Re: [2126-FlashDataExploit] request to de-couple issues

From: Edward Burns <>
Date: Thu, 20 Jun 2013 10:12:15 -0700

> On Thu, 13 Jun 2013 09:26:44 -0700, Edward Burns <> said:

>>EB> On Tue, 11 Jun 2013 18:29:12 +0100, Leonardo Uribe <> said:
LU> Hi
LU> This issue calls my attention, because I remember we had discussed it
LU> long time ago.

LU> 2013/6/10 Edward Burns <>:

EB> I think it would help to separate out the discussion on this issue into
EB> two parts.
EB> 1. The original intent of the issues: making the Flash more secure

LU> In my opinion, a random number generator like the one used in Apache
LU> Trinidad for its pageFlowScope is enough. The idea here is just make
LU> very difficult to guess the next number in the sequence.

EB> I agree. I applied this to 2126.

Starting in earnest now on doing this work.