OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ekmi] Re: [idtrust-sc] 2008 Initiaitves

Arshad,

As people who are involved with security I think it is a bad idea 
to use Flash as it can, and will, be compromised.

http://hackademix.net/2008/01/06/flash-xss-protection-for-users/

The basic method is to take a Flash from a trusted site, inject 
malware, then send it on to people who might not have enough 
protection in place for the XSS and other problems.

Alas, *any* client side scripting tool - Flash, PDF with advanced 
features, JavaScript, even Java, is a real risk.

The only real protection in the long run is to keep telling 
people to a) install protections, and b) not download any such 
item except from a trusted site.

This means providing a link to the Flash, not forwarding it.

Best,

Allen

Arshad Noor wrote:
> Sorry for this delay; I knew I'd forgotten something last week.
> 
>> Name  of Initiative :
> 
>     EKMI Marketing
> 
>> Background / Idea:
> 
>     EKMI is starting to get some attention.  However, there
>     is still a lot of work that needs to be done in terms of
>     getting people to understand the need for an EKMI and how
>     it helps their businesses.  One way of spreading the word
>     is to create a self-running Flash demo that can, within
>     10-15 minutes, can provide people with a summary of the
>     issues and how OASIS EKMI helps.
> 
>> Start/Completion Date:
> 
>     February 2008 - June 2008
> 
>> Objective and Goals:
> 
>     To create a self-running Flash demo that can be downloaded
>     from OASIS and EKMI member websites.
> 
>> Benefit statement: 
> 
>     Expanding the number of people who are aware of EKMI TC
>     and the business/security benefits it brings them.
> 
>> Estimated Resource Need: 
> 
>     A graphics designer for 1-2 weeks to design the demo;
>         (Estimated at $75/hour: $3-6K)
>     A college intern for 3-4 months to develop the demo;
>         (Estimated at $10/hour: $5K)
> 
> 
> The only thing I'm sure of, in the above 2 estimates, is the hourly
> rate for the college-intern.  I don't know how much independent
> graphics designers charge, so any validation of this is appreciated.
> Thanks.
> 
> Arshad Noor
> SrongAuth, Inc.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in 
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]