Wednesday, July 4, 2007

More on flogd security

Recent comments from users at Mashable and other blogs have been concerned about both the perception and actuality of flogd security.


Perception is totally out of my hands, though we introduced a nice graphic secure connection handler today, which aims to end this debate :)


In terms of the transmission of sensitive data, I'd like to explain in basic terms how it works. I leave technical details out deliberately for accessibility and protection.


When a website is loading that has a Flash application in it, your browser requests the swf file and once it has downloaded it, displays it as specified by the markup language. It is executed off your machine, locally, and operates in what's called a sandbox. This basically means that there are certain things the flash can and can't do to your computer and vice versa. In many cases, it can protect your data from local attacks.


When you "Check out" through a Flogd window, the local SWF file establishes a secure connection (HTTPS - SSLv3 - 128-bit encryption) with the Flogd processing server. Once a secure connection is established, sensitive data is protected in the same way as when you deal with your bank online, make purchases off Amazon or any other "normal" e-commerce transaction.


In summary, you are as vulnerable or as safe when using Flogd as using a normal e-commerce site.

No comments: