Loophole detected in "Camtasia Studio"
November 30, 2009;
Michael Schmidt, Security Analyst at Compass, has analysed a flash application
which has been created with the software "Camtasia Studio" by TechSmith. In doing so he has
detected a security gap which enables Cross Site Scripting (XSS). Compass promptly informed the
manufacturer so that the vulnerability could be remediated. The patch is now available.
Problem recognised
Michael Schmidt of Compass was ordered to analyse flash videos, which had been generated with
"Camtasia Studio", on a customer Website. He had to check whether these were safe. The security
analysis pinpointed the weaknesses. By making use of these, the specialist managed to perform
various manipulations: He was able to modify texts in the flash video, execute Java Script codes in
the context of the Website and to redirect the user to various URLs.
The expert states that a faulty application may cause substantial damage to a safe Web
application. He regards the security gap unveiled as significant. Affected by this are many flash
applications which contain no business logic at all, but serve the only purpose of improving the
"Look & Feel" of a site.
Problem eliminated
The manufacturer TechSmith has immediately reacted to the notice of Compass and published a
patch for "Camtasia Studio". Thus the security gap has been closed. Further information on this
weakness is available under the following link on the TechSmith Website:
|
News
Compass hacks live at CeBIT
2/22/10 - Marco Di Filippo, Regional Director of the company takes on the role of the hacker at CeBIT and puts modern technologies to the test. On the CeBIT platforms of the media partner Network Computing and of the anti virus specialist Avira he is going to x-ray data centres and mobile devices such as iPhone, Blackberry, etc. regarding their safety compliance.
Presentation to the Compass-Workshop on "Mobile Security" at MCTA 2010
2/10/10 - On the 10th Conference "Mobile Communications Technologies and Applications (MCTA 2010), Marco Di Filippo, Compass Regional Director Germany, hold a workshop titled "Mobile Security – Attacking scenarios on mobile services" .
Compass' Testing Modules
1/27/10 - Compass Security has created the document "Testing Module" describing the typical testing scenarios
Workshop on Mobile Security at MCTA 2010
1/11/10 - Marco Di Filippo, Regional Director Germany of the ICT security service provider Compass Security AG (www.csnc.ch) informs in a workshop about the risks of mobile communication tools. This will be held on 01 February at the 10th Conference "Mobile Communications Technologies and Applications" (MCTA) at the University of Augsburg.
Loophole detected in "Camtasia Studio"
11/30/09 - Michael Schmidt, Security Analyst at Compass, has analysed a flash application which has been created with the software "Camtasia Studio" by TechSmith.
|