crossdomain.xml

Adobe FlashPlayer 7 added several security features. I first became aware of this one as I saw a large number of HTTP 404 errors for a file named ‘crossdomain.xml’ in my webserver logs. (see also clientaccesspolicy.xml)

If you use flash on your website, I’d suggest adding an appropriate copy of this file to limit your exposure to some potential security issues.

Restricted domains

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.example.com" />
<allow-access-from domain="example.com" />
</cross-domain-policy>

Open to all domains (not recommended, but fully backward compatible)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

REFERENCES:

Masquerading browser User-Agent strings

As it’s Halloween, it’s only relevant that I share a method of covering your browsers identity.

  • For MSIE, you must modify the registry. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
  • For Chrome (on Windows, and I assume other OS’s), you can use a startup parameter.
    C:\Users\{USERID}\AppData\Local\Google\Chrome\Application\chrome.exe --user-agent="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1"
  • For Firefox and other Mozilla based browsers, you can mofiy the configuration in (user.js) or use a variety of add-on extensions, such as:

Interested in knowing your current User-Agent, just visit one of the following:

Many robots and spiders that are used by search engines also identify themselves by their User-Agent, if you see this activity in your logs you can often learn more about it at:

REFERENCES:

Happy Halloween!