Recent flash security hole ... more risks coming? Clickjacking-Attack?

Recent flash security hole ... more risks coming? Clickjacking-Attack?
Wed, Aug 5 2009 5:53 AM #529397
kaimon Posts 62	When the Anti-WoW-Matrix measures (which I generally support) were introduced a lot of people complained about the security risks that would arise with your implementation using flash. Now the risk has become reality for a lot of people who got their accounts stolen because they had to have flash activated while visiting your page. While that security hole in flash was not your fault I think it is your responsibility not to use techniques which are generelly known for having frequent security problems. Any plans to get rid of the download via flash? WoWInterface does just fine without it. I deactivated flash because of the latest security issues ... now I get that annoying captcha frame again. When I try to enter that captcha, NoScript warns "potential Clickjacking-Attack". I have no idea what that is and I will not click ignore ... I will have to refrain from using Curse completely. Please please try to use programming techniques that are not considered unsafe. Don't start saying that NoScript is paranoid ... you have to be paranoid these days. Just have a look in WoWs Support forums and you know why.
	Tags security flash captcha

Wed, Aug 5 2009 5:53 AM

Posts 62

When the Anti-WoW-Matrix measures (which I generally support) were introduced a lot of people complained about the security risks that would arise with your implementation using flash. Now the risk has become reality for a lot of people who got their accounts stolen because they had to have flash activated while visiting your page. While that security hole in flash was not your fault I think it is your responsibility not to use techniques which are generelly known for having frequent security problems.

Any plans to get rid of the download via flash? WoWInterface does just fine without it.

I deactivated flash because of the latest security issues ... now I get that annoying captcha frame again. When I try to enter that captcha, NoScript warns "potential Clickjacking-Attack". I have no idea what that is and I will not click ignore ... I will have to refrain from using Curse completely.

Please please try to use programming techniques that are not considered unsafe.

Don't start saying that NoScript is paranoid ... you have to be paranoid these days. Just have a look in WoWs Support forums and you know why.

Tags security flash captcha