- Many (most) routers use UPnP for configuration, which uses SOAP over HTTP.
- Despite there being an autodiscovery phase to UPnP that involves non-HTTP packets, you can guess a router's IP anyway and you don't need to do autodiscovery to run commands.
- Flash lets you set arbitrary HTTP headers and POST to arbitrary hosts. This is standard XSRF -- the POSTing could be done with DHTML, so Flash is just needed to set the SOAP header.
- Therefore, malicious Flash can run port-opening commands on your router.
A few separate posts, all in the same area. 1) Most (all?) the distributed bug tracking software I've glanced at stores bugs in a directory, one…
I got a couple of comments on that previous post that betray a bit of a misunderstanding about how collaborative projects work in the presence of…
Distributed bug tracking is the natural extension of distributed version control. Aside from the normal benefits of distributed version control, like…