LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-07-2008, 09:57 AM   #1
BruisedQuasar07
LQ Newbie
 
Registered: Jul 2007
Posts: 10

Rep: Reputation: 1
Cool Adobe FlashPlayer Security Query


Does anyone know if Flash Player for Linux is neutralized of the Adobe built-in privacy invasion aspect? I asked this in other Linux forums and no one seemed aware that Flash Player has built-in privacy invasion software so businesses that post Flash Player games and clips can spy on users.

I refer to the PIE files (.sol) or more commonly known as LSO (Local Shared Object) files which can send private data back to a paying user's designated online site. For instance, Flash Player can be set (and commonly is) to gather and send audio and video data from any Mic and/or webcam(s).

Supposedly, FP places the SOL files containing hidden LSO in Linux hard drive directory ~macromedia...

If this is so, that means Linux contains a wide open security hole that is not just theoretical but actively exploited. I am amazed that this is not a hot topic at Linux forums!

Anyone know if this Windows & Mac exploit is also a Linux exploit?

--Bruised
 
Old 07-07-2008, 02:14 PM   #2
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
I've just started to investigate this,and I see strange things start to happen when I'm in .macromedia directory and playing with some commands.Can you belive,I was asked to enter my root password by that .sol file.This is going to be interesting.I knew that flashplayer has been exploited many times,but this,what I see now,looks so mean to me.
Good info Bruised.Even if I have made some steps to disable anything that I don't want to happen on my system and it works,this will maybe end up in finding out what mean things folks in Adobe have tried to do and what they are doing.
If you think about it;flashplayer is security hole,fp has been exploited and lots of other similar info on the web suggests;that should've been fixed by now,but somehow it isn't,I wonder why?
 
Old 07-07-2008, 05:58 PM   #3
jamesapnic
Member
 
Registered: Jul 2008
Posts: 40

Rep: Reputation: 15
Flash player definitely is a security hole. Any binary program that has such as auto updates could allow an attacker to in theory tunnel into your network through the third party update provider. This doesnt seem too implausible and of course do you really trust Adobe?!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
2008 One Adobe Flashplayer no audio axistomp Mandriva 5 12-14-2007 08:05 PM
PHP file access: concurrency and security query Robhogg Programming 7 08-12-2007 12:39 PM
apt query concerning unstable security.debian.org entry f0rmula Linux - Software 2 12-03-2004 02:01 PM
Security Query Obie Linux - Security 3 05-09-2004 12:17 PM


All times are GMT -5. The time now is 11:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration