https connection over flash ?

Discussion in 'other software & services' started by accessgranted, Mar 10, 2010.

Thread Status:
Not open for further replies.
  1. accessgranted

    accessgranted Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    182
    Hi

    The other day I went to a legal online music store to buy and download an album. The entire procedure happened in a flash interface, and when I had to submit my credit card number, I hovered the mouse over the link and saw that the link address started with https:// and felt reassured.

    So I proceeded, but then I noticed that my browser didn't mention any switch from non-secure to secure, as it always does in such a case.

    Was the submission encrypted, is flash player able or unable to initiate and participate in https connections?

    If it was encrypted, how come the browser didn't detect, participate in or even mention the procedure?

    I'm afraid the credit card number traveled in the clear--

    Dunno. Any clues?

    Thanks
     
  2. estra

    estra Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    53
    The following quote is from this document:

    Adobe Flash Player 9 Security

     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Sounds like a crazy way to do HTTPS o_O I wouldn't choose to enter ANY financial details via that method.
     
  4. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Totally aside from the question of Flash and (or probably more accurately, "versus") security ...

    Since your wording suggests your setup, just thought I'd double-check: You are set to display "warning" when moving into a secure site? I only ask because for many of us, we don't use that since we're more concerned with moves in the other direction, from a secure site to one that's non-secure (or mixed-content),
     
  5. accessgranted

    accessgranted Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    182
    Yes, both in FFox and Opera. It allows me to spot strange behaviors such as the one I describe above, or to know when a site is launching a https:// connection without my asking for it - thereby circumventing some functions of proxy software, or finally to see when a site pretending it's gonna use https:// at next step is in fact not doing it.
     
  6. ameyap

    ameyap Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    87
    apple and a lot of other security companies recommend doing away with flash solely from the security standpoint. one can draw their own conclusions from that. i certainly won't carry out cc transactions via any flash
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Flip through this sometime - lots'a pointers.
     
Loading...
Thread Status:
Not open for further replies.