https://eev.ee/ ~ @eevee
Anonymous asked:kinda related to your tweet complaining about the verge's evil JS, If you go to the tumblr login page and your browser reports you have flash installed (say if you have it on click to play or just using someone else's computer and they installed that crap) the login page loads some flash applet in the background. Do you maybe know wtf does it need flash for?
Bad news: A major vulnerability has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr. Our team took immediate action to fix the issue, but you should still take some time to change your password, not only here but on any other sites you visit.
You should also strongly consider enabling two-factor authentication. It’ll go a long way to ensure that no one besides you can access your account. Thanks, and take care.
if it’s a site you would log into without checking whether you’re on http or https, especially on public wifi, there’s not much point in changing your password
the biggest concern with heartbleed is that someone has been logging your traffic and can now decrypt it. if they could’ve logged your traffic unencrypted in the first place then you’re no worse off now
lol wow i have no idea
but i do have a handful of guesses
1. the login page just loads all