Forum latest

Adobe's New Privacy Feature For Flash Clashes With Online Fraud Detection
Security
Written by Daniel   
Thursday, 06 May 2010 16:53

From Dark Reading


Financial institutions, ecommerce sites will no longer be able to rely on Flash objects, cookies to help ID legitimate users, experts say

When Adobe releases Flash Player 10.1 in the next couple of months, users of the application will have clearer, easier-to-set privacy options for their browser cookies. But more user privacy comes at the expense of fraud detection processes: The upgraded software is likely to disrupt some ecommerce and online banking sites that rely on cookies as another layer to authenticate their customers.



The new version of Adobe's Flash, currently in beta, makes its privacy settings more prominent and explicit to the user and also supports private browsing, which lets a user browse without logging his browsing history on his machines.

Adobe says it added these features due to concerns that some websites were using Flash's local storage features to store machine IDs without the user's consent or knowledge. For example, even if a user had cleared his cookies, these sites would keep a backup of them in Flash's Local Storage so he could restore the deleted cookies -- without the user knowing or realizing it.

Many ecommerce and online banking sites use these so-called user "tags" to confirm the user is legitimate and to prevent unauthorized access to legit user accounts on their sites. But Adobe's move to let users wipe Flash cookies clean signals the end of this practice, security experts say, making it obsolete in the next three years.

 

[More...] [Comments...]

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either