||unity-dev|| FYI: Flash Player 9, 0, 115, 0 security hardening can break U2 and other socket server sites!

Discussion list for Unity developers. unity-dev at moock.org
Thu Apr 17 02:13:17 CDT 2008 

for the benefit of the list archive, here's a link to the outcome of our 
response to this issue:

http://moock.org/unity/technotes/00001.html

colin

Discussion list for Unity developers. wrote:
> www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html (the
> whole article is a must-read, but, this is the critical page)
> 
> Flash Player 9,0,115,0 introduces new security measures that cause a flash
> SWF running in it to "make contact" via PORT 843 during xmlsocket
> connections!
> 
> This is only the 1st step of what's to come: newer versions will REQUIRE
> policy files to be served up DIFFERENTLY (than they were required to, up
> until this version) and will cause headaches for us who host/run any socket
> server for use with Flash Clients.
> 
> This change particularly caused issues with us, as, port 843 (a previously
> unused/unknown port) has always been in the realm of ports deemed to be in
> violation of firewall rules -- and in our case, by design and "in purpose"
> -- forced all clients who attempted such connectivity to have their IP
> blocked for a period of time, automatically -- REMEMBER -- this is ONLY for
> those clients who have this NEWER version of Flash9 installed and in use AND
> IF they call up an swf that tries to make an xmlsocket connection!
> 
> So, take note, take heed, this issue is real and coming to all our doorsteps
> -- whether we like it or not.
> 
> If you're not a developer or host, this affects you in such a way that: At
> some point, if not now, you'll not be able to use a site you've been using
> without issues alllll along.... until.... you updated your flash player --
> UNLESS -- we developers/hosts read-up on the deal and follow the sheep!
> 
> Sincerely,
> 
> -Jayson K. Hanes
> http://flashtampa.com
> --
> you're a unity-dev subscriber. to unsubscribe, visit www.moock.org/mailman/listinfo/unity-dev/
> 
> superb hosting for this list and moock.org is generously provided by Rackspace. See: http://www.rackspace.com/?supbid=moock

More information about the unity-dev mailing list