Blitzableiter developments...

[luntrus]

Hi Girorgio Maone,

Are you aware of this ongoing project: http://blitzableiter.recurity.com/ ?
This is a special tool to analyze Flash code before it is going to be executed. It checks the SWF-file integrity and also for the presence on Embedded Action Script to block and also it will recognize Cross-site request forgery (CSRF) that could be used in an attack. Seems to work right according to this developer: http://www.heise.de/newsticker/meldung/ ... 93588.html
From a test with 20 genuine Flash exploits blitzableiter seems to detect OK, all attacks were detected. Also the tool can make legit Flah-files not to work anymore. Of 95.000 tested SWF-files 92% appear to pass the "format" check, but only 82% survived all of the debugging procedure. According to developer Felix "FX" Lindner the tools works on large Flash websites, likes YouTube like it should.

Biggest problems are with bij Flash-files trying to hide the code. Often this could be typical for malware. Then Blitzableiter demand quite some CPU, so it is not suitable for slow computers. Lindner told that the tool still is being developed. Just a couple of days ago McAfee Adobe called Flash code the number one hacker target for 2010,

luntrus

[computerfreaker]

Looks pretty interesting, but the approach seems to be a standard antivirus approach - scan for known threats. That works just fine, until the attackers come up with a new threat... and all of a sudden, that approach doesn't work nearly as well.
I wonder how this will stand up to the ultimate test: time.