Comment Re:Broken security model (Score 1) 355
I'm still not exactly clear on the vulnerability itself, all I'm reading is "If I get a swf on your server, when it's executed in the browser it will have originated form that server" What exactly is the vulnerability there? Isn't this how it's supposed to work? Don't you want scripts executing on the domain they load from?
From the article
"If I can get a Flash object onto your server, I can execute scripts in the context of your domain. This is a frighteningly Bad Thing." Is he suggesting Flash should execute in a black hole or something like that? That would make no sense.