[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] Re: [idtrust-sc] 2008 Initiaitves
Thanks, Allen. It would be our intent to provide the link to the demo off of the OASIS site (and members who wish to host it). Its not likely we'll be passing around Flash files. If there are any "good housekeeping" practices for such content, please do forward them to the list; we'll pass it on to the OASIS SysAdmin and others who're interested. Arshad Allen wrote: > Arshad, > > As people who are involved with security I think it is a bad idea to use > Flash as it can, and will, be compromised. > > http://hackademix.net/2008/01/06/flash-xss-protection-for-users/ > > The basic method is to take a Flash from a trusted site, inject malware, > then send it on to people who might not have enough protection in place > for the XSS and other problems. > > Alas, *any* client side scripting tool - Flash, PDF with advanced > features, JavaScript, even Java, is a real risk. > > The only real protection in the long run is to keep telling people to a) > install protections, and b) not download any such item except from a > trusted site. > > This means providing a link to the Flash, not forwarding it. > > Best, > > Allen > > Arshad Noor wrote: > >> Sorry for this delay; I knew I'd forgotten something last week. >> >>> Name of Initiative : >> >> >> EKMI Marketing >> >>> Background / Idea: >> >> >> EKMI is starting to get some attention. However, there >> is still a lot of work that needs to be done in terms of >> getting people to understand the need for an EKMI and how >> it helps their businesses. One way of spreading the word >> is to create a self-running Flash demo that can, within >> 10-15 minutes, can provide people with a summary of the >> issues and how OASIS EKMI helps. >> >>> Start/Completion Date: >> >> >> February 2008 - June 2008 >> >>> Objective and Goals: >> >> >> To create a self-running Flash demo that can be downloaded >> from OASIS and EKMI member websites. >> >>> Benefit statement: >> >> >> Expanding the number of people who are aware of EKMI TC >> and the business/security benefits it brings them. >> >>> Estimated Resource Need: >> >> >> A graphics designer for 1-2 weeks to design the demo; >> (Estimated at $75/hour: $3-6K) >> A college intern for 3-4 months to develop the demo; >> (Estimated at $10/hour: $5K) >> >> >> The only thing I'm sure of, in the above 2 estimates, is the hourly >> rate for the college-intern. I don't know how much independent >> graphics designers charge, so any validation of this is appreciated. >> Thanks. >> >> Arshad Noor >> SrongAuth, Inc. >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. You may a link to this group and all your TCs in >> OASIS >> at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]