View RSS Feed

100 Grades Per Minute

Breaking In - Literally

Rate this Entry
by
CAM
, 10th April 2011 at 01:05 AM (1860 Views)
A program called Breaking In is being launched in America and it is the IT world's equivalent of CSI. the show follows a fictional IT team breaking into museums, nicking cars and doing other things that real security researchers likely don't do as part of their day to day affairs. The producers even created a Flash game for people to play around in and supposedly "hack" by guessing a password.

Unfortunately for the show's marketing team, one user responded to the Naked Security blog post about the show with instructions for how to literally hack the game. Ironically, Flash is the security hole (again).

1) View the source of the first game URL and you will see a link to http://www.conyourfriend.com/contrasecurity/

2) In the source of the second page, look for the name of the Flash file in the fLoadFlash() function. This is called hack.swf, add that on to the end of the URL to get http://www.conyourfriend.com/contrasecurity/hack.swf

3) This is the third time you will have seen the file play but this time you are viewing the Flash file itself and can access Flash's play controls. Skip the intro and, using the right click menu, untick Loop, then click Play.

4) Ta-da, beat the game in less then 0 seconds.

blogs/cam/attachments/9911-breaking-literally-brokenin.jpg

Credit to *FromSQLSantizer on the Sophos blog for spotting this.

Updated 10th April 2011 at 01:30 AM by CAM

Categories
Amusement , Technical

Comments

Trackbacks

Total Trackbacks 0
Trackback URL: