Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Security |
|
<< Previous thread | Next thread >> |
| Hosted security services: Another threat to Phorm’s business model? | ||
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
|
| Author | Post | ||
| Phormic Acid |
| ||
  Registered Member #22 Joined: Mon Feb 25 2008, 11:11PMPosts: 240 | (I posted much of the following on Cable Forum a week ago, but forgot to post it here too.) In PC Pro’s podcast of 2 June 2008, there’s an interesting report on the Infosec show. It starts at 39:35 and covers the idea of hosted security services, also referred to as ‘security in the cloud’, for the home user. Phorm’s claimed selling point for Webwise is that it has the potential to provide some protection from phishing websites. This is one specific, limited example of the more general concept of hosted security services. Someone with a little technical knowledge can tunnel their web traffic through their ISP’s network to a trusted gateway beyond, so completely bypassing Phorm’s equipment. However, with hosted security, this tunnelling out could be taken up by your average home user. Rather than having a heavyweight security application on their computer, a small client could securely marshal all web traffic to and from the security company, who would take on the burden of analysing and cleaning that traffic. VPNs for the masses? Of course, what, if any, hosted security and who will provide that service should be a free choice. It shouldn’t be foisted upon the user by integrating it into an ISP’s network. The idea of hosted security services might not be a bad idea for many Internet users. The Register reports that 'Legit' website compromises reach epidemic proportions. Anyone using Flash Player has been vulnerable since at least 27 May 2008. Adobe are yet to plug this hole. | ||
| Back to top | | ||
| Midnight_Voice |
| ||
 Registered Member #180 Joined: Thu Mar 13 2008, 08:51PMPosts: 756 | Phormic Acid wrote ... Anyone using Flash Player has been vulnerable since at least 27 May 2008. Adobe are yet to plug this hole. Phormic, this advisory was a mistake, as even the URL you reference makes clear. The latest Flash player, 9.0.124.0, is not vulnerable to this. See: securityfocus The confusion arose because XP SP3 ships with the older Flash player, as it was finalised before this became available, though it was only published after that date. The person raising the advisory assumed XP SP3 would have the latest Flash, and so erroneously ascribed the vuln to this. Please note, though, that if you have the latest Flash player already, and then install SP3, this will not overwrite it with the earlier one. (Another piece of misinformation that has been floating around). Only people who install XP from scratch using an SP3 disc will wind up with the older Flash, and therefore the vuln. (Apart, of course, from those who never upgraded their older Flash anyway). [ Edited Sat Jun 07 2008, 03:48PM ] | ||
| Back to top | | ||
| Phormic Acid |
| ||
| Registered Member #22 Joined: Mon Feb 25 2008, 11:11PMPosts: 240 | Midnight_Voice wrote ... Phormic, this advisory was a mistake, as even the URL you reference makes clear. The latest Flash player, 9.0.124.0, is not vulnerable to this. Oops. However, I don’t think the URL makes it particularly clear. I should have looked up BID 28695 and compared the vulnerable and not-vulnerable lists against those for 29386. | ||
| Back to top | | ||
Powered by e107 Forum System