-24 08:19 · Score: 1
  
  You can probably just disassemble Silverlight stuff yourself with tools like .NET Reflector.
6. Re:Wonder when they will release ... by badkarmadayaccount · 2009-03-27 04:36 · Score: 1
  
  I run FreeBSD from a NTFS root, you insensitive clod!
  
  --
  I know tobacco is bad for you, so I smoke weed with crack.
Flash needs some accountability by hamanaka · 2009-03-24 07:17 · Score: 1

Flash finally has an accountability and score card.
What good is it? by frovingslosh · 2009-03-24 07:17 · Score: 5, Interesting

Unless they make it into a Firefox plug-in that checks the flash code before running it, just what good is this?

--
I'm an American. I love this country and the freedoms that we used to have.
1. Re:What good is it? by Goaway · 2009-03-24 07:20 · Score: 1
  
  Seeing as how all these flash apps rain down upon us from the mysterious heavens, and the processes that create them are far beyond our understanding, not much.
2. Re:What good is it? by ShadowRangerRIT · 2009-03-24 07:22 · Score: 3, Insightful
  
  I believe the idea is to check for Flash apps that are dangerous to the server, not the client. For example, you don't want to have the admin password to your database stored as a string inside your flash app.
  
  --
  $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
3. Re:What good is it? by fahrbot-bot · 2009-03-24 07:27 · Score: 1
  
  LIFE WITHOUT WALLS - that way you don't need windows.
  
  I've always wondered why people don't realize that a "life without walls" is also a life without security and privacy... (Good fences make good neighbors.)
  I understand what the MS market-droids were shooting for here, but that assumes there are only benevolent forces at work in the world. MS is not one of them, in my opinion.
  
  --
  It must have been something you assimilated. . . .
4. Re:What good is it? by Anonymous Coward · 2009-03-24 07:28 · Score: 0, Insightful
  
  That would be fucking stupid anyhow.
5. Re:What good is it? by Anonymous Coward · 2009-03-24 07:29 · Score: 0
  
  the idea is to catch the f* ups before it gets to the web. sheez.
6. Re:What good is it? by Pharmboy · 2009-03-24 07:39 · Score: 3, Funny
  
  And the guy in the video has a plate of burgers to prove they did it anyway.
  
  --
  Tequila: It's not just for breakfast anymore!
7. Re:What good is it? by Jurily · 2009-03-24 07:40 · Score: 1
  
  I believe the idea is to check for Flash apps that are dangerous to the server, not the client. For example, you don't want to have the admin password to your database stored as a string inside your flash app.
  Does it also neuter the writer when it finds something like this? Those people should not reproduce.
8. Re:What good is it? by Jurily · 2009-03-24 07:51 · Score: 2, Insightful
  
  Unless they make it into a Firefox plug-in that checks the flash code before running it, just what good is this?
  For starters, it might allow someone to make a Firefox plugin based on it.
9. Re:What good is it? by Ihmhi · 2009-03-24 13:27 · Score: 1
  
  Thankfully I don't have to bother with this kind of stuff. Antivirus 360 says that everything's A-OK on my system. I sure paid a lot of money for it but I don't have any problems with stuff like this!
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
10. Re:What good is it? by Anonymous Coward · 2009-03-25 05:53 · Score: 0
  
  You're confusing vulnerable flash with maliscious flash.
Export Source by Eddy+Luten · 2009-03-24 07:21 · Score: 1

Em, don't know too much about laws and stuff, but doesn't anyone at HP see the potential copyright troubles with transforming flash bytecode to source?
1. Re:Export Source by Anonymous Coward · 2009-03-24 07:53 · Score: 0
  
  I don't believe decompiling is in any way illegal, so the only way copyright troubles could be brought up is if they redistribute that decompiled code somewhere as their own
2. Re:Export Source by Anonymous Coward · 2009-03-24 07:54 · Score: 0
  
  You obviously do, please enlighten us how decompiled source is a copyright trouble...
3. Re:Export Source by Phroggy · 2009-03-24 07:59 · Score: 1
  
