Ex-IMDb Members' Forum

You are not logged in. Would you like to login?

9/26/2017 3:54 pm  #1

Website design and access and compatability issues.

Please do not use Adobe Flash Player or any other form of flash player as a requirement for log on.
When you do that with Flash Player you lock a potential 60% of your customer base out of your website.

The current version of Adobe Flash Player crashes often and is a security risk at both ends.
Likewise some websites are switching to "Open ID" for log on in the mistaken belief
that Open ID makes their website more secure because with legitimate usage
it would normally require the user to log onto Google first. However, Open ID is
extremely vulnerable to cross scripting code injection attacks.
Which in some ways makes Open ID more vulnerable to hacker attacks
than the old style hash table authentication that could usually only be
broken with a brute force rainbow table attack that is very time consuming
and gets noticed and shut down usually long before it becomes a real threat.

Flash Player and Open ID don't make websites more secure, it makes it more vulnerable to hacker attacks.
So just don't..



"Without education and intellectualism there is no morality."

9/27/2017 3:53 am  #2

Re: Website design and access and compatability issues.

A big part of the problem is all those backdoors built into both hardware and software for law enforcement to use.
Which any such intentional security vulnerabilities can also by exploited by malicious criminal hackers or internet vigilantes.

However, the current solution seems to be that internet lawyers try to prevent people from talking about the problem
rather than do anything useful about it. Their solution seems to be to make everyone shut up and just
ignore the internet security problem and hope that it just goes away.
Which it should be no surprise that that strategy is just not working.

Add to that, that while it is possible to absolutely identify the identity of an honest computer user logging on
by use of a unique hardware identification key. It is not possible or even very useful to absolutely identify the
location of that or any other computer user for use in securely logging into a website.

Furthermore, it is  not possible to guarantee the authenticity or integrity of the data stream because
it could by compromised at the computer that it originates from, or at any of the "hops" or internet
server nodes along the way. Even if the data stream is encrypted, and even if it is transmitted
through a secure "VPN", you cannot prevent the data from being maliciously altered at
any intermediate Level 3 Server along the way that might have been maliciously hijacked or compromised.

Often is the case that the servers that make up the "hops" on the internet that pass data along
just sit in a building somewhere completely unattended and have not had any kind of security
or antivirus scans run on them in months, or even years, if ever.

Which all of this does not bode well for the integrity of online purchasing or business transactions
if the content of the data stream can be altered at any point along the way.

"Without education and intellectualism there is no morality."
     Thread Starter

Board footera


Powered by Boardhost. Create a Free Forum