https connection over flash ?

Hi

The other day I went to a legal online music store to buy and download an album. The entire procedure happened in a flash interface, and when I had to submit my credit card number, I hovered the mouse over the link and saw that the link address started with https:// and felt reassured.

So I proceeded, but then I noticed that my browser didn't mention any switch from non-secure to secure, as it always does in such a case.

Was the submission encrypted, is flash player able or unable to initiate and participate in https connections?

If it was encrypted, how come the browser didn't detect, participate in or even mention the procedure?

I'm afraid the credit card number traveled in the clear--

Dunno. Any clues?

Thanks

 

The following quote is from this document:

Adobe Flash Player 9 Security

 

Sounds like a crazy way to do HTTPS I wouldn't choose to enter ANY financial details via that method.

 

Totally aside from the question of Flash and (or probably more accurately, "versus") security ...

Since your wording suggests your setup, just thought I'd double-check: You are set to display "warning" when moving into a secure site? I only ask because for many of us, we don't use that since we're more concerned with moves in the other direction, from a secure site to one that's non-secure (or mixed-content),

 

Yes, both in FFox and Opera. It allows me to spot strange behaviors such as the one I describe above, or to know when a site is launching a https:// connection without my asking for it - thereby circumventing some functions of proxy software, or finally to see when a site pretending it's gonna use https:// at next step is in fact not doing it.

 

apple and a lot of other security companies recommend doing away with flash solely from the security standpoint. one can draw their own conclusions from that. i certainly won't carry out cc transactions via any flash

 

Flip through this sometime - lots'a pointers.