I work at Adobe as Platform Security Strategist, focused on AIR, Flash and Reader security. In this blog I’ll be providing some genuinely useful technical info on emerging threats and addressing application development best practices.

12 Responses to Welcome!

  1. George says:

    Awesome! I’ve been looking forward to seeing more information regarding Flash security considerations and best practices.crossdomain.xml files are confusing enough for many people to understand. Hopefully you’ll be able to clear up confusion about the new allowScriptAccess and allowNetworking parameters as well.

  2. Shaun Halberstadt says:

    As Platform Security Strategist, you sound like just the guy to answer my question, which is this: Microsoft (via Scott Guthrie) recently presented to developers throughout Europe that they would be providing local file access in Silverlight. The access would require an open file dialog and would not provide direct access to the file system, but would allow client side file manipulation without uploading to a server. What are the security implications of this, and what is the likelihood that we will see something of the sort in the Flash Player?Thanks, and I look forward to seeing what you have to post here.

  3. Lucas Adamski says:

    Hi George,Those are indeed great topics to tackle. Look for me to address those shortly, and thank you for the suggestions!

  4. Lucas Adamski says:

    Hi Shaun,Good question! That is a pretty murky subject. I started replying inline in this comment, but I realized its actually a fairly involved subject.I’m not in a position to comment on whether or not Flash Player could support such an API in the future, but I’ll be happy to go into the background and security implications of the current design in an upcoming post.

  5. Ronnie says:

    Wonderful, great to have some focus on the security aspects o the Flash Platform. Extremely vital if Flash is to play on the enterprise level.

  6. Joseph says:

    Greetings! I’m wondering if you might explain the reasoning behind the heavy sandbox restrictions of SoundMixer.computeSpectrum() and BitmapData.Draw() when reading from an RTMP stream.There are so many powerful possibilities with AS3 and FP9 and I just feel a bit neutered by these policies :)Look forward to reading whatever you have to say about these subjects. FP security has always been a sort of shadowy area!

  7. Wow !It’s a great news.A blog like this missed so far !Can’t wait to know more about AIR security topics.ciaomarco

  8. davd doull says:

    Hi,I’m looking for some more info on the AIR publisher info when an app is installed – how’s this going to work – at the moment it says unverified – which obviously is going to worry users.thanksdavid

  9. Phil says:

    i am looking forward your technical information. as i am working on an complicated flash checkout i can need some good information, to let my project secure. i will bookmark this site. i am happy to found this blog.

  10. JY says:

    Technical Question regarding AIR: How do I set security so that when I use SWFLoader, the loaded swf can grab camera/mic?I am using the same code base in a Flex app. and it works. However, porting to AIR, the SWF loaded in by SWFLoader can not stream cam/mic? Thanks in advance.

  11. Seo Company says:

    Cool blog to acquire a knowledge of AIR Security tips.I would be waiting for more upgradations in this Flash and Reader security.Thanks

  12. Jenish Shah says:

    Thats really great to know that you work for adobe. AIR, Flash and Reader Security. My question to you is instead of having an update which pops up every single time you open the file which is pretty annoying. Can you not keep that as a notification mail as most of the times people tend to skip that for later purposes. This would obviously increase the number of legitimate users whose details you can preserve but also you can make sure there are no pirated users as that mail will be provided to registered members only.