HP offers free security tool for Flash developers

HP is set to announce on Monday a free tool that developers can use to check for holes in the Flash applications they write, which can lead to data leaks and other security problems on Web sites.

HP SWFScan decompiles Flash applications and searches the code for vulnerabilities and violations of Adobe’s best security practices guidelines, said Billy Hoffman, manager of HP’s Web Security Research Group. The tool works with all versions of Flash.

With the Flash Player installed on more than 98 percent of Internet-connected computers globally, Flash applications are a popular target for attackers. HP analyzed nearly 4,000 Web apps developed with the Flash platform and found that 35 percent violate Adobe’s security best practices.

For example, encryption keys and other sensitive data have been found inside client-side Flash code, Hoffman said.

Flash, traditionally used for creating animation and games, has been increasingly used for Web 2.0 apps destined for enterprise use, for which tighter security measures are required, he said.

Hoffman explains how a Flash app vulnerability can be exploited in this video.

This isn’t the first tool aimed at Flash developers. IBM last month announced its Rational AppScan, which automatically scans Flash and Ajax-based applications for security defects. The standard version of that product costs $17,550 for a one-year license.

Last year, HP was called upon by Microsoft to develop a free tool, Scrawlr, that developers can use to test for SQL injection vulnerabilities in apps on Microsoft’s ASP platform, according to Hoffman.

While developers are striving to write more secure Flash apps, Adobe occasionally is forced to deal with security holes in the Flash Player itself. For instance, Adobe recently issued a patch for a hole in the player that could allow an attacker to remotely take control of a computer.

See the original article at CNET News.

Million Dollar Border Security Machines Fooled with Ten Cent Tape

So much for biometrics and immigration security: A South Korean woman managed to fool a million-dollar fingerprint reading machine in Japanese border controls using a simple piece of tape stuck to her fingers. It happened at Tokyo airport. The woman has repeatedly entered Japan using the same trick without anybody noticing. Japanese officials say that they suspect many others have been doing the same things, demonstrating that the biometric systems they installed in 30 airports in 2007—to the tune of $45 million—are completely useless. The woman was deported in July 2007 for illegally staying in Japan as a bar hostess in Nagano, but she entered again with the system, using the tape and a fake passport allegedly provided by a South Korean broker.

Read the full article at Gizmodo

Futuristic Security Checkpoints Know What You Do Before You Do It

New security check points in 2020 will look just like something out of the futuristic movie, The Minority Report. The idea of the new checkpoints will allow high traffic to pass through just as you were walking at a normal pace. No more, waving a wand to get through checkpoints. The new checkpoint can detect if you have plans to set off a bomb before you even enter the building.

How does it work?
The U.S. Department of Homeland Security is developing a system called Future Attribute Screening Technology, or FAST for short. The system uses cameras to detect slight alterations in pupil sizes, blink rate and even direction of gaze. A laser radar called BioLIDAR measures heart rate and changes between heartbeats. The BioLIDAR can even monitor a persons respiration and track movements in the face, neck, and cheeks. Stressed out? A thermal camera will pick up on this too by gauging changes in the skin temperature.

Read the full article at Tech Fragments