  In order to obtain the binary file, you have to make a copy of it (during the process of downloading it to your computer). If you're legally authorized to make that copy, you're authorized to make more copies. You're not authorized to distribute these copies without explicit permission, but HP isn't talking about doing that.
  Where do you see a potential copyright issue?
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
4. Re:Export Source by John+Hasler · 2009-03-24 09:25 · Score: 1
  
  > If you're legally authorized to make that copy, you're authorized to make more copies.
  That does not follow at all.
  > Where do you see a potential copyright issue?
  In practice there is none but not for the reason you give.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
5. Re:Export Source by Runaway1956 · 2009-03-24 10:50 · Score: 1
  
  Don't know. Don't care. I do know that if it resides on my hard drive, it is _MINE!_ and I'll do with it as I wish. Copyright law was _MEANT_ to prevent other people making money from the originator's work. It was never meant to prevent study, understanding, or, in this case, security work. If present copyright law should be construed to prevent inspection for security work, then OBVIOUSLY the law is in the wrong.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
6. Re:Export Source by Phroggy · 2009-03-25 05:32 · Score: 1
  
  > If you're legally authorized to make that copy, you're authorized to make more copies.
  That does not follow at all.
  What authorizes you to make the first copy?
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:Not needed under Ninnle! by Ninnle+Labs,+LLC · 2009-03-24 07:27 · Score: 1

I guarantee it!
The decompiler by Exanon · 2009-03-24 07:32 · Score: 1

Actually I am more curious about the decomipiling process than the actual vulnerability scanner.

I am thinking about learning just a little flash to see "what it's all about" and I (partially due to being lazy) would really like to see if the output of this program is useful in any way.
1. Re:The decompiler by Phroggy · 2009-03-24 08:09 · Score: 2, Informative
  
  He didn't make it very clear in the video, but a decompiler doesn't really give you the original source code to the program. It gives you source code that works the same way and, when compiled, would result in the same binary. However, comments are not included, and it's possible that variable and function names might not be preserved (depending on the language and how the program was compiled). Also, the compiler might have performed various optimizations, and upon decompiling you'd get the source code for the optimized version - for example, the compiler might simplify "x=x+1;" as "x++;" and "y=x**2;" as "y=x*x;".
  These are basic concepts for decompilers in general; I know nothing about Flash.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
2. Re:The decompiler by pegr · 2009-03-24 08:43 · Score: 2, Informative
  
  While all of your comments about decompiling are true, the output of this particular decompiler is quite good. Var names remain intact, logical constructs appear valid, etc. I'm no Flash dev, but this looks like the it could be the same code before compilation.
  It makes sense if you consider that Flash is an Adobe proprietary "platform" and they can make the compiler and interpreter in any way they please. I really don't know what's involved in the compilation process, but my guess is that it's no where near as complex as a C compiler, for instance. They need to obfuscate the output to prevent reverse engineering (like it did them much good), and make it easier for the client side, and that's about it. To my almost untrained eye, the output looks dead on for the original source.
3. Re:The decompiler by phase_9 · 2009-03-24 08:57 · Score: 2, Informative
  
  It's not the exact same code, but it's pretty damn close - nice to see all my Log.debug(); messages make it through in the decompilation stage...
It would have been nice by Jane+Q.+Public · 2009-03-24 07:36 · Score: 4, Informative

if the post -- or even the site -- had mentioned that the tool was for Windows only, so that I did not have to register first and then find out.
1. Re:It would have been nice by Runaway1956 · 2009-03-24 10:55 · Score: 1
  
  Learn to register properly online. I downloaded my copy after registering as "Some Guy" email "someguy@gmail.net" and clicking the "don't bug me" option regarding email. Geeez. (I wonder if there really IS a someguy@somemail.xxx - he's probably pissed at me for using his address all the time, LMAO)
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
2. Re:It would have been nice by Jane+Q.+Public · 2009-03-24 11:15 · Score: 1
  
  I do that too, but that wasn't my point. My issue is that my time was wasted because I had no way to know that this tool was useless to me ahead of time.
3. Re:It would have been nice by cbiltcliffe · 2009-03-24 13:27 · Score: 1
  
  Nothing personal, but....
  what the heck did you think it would be for? Seriously.
  Although realistically, it shouldn't be a particularly complex program, I wouldn't think, so it should probably work under Wine.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
Lets hope... by Anonymous Coward · 2009-03-24 07:38 · Score: 0

...said scanner doesn't have any overflows that can be expoited by a specially crafted flash file to gain root access.
Security "advice"? by Anonymous Coward · 2009-03-24 07:43 · Score: 0

Adobe sez: we recommend you not infect the user's computer.
This is the tool Prajakta Jagdale spoke about.. by Jeff+Moss · 2009-03-24 07:43 · Score: 4, Informative

At Black Hat D.C. last month Prajakta Jagdale spoke about HP developing this tool in her presentation:
"Blinded by Flash: Widespread Security Risks Flash Developers Don't See"
From the presentations description:
"In this presentation I will examine the Flash framework and then delve into the Flash security model and the transitions it has undergone over the years. To explore the avenues of compromise in the security model, I will use a test Flash application and demonstrate various attack vectors including Cross-Site Request Forgery, data injection and script injection. During this demonstration, I will explain the associated threats in detail and discuss means to mitigate these threats. Even though the test application validates the attack surface, the question remains: how many applications actually deployed are vulnerable to these threats? I will answer this question by providing astonishing statistics about vulnerable, real world applications I was able to find using simple Google queries."
The pdf of her presentation is here:
https://www.blackhat.com/presentations/bh-dc/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf
1. Re:This is the tool Prajakta Jagdale spoke about.. by 12ahead · 2009-03-24 08:09 · Score: 1
  
  Interesting. That file is gone and so is Google's cached version. Just how much info was in that PDF?!
2. Re:This is the tool Prajakta Jagdale spoke about.. by The+2nd+.+Oracle · 2009-03-24 08:37 · Score: 2, Informative
  
  The movie is still available: https://media.blackhat.com/bh-dc-09/video/Jagdale/blackhat-dc-09-jagdale-blindedbyflash.m4v
3. Re:This is the tool Prajakta Jagdale spoke about.. by Anonymous Coward · 2009-03-24 09:00 · Score: 0
  
  It was also presented at Schmoocon: http://www.shmoocon.org/presentations-all.html#flash
4. Re:This is the tool Prajakta Jagdale spoke about.. by Jeff+Moss · 2009-03-24 09:51 · Score: 1
  
  Whoops.. the file should be there now.
5. Re:This is the tool Prajakta Jagdale spoke about.. by Anonymous Coward · 2009-03-24 10:09 · Score: 0
  
  Don't you dare RickRoll me!
6. Re:This is the tool Prajakta Jagdale spoke about.. by Anonymous Coward · 2009-03-24 16:06 · Score: 1, Informative
  
  Nope. But http://www.blackhat.com/presentations/bh-dc-09/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf is. (bh-dc-09)
7. Re:This is the tool Prajakta Jagdale spoke about.. by Anonymous Coward · 2009-03-24 20:09 · Score: 0
  
  404
8. Re:This is the tool Prajakta Jagdale spoke about.. by Anonymous Coward · 2009-03-24 20:17 · Score: 0
  
  OMG LOLz!
  I found these:
  PPT
  mug shot
Securing? by Anonymous Coward · 2009-03-24 07:44 · Score: 0

Assuming they have the source code, in the example given, how WERE they supposed to do it? The only thing I can think of is "When they make a query, run a procedure on a database that takes the IP, stores it, and Increments a value ("wins per day")"
Also, Billy is a gray hat, For shame Billy
1. Re:Securing? by Phroggy · 2009-03-24 08:20 · Score: 2, Informative
  
  Assuming they have the source code, in the example given, how WERE they supposed to do it? The only thing I can think of is "When they make a query, run a procedure on a database that takes the IP, stores it, and Increments a value ("wins per day")"
  Excellent question.
  Unfortunately, IP addresses aren't reliable for this purpose. However, in order to win you have to provide your e-mail address, and the coupon is e-mailed to you. The simplest solution would be to store e-mail addresses in the database and (as you suggest) limit the wins per day for each e-mail address. Another idea is to generate a unique ID for each visitor to the site (using cookies), and make sure one user doesn't submit requests with multiple e-mail addresses.
  Of course, what's not mentioned in the video is an even bigger potential security hole: if the coupon is supposed to be printed out, and then redeemed for a cheeseburger, there's nothing to stop someone from printing multiple copies of the same e-mail. Unless, of course, each coupon has a unique ID that must be verified against a central database. Most places solve this problem by printing "Limit one per customer" on the coupon, which would apply equally to multiple coupons received from multiple wins of the game.
  Now I want a cheeseburger. Excuse me.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Flash security often overlooked by twistah · 2009-03-24 07:47 · Score: 2, Insightful

Though I haven't had a chance to evaluate it just yet, I think this is a step in the right direction. Flash security is often overlooked, while Flash itself is often overused by designers who think that pretty effects make the web page. It gets especially bad when Flash is used for activities that require some sort of security, such as a login form. 99% of the time, instead of POST'ing that information to a server side script, it's handled inside the SWF file. Since these can be easily decompiled (grab a copy of Flare or any other decompiler), the password is easily revealed. I recently found a network product which went through the trouble of XOR'ing a password and storing in a text file. Two problems: the text file was in the web root, and the XOR key was inside the SWF. Tools like this can only raise awareness of these types of issues.
Hardcoded passwords by Anonymous Coward · 2009-03-24 08:00 · Score: 0

Scanner: "Please enter all usernames and passwords to your site so I can make sure they're not hard-coded into the file."
[User enters information]
Scanner: "Thanks. By the way, would you like to register this program with HP? No personally-identifiable information will be sent... I promse..."
Re:Not needed under Ninnle! by Anonymous Coward · 2009-03-24 08:01 · Score: 0

I know nothing about you or your product, but posting anonymously and then replying to yourself has ensured that I will never care enough to find out.
Re:Not needed under Ninnle! by Ninnle+Labs,+LLC · 2009-03-24 08:05 · Score: 1

I didn't make the first post.
Youtube by JJman · 2009-03-24 08:11 · Score: 5, Interesting

So naturally my first thought was, I wonder how well youtube does.
And lo: it's got 7 vulnerabilities.

It's interesting how this behemoth of a flash provider is still not secure.
*reaches for tinfoil hat*
1. Re:Youtube by phase_9 · 2009-03-24 09:01 · Score: 3, Interesting
  
  I ran this app on my own Flash App (http://moshimonsters.com/) and it produced a plethora of "Vulnerabilities" - and really dangerous ones too like "Interesting Variable Name" (a variable named "masterList") and "Possible userdata information" (a constant named "LOGGED_IN")... To be honest this seems like a lot of FUD being generated by HP - I mean just go look at the dailyWTF and you'll see programmers butting SQL statements in javascript! Still, I must give credit where it's due and thank HP for providing one of the most thorough SWF decompilers I have seen for free.
Adobe Captivate export fails the tests by taliesinangelus · 2009-03-24 08:14 · Score: 1

I tried this on an SWF file created with the Adobe Captivate "publish" feature and it fails pretty badly with lots of vulnerabilities.
Re:Not needed under Ninnle! by Anonymous Coward · 2009-03-24 09:19 · Score: 0

Ok, I looked at your posting history and it doesn't look like you spam things around for no reason, so I'll take your word for it.
But I'll get you next time, Gadget! Next time!
Ps. I still don't care enough to find out about Ninnle Linux, but I'm back to my previous level of apathy, and no more.
Direct Download link. by Anonymous Coward · 2009-03-24 09:26 · Score: 2, Informative

https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/images/SwfScan.msi
Clarification by krappie · 2009-03-24 09:32 · Score: 4, Informative

SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities.
It sounds like SWFScan actually scans flash SWF files, not flash itself like the post suggests.
1. Re:Clarification by Anonymous Coward · 2009-03-24 12:30 · Score: 0
  
  ... uhhhh What do you think "Flash" is? Saying "SWFScan doesn't scan Flash it scans SWFs" is retarded as saying "Windows Media Player does play videos it plays AVIs."
2. Re:Clarification by Anonymous Coward · 2009-03-24 14:10 · Score: 0
  
  "decompiles all versions of Flash and scans them for over 60 security vulnerabilities" is completely ambiguous.
Tool doesn't seem to work by Anonymous Coward · 2009-03-24 09:39 · Score: 0

Every flash application I have looked at yields the error "The Flash Application was malformed: Malformed SWF Header". So far this looks like a total dry hump.
Thanks for the setup... by DRAGONWEEZEL · 2009-03-24 10:11 · Score: 1

"I can haz cheezeburger? For LIFE?"

--
How much is your data worth? Back it up now.
HP and Security???? Um, no. by therufus · 2009-03-24 10:18 · Score: 1

I would never trust HP with anything with the word 'security' in it. I worked in the service department in the largest computer retailer in Australia (Harvey Norman) for 8 years and still work in the industry. HP, for as long as I can remember, have been putting a backdoor trojan called "Backweb" in their computers for years. They now call it "Updates from HP", but it's the same program. Early versions of Spybot S&D (from the 2003 era) removed it as a threat, as did several other spyware scanners.
I had the opportunity to have a one-on-one meeting with the managing director of HP Australia a few years ago and asked him a bunch of loaded questions. Among those questions was "Why do HP put spyware in their computers?" He had no idea what I was on about, so I showed him. Right there, I took a brand new HP out of the box, plugged it in, installed spybot and ran it. It removed several instances of spyware, namely "Backweb".
He had no answer. I told him to call whoever controls this and he did (to his credit). He was told by the guy that it's so HP can push through updates. I asked him "What updates? Is the user informed? Is all this in the license agreement?" He gave up on me and walked out.
So, yea. HP and Security? Ummm... no.

--
You moved your mouse. Please restart Windows for changes to take effect.
1. Re:HP and Security???? Um, no. by Anonymous Coward · 2009-03-24 15:45 · Score: 0
  
  Backweb is indeed an update engine and HPs use of it was legitimate. It's a customizable delivery engine and a few other not so reputable companies used Backweb (not the HP version) for questionable marketing activities which gave the engine a bad name which got it tagged as spyware. Because spybot and ad-aware were fairly basic back then they couldn't tell the difference between HPs implementation and the malicious use ones. Long story short, HP was not placing spyware on machines - their use of the Backweb engine was legitimate. No spyware programs hit on any of HPs update software today.
2. Re:HP and Security???? Um, no. by Anonymous Coward · 2009-03-25 11:53 · Score: 0
  
  HP is a pretty big company. Lots of different people and different departments. I have been using SPI Dynamics Webinspect (Now owned by HP and I believed developed by the same group that created Swfscan) for 3 or 4 years for scanning my companies web sites. There is no other solution that comes close to this when it comes to web site pen testing. I am pretty sure it is a different group within HP that creates laptops and this software (Just an educated guess)
Decomplier by Gagek · 2009-03-24 10:26 · Score: 1

I love decompliers ... nothing like ripping something apart and finding out what makes it tick!
Gage
www.impostormag.com
271 views? by Seth+Kriticos · 2009-03-24 10:38 · Score: 1

So *after* the direct link to the video was posted on Slashdot, I was watching the video and the counter tells me that I'm no. 271 to watch this video. Amazing how incredibly serious people are about this kind of stuff. Now I picture the thousands of web developers starting to use the suggested security guidelines..
1. Re:271 views? by bluesatin · 2009-03-24 11:25 · Score: 1
  
  You must be new around here.
Seriously? by Jane+Q.+Public · 2009-03-24 14:38 · Score: 1

Many tools that are released today are automatically released for Windows, OS X, and Linux. I did not expect them to have a version for each, but considering the number of people today who use an OS other than Windows, it is a rather common courtesy to at least stipulate what OS(s) your program runs under.

I have XP in a VM, but considering how little I use it, and what for, I am just plain not interested in a Windows version of the program. Too much of a pain in the butt.
On a related note by lumiera · 2009-03-25 02:25 · Score: 1

A few years ago I remember seeing a tool called SWFEncrypt, which claimed to do "encryption" on an SWF file. That's an interesting statement to make, seeing as there is no flipping way the Flash Player would be able to play an encrypted movie, but whatever; the company didn't seem to be very forthcoming about much. Anyhow, it basically did some heavy obfuscation on the Flash movie that breaks most SWF decompilers (until the decompiler folks figure out how to work around the obfuscation techniques).

http://www.amayeta.com/software/swfencrypt/
Re:Not needed under Ninnle! by Anonymous Coward · 2009-03-26 14:31 · Score: 0

It is I who made the first Ninnle post!
All others are fakes.