Filangy Beta
Like so many others, I stumbled across Filangy over on Jeremy’s blog. Being hip and trendy, I signed up for a beta and no less than a few days later received an invite.
The theory behind Filangy is awesome and would greatly benefit how I use the web, however I cannot in good conscience use the service.
Why? Simple - security.
I have discovered two fairly major security flaws with their implementation, which I have informed Filangy about, that put Filangy users at risk with respect to the (limited) personal information stored in Filangy. However, it is fairly obvious that this tool was not built with security in mind and that worries me. In my experience, if their developers were not aware of these issues prior to this point, the fixes will likely be tacked on solutions and will fail to fully correct the problem. The fact that the JavaScript rollovers seem to be snagged from Dreamweaver do not make me very optimistic…
Please, Filangy, at least take a look at the Open Web Application Security Project (OWASP) and get Filangy on the right track…I would love to use it.
3 Comments so far
Leave a comment
"Thank you for bringing these 3 important issue to our attention. I will pass them on to the engineers."
– 3 hour response time - good start!
By Damonon 02.24.05 7:08 am
I received an email this evening from Chirag Chaman, the CEO of Filangy, noting that the issues had been corrected. Checking back in, it seems they are. I’m happy to see such a quick response.
/me re-enables my Filangy toolbar.
By Damonon 02.25.05 7:24 pm
You should have pwnt them, sent them screen captures, and then cried happy tears.
By Jmanon 02.26.05 8:27 pm
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>