Posts Tagged ‘Security’

Hacking Flash Applications and Games: A Case Study

Posted in Programming, Security on March 1st, 2011 by Philipp C. Heckel – 1 Comment

Adobe’s proprietary Flash format has become a significant part of the Internet as it is today. While its importance in Web applications is slowly decreasing due to Web 2.0 technologies and HTML5, it is still a major player in the browser game and application sector. The majority of these games and applications are for entertainment only and offer you nothing but a nice rank in the high score. On rare occasions, however, there are Flash games in which you can actually win something valuable such as concert tickets or even money. And of course there are applications that let you stream, but not download content from a website.

So what’s the problem with that, you think? The problem is that almost all Flash applications can be hacked very easily and most developers are not aware of that.

As a reminder of how vulnerable Flash applications are, this post aims to raise awareness for these issues. In a case study, it shows how a Flash-based game and its server side high score can be tricked within a few minutes using free tools only.

read more »

Simsafe: Simple command-line password safe

Posted in Linux, Security on April 7th, 2009 by Philipp C. Heckel – 2 Comments

Nowadays, it appears to me as if almost everything in the big and fancy world of IT comes with the need to sign up and create an account. Every little online tool, every social networking site and of course every instant messenger account. System administrators hits it even harder: The setup of a server machine requires to create lots of different users for every kind of service, — be it Postfix, Sendmail, Courier, MySQL, PostgreSQL, etc. Most of them require some kind of super-user password or account.

This is where a password manager comes in handy: Open the password vault by typing in the master password, put in all you secrets and crucial information, save it and be happy. As if!

Almost every password manager I found on the Web was crowded out by details so that it took minutes to add a single account. What I wanted was something like a text-file with password — and that’s what I made: A simple command-line password safe.

read more »

KadS: a secure version of the Kademlia protocol

Posted in Distributed Systems, Programming on March 16th, 2009 by Philipp C. Heckel – 2 Comments

There are various peer-to-peer protocols out there. All of them focus the decentralisation of storage and other system resources. Most implement a distributed hash table (DHT) to store information. That is, each node of the network only holds a small part of the hash table but is able to locate and retrieve any requested entry. Kademlia, a protocol designed by two NYU students in 2002, is one of them.

read more »