LordVader!
11-13-2009, 12:39 AM
** exploitable flaw
After reading this (http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html) or this (http://www.computerworld.com/s/article/9140768/Flash_flaw_puts_most_sites_users_at_risk_say_resea rchers) I would like to talk about ways we can mitigate this. Looks like forums that allow uploads could be a huge target. Is this something that the VB team can fix on the VB side? Other then disabling uploads what are some options to protect ourselves? Looks like a fix might be a long way off (facepalm)…
--------------- Added 1258084262 at 1258084262 ---------------
Seems like a good fix for this would be to allow VB to accept a 2nd domain that can be used to host all the Avatars, Signatures, Pictures etc (even if it resolves to the same IP address)... For now I shut off all uploads.
After reading this (http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html) or this (http://www.computerworld.com/s/article/9140768/Flash_flaw_puts_most_sites_users_at_risk_say_resea rchers) I would like to talk about ways we can mitigate this. Looks like forums that allow uploads could be a huge target. Is this something that the VB team can fix on the VB side? Other then disabling uploads what are some options to protect ourselves? Looks like a fix might be a long way off (facepalm)…
--------------- Added 1258084262 at 1258084262 ---------------
Seems like a good fix for this would be to allow VB to accept a 2nd domain that can be used to host all the Avatars, Signatures, Pictures etc (even if it resolves to the same IP address)... For now I shut off all uploads.