[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] Re: [idtrust-sc] 2008 Initiaitves
Arshad, As people who are involved with security I think it is a bad idea to use Flash as it can, and will, be compromised. http://hackademix.net/2008/01/06/flash-xss-protection-for-users/ The basic method is to take a Flash from a trusted site, inject malware, then send it on to people who might not have enough protection in place for the XSS and other problems. Alas, *any* client side scripting tool - Flash, PDF with advanced features, JavaScript, even Java, is a real risk. The only real protection in the long run is to keep telling people to a) install protections, and b) not download any such item except from a trusted site. This means providing a link to the Flash, not forwarding it. Best, Allen Arshad Noor wrote: > Sorry for this delay; I knew I'd forgotten something last week. > >> Name of Initiative : > > EKMI Marketing > >> Background / Idea: > > EKMI is starting to get some attention. However, there > is still a lot of work that needs to be done in terms of > getting people to understand the need for an EKMI and how > it helps their businesses. One way of spreading the word > is to create a self-running Flash demo that can, within > 10-15 minutes, can provide people with a summary of the > issues and how OASIS EKMI helps. > >> Start/Completion Date: > > February 2008 - June 2008 > >> Objective and Goals: > > To create a self-running Flash demo that can be downloaded > from OASIS and EKMI member websites. > >> Benefit statement: > > Expanding the number of people who are aware of EKMI TC > and the business/security benefits it brings them. > >> Estimated Resource Need: > > A graphics designer for 1-2 weeks to design the demo; > (Estimated at $75/hour: $3-6K) > A college intern for 3-4 months to develop the demo; > (Estimated at $10/hour: $5K) > > > The only thing I'm sure of, in the above 2 estimates, is the hourly > rate for the college-intern. I don't know how much independent > graphics designers charge, so any validation of this is appreciated. > Thanks. > > Arshad Noor > SrongAuth, Inc. > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]