Re: FLASH: [RESPONSE] Recent Flash Player Release

[Eric J. Wittman]

uniqu writes:

>>However, you leave unaddressed some serious concerns regarding this

defective player. Furthermore, I do not follow the logic behind the security

issue.


According to many online security experts and sites, files/applications

playing back from one domain should not be able to send or receive

information from another domain without the users consent. Imagine a site

where a user password/credit card/social security number, etc. is obtained

on one page and sent to another domain. Or information behind a firewall is

obtained and forwarded to another domain. According to the experts, this is

a no no.


A few online security resources we use as a part of our consulting process

are:

o http://securityfocus.com

o http://packetstorm.securify.com


Hope this provides a better understanding.


A side note, in TechNote #14213 in the Macromedia Flash Support Center, we

do provide the recommended process.


Best,

Eric J. Wittman

Senior Product Manager, Flash

---------------------------------



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com