Re: AIR Badge Installer Cookies and SSL

[Marcus Fritze]

This link should work

https://fpdownload.adobe.com/air/browserapi/air.swf 


explained here:

https://forums.adobe.com/thread/1098726 



Greetings

Marcus

> Am 03.12.2015 um 10:37 schrieb jude :
> 
> A few posts ago I linked to the download page for Radiate. I purchased SSL on 
> it a few months ago but when viewing the download page Firefox is showing 
> warnings. None of the images were to blame so I checked the embedded 
> badge_installer.html  
> iframe and found it was causing the issues. I went through everything on the 
> page (because obviously I want a secure connection) and changed every URL to 
> use "https://;. It still generated an warning so I checked the net connection 
> and found it is pulling in 
> "http://airdownload.adobe.com/air/browserapi/air.swf 
> ".
> 
> 
> 
> It also contains a cookie that has my name and other details in clear text. I 
> removed all the values:
> 
> s_vi=;
> s_pers= s_fid=;
> s_vs=;
> gpv=adobe.com 
> %3Aflashplatform%3Areference%3Aactionscript%3A3%3Aair%3Adesktop%3Aurlfilepromise;
> s_nr=;;
> ADMS_ID=;
> UID=;
> AMCV_@AdobeOrg=;
> mbox=session#1234#PC#1234#1234;
> s_fid=;
> dtLatC=-la;
> dtPC=-;
> SCREENNAME=Full Name was here;
> s_cc=;
> dtCookie=;
> FLASHPLAYER_AB=live;
> AIR_AB=live
> DNT
> 1
> 
> The page is here, https://www.radii8.com/updates/badge_installer.html 
> . You can view source. 
> I'm sure this is just analytics but the fact that my full name, my location, 
> my pc id and other unknown information was sent in clear text over an 
> unsecured "http" network call is a major issue in my book. Is there anyway I 
> can fix this? First make the connection secure, and second, remove or limit 
> the tracking cookies?
> 
> NOTE: In addition this file was not available over https, 
> "http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 
> ". It 
> throws a 404.
> PS If you had wanted to try Radiate and don't want to use the badge installer 
> there are direct links to the files on the download page.
> 
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: AIR Badge Installer Cookies and SSL

[jude]

I looked into that page but don't know where I should use this URL. I think
the Flash badge.swf is making a direct call to the URL. If that's true then
we need a new swf that will call the "https" URL not the "http". I don't
see a similar URL in any of the
https://www.radii8.com/updates/badge_installer.html source.

On Thu, Dec 3, 2015 at 2:07 AM, Marcus Fritze 
wrote:

> This link should work
>
> https://fpdownload.adobe.com/air/browserapi/air.swf
>
> explained here:
>
> https://forums.adobe.com/thread/1098726
>
>
> Greetings
>
> Marcus
>
> Am 03.12.2015 um 10:37 schrieb jude :
>
> A few posts ago I linked to the download page for Radiate. I purchased SSL
> on it a few months ago but when viewing the download page Firefox is
> showing warnings. None of the images were to blame so I checked the
> embedded badge_installer.html
>  iframe and found it
> was causing the issues. I went through everything on the page (because
> obviously I want a secure connection) and changed every URL to use "https://;.
> It still generated an warning so I checked the net connection and found it
> is pulling in "http://airdownload.adobe.com/air/browserapi/air.swf;.
>
>
>
> It also contains a cookie that has my name and other details in clear
> text. I removed all the values:
>
> s_vi=;
> s_pers= s_fid=;
> s_vs=;
> gpv=adobe.com%3Aflashplatform%3Areference%3Aactionscript%3A3%3Aair%3Adesktop%3Aurlfilepromise;
>
> s_nr=;;
> ADMS_ID=;
> UID=;
> AMCV_@AdobeOrg=;
> mbox=session#1234#PC#1234#1234;
> s_fid=;
> dtLatC=-la;
> dtPC=-;
> SCREENNAME=Full Name was here;
> s_cc=;
> dtCookie=;
> FLASHPLAYER_AB=live;
> AIR_AB=live
> DNT
> 1
>
> The page is here, https://www.radii8.com/updates/badge_installer.html.
> You can view source. I'm sure this is just analytics but the fact that my
> full name, my location, my pc id and other unknown information was sent in
> clear text over an unsecured "http" network call is a major issue in my
> book. Is there anyway I can fix this? First make the connection secure, and
> second, remove or limit the tracking cookies?
>
> NOTE: In addition this file was not available over https, "
> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab;.
> It throws a 404.
> PS If you had wanted to try Radiate and don't want to use the badge
> installer there are direct links to the files on the download page.
>
>
>
>