Recurity Launches Blitzableiter 1.0 at FIRST & Drs. Venkatakrishnan and Hamlen Awarded National Science Foundation Trustworthy Computing Grant
Recurity Launches Blitzableiter 1.0 at FIRST
Ever since a late-night conversation with Felix ‘FX’ Lindner, Brad Arkin and myself at Black Hat last summer, members of the ASSET and Adobe Flash engineering teams have been assisting researchers from Recurity Labs, the German security research and consultancy company, in their development of Blitzableiter (“Lightning Rod”). This mitigation technology filters malicious Flash (.SWF) files before they can carry out an attack against a vulnerability in the Adobe Flash Player.
Today, Recurity officially launched Blitzableiter v1.0 at the FIRST conference in Vienna (June 12-17, 2011). The Blitzableiter beta has already been used by several companies, including a large social networking site in Europe.
Blitzableiter is a signature-free, open source mitigation technology for enhancing Flash content security that uses complete format normalization instead of scanning. A potentially malicious input file is read, parsed and interpreted, applying strict rules of specification compliance. If the input file violates those rules, it’s rejected. After initial parsing, the original input file is discarded completely, and a new file is created based on the information obtained from the original input. Blitzableiter supports automatic modification of AVM1/2 (AS2/3) code in Flash (.SWF files) and during testing has demonstrated the ability to block almost every Flash Player exploit sample observed since 2010. It supports version SWF3 to SWF10. The 1.0 release version can be used client-side with NoScript in Firefox, or integrated with proxy servers or firewalls using an included ICAP server.
Drs. Venkatakrishnan and Hamlen Awarded National Science Foundation Trustworthy Computing Grant
Both projects serve as great examples of members of the security community, academia and vendors collaborating to help protect customers from malicious attacks.
Platform Security Strategist