tag:blogger.com,1999:blog-8401276.post234990127185733817..comments2023-09-23T07:23:46.408-06:00Comments on cucullus non facit monachum: Secure in their insecuritiesOkiehttp://www.blogger.com/profile/01393689307300304035noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8401276.post-735311534347513012008-05-28T07:21:00.000-06:002008-05-28T07:21:00.000-06:00OK, if there's no chance that the POS terminals ca...OK, if there's no chance that the POS terminals can run flash content that you don't control (i.e. no ablility to follow links outside the network), then there's little risk. However if it is possible to follow a link outside the network, e.g. a banner or link in a page, then the risk is real.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8401276.post-13234646042499490882008-05-27T12:34:00.000-06:002008-05-27T12:34:00.000-06:00Perhaps I'm wrong and naive because I'm new to the...Perhaps I'm wrong and naive because I'm new to the flash development world, but it seems to me that particular security hole (and the others I've read about) are things that the developer/provider needs to be concerned about, not necessarily something that the client should be concerned about, right?<BR/><BR/>On our side, we are setting up extensive logging and will be doing all we can to make sure any and all data we collect from clients is secure.<BR/><BR/>This particular client is concerned that by running a flash application, they will risk compromising data on their own computers and on their network... they are specifically concerned about their clerks using our application on their Point of Sale computers and risking the flash application somehow tapping into the customer data that those PoS machines have access to.<BR/><BR/>Is that a reasonable fear?Okiehttps://www.blogger.com/profile/01393689307300304035noreply@blogger.comtag:blogger.com,1999:blog-8401276.post-28174427041081557102008-05-27T12:27:00.000-06:002008-05-27T12:27:00.000-06:00Um... yeah, actually. I totally understand your fr...Um... yeah, actually. I totally understand your frustration, and I know just how widely used Flash is, but even as I write this the latest version (9.124) of Flash player has an actively exploited, unpatched hole (http://www.securityfocus.com/bid/29386). <BR/>These people are not capable of providing a product (Acrobat Reader, Flash Player) that is secure for more than a few months. When you consider the attack vector - surf to a page, whoops, game over - you can see why IT departments might give Flash a pass.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8401276.post-34842411367907137382008-05-09T01:15:00.000-06:002008-05-09T01:15:00.000-06:00Ha ha ha. That is great Okie. I was wondering when...Ha ha ha. That is great Okie. I was wondering when you were going to start writing another work of fiction ;) I can't wait to see the next installment. This one is so far out there I think you might actually get it published.Kevinhttps://www.blogger.com/profile/13804608471406748553noreply@blogger.com