Re: FLASH: security problem with Shockwave?...

[John Croteau]

Hi Michael,


> Someone just forwarded this on to me the other day:

>> A vulnerability has been discovered in the auto-update feature of the

>> Shockwave 7 plugin. When the plug-in contacts the Macromedia web site for

>> updates, it transfers sensitive information about the sites that it has

>> visited, and in some cases includes passwords used to enter that site.


> is there any truth to it

Yes, but it is unlike to affect you.


> and, if so, does it effect FLASH?

Only if you use the Shockwave auto-update at certain sites that reveal

your info in the URL and there is an update to prevent this info from

being transferred.

See http://www.macromedia.com/shockwave/productinfo/privacy/


Note, the only time there is a security concern is if your user name and

password (or other personal information) are included as part of the URL

of thr site where you go and it is determined that you need a Shockwave

update. The only information that could be revealed is information

pertaining to the site you are visiting and only if it is included in

the URL. A new version of Shockwave is available to prevent that

information from being forwarded to Macromedia. You can get the update

or will get it updated the next time you update Shockwave.


-----------                               -----------------------

John Croteau

croteauerols [dot] com (mailto:croteauerols [dot] com)

-------------                             -------------------------

FlashTek  (Advanced Websites with Flash) http://www.FlashTek.com/

Flash Bible (Fast track to good Flash)  http://www.FlashBible.com/

Flash Central(The Universe Starts Here) http://www.FlashCentral.com/

The Flash Tech Resource (Tech Notes)   http://www.FlashCentral.com/tech/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------

To UNSUBSCRIBE send: unsubscribe flasher in the body of an

email to

list-managershocker [dot] com

.  Problems to:

ownershocker [dot] com

N.B. Email address must be the same as the one you used to subscribe.

For info on digest mode send: info flasher to

list-managershocker [dot] com