Breaking In - Literally
by, 10th April 2011 at 02:05 AM (1595 Views)
A program called Breaking In is being launched in America and it is the IT world's equivalent of CSI. the show follows a fictional IT team breaking into museums, nicking cars and doing other things that real security researchers likely don't do as part of their day to day affairs. The producers even created a Flash game for people to play around in and supposedly "hack" by guessing a password.
Unfortunately for the show's marketing team, one user responded to the Naked Security blog post about the show with instructions for how to literally hack the game. Ironically, Flash is the security hole (again).
1) View the source of the first game URL and you will see a link to http://www.conyourfriend.com/contrasecurity/
2) In the source of the second page, look for the name of the Flash file in the fLoadFlash() function. This is called hack.swf, add that on to the end of the URL to get http://www.conyourfriend.com/contrasecurity/hack.swf
3) This is the third time you will have seen the file play but this time you are viewing the Flash file itself and can access Flash's play controls. Skip the intro and, using the right click menu, untick Loop, then click Play.
4) Ta-da, beat the game in less then 0 seconds.
Credit to *FromSQLSantizer on the Sophos blog for spotting this.
Total Trackbacks 0