Announcement

Collapse
No announcement yet.

Flash=Stealin passwords?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Flash=Stealin passwords?

    Hi

    i just heared this:
    --------------
    Another thing you all may want to note is that using flash actionscript it is possible to access cookies and then send your cookies to a remote site.
    ---------------

    how can i solve this without preventing flash on my board?

  • #2
    Unfortunately there is no way to "nit pick" this. If you allow flash through allowing html code on your forums or through a custom vB code tag, then your users will be able to abuse it like this (assuming what you heard is correct).

    Comment


    • #3
      thanx 4 ur replay..

      ok what if i disabled the Flash on my forum and then one posted such a file that contains the sicript in an standalone page will he be able to get the cockies for my forum or does have to be in the same forum?

      Comment


      • #4
        helloooo

        Comment


        • #5
          Originally posted by firas
          helloooo
          hello
          how are you ?

          Comment


          • #6
            Originally posted by firas
            he be able to get the cockies for
            i must say i laughed (sorry)
            My Sites :

            Comment


            • #7
              this was not a joke..i think that this is the support forum so please reply if u have an answer and there are some oter places that u can go for fun.

              this is a serious problem and i wanna find a solution.

              Ok i wanna know more about the script: how does it work? why can't the zone alarm or the fire wall stop it? what if the person who uses it was not online: will it send the code to him via email or what?

              Comment


              • #8
                you cant stop it.

                Flash has its own flashscript and its easy to steal cookies using that. Also since its a binary file there is no way to check what it is executing.

                The only solution is to not allow flash.
                Scott MacVicar

                My Blog | Twitter

                Comment


                • #9
                  ok what if i stop flash from the forum. will i be affected by visiting pages that may have this script? i meant will they be capable of gettiing my cookies too?

                  Comment


                  • #10
                    I believe flash is limited to the domain which it is called from but I'm not sure. You'd have to read the documentation at MacroMedia.
                    Scott MacVicar

                    My Blog | Twitter

                    Comment


                    • #11
                      thanx alot...ok one more quesion.. how can I disable flash from my forum?

                      Comment


                      • #12
                        Originally posted by firas
                        thanx alot...ok one more quesion.. how can I disable flash from my forum?
                        Disable HTML in posts and sigs.
                        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                        Change CKEditor Colors to Match Style (for 4.1.4 and above)

                        Steve Machol Photography


                        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                        Comment


                        • #13
                          thanx alot

                          Done

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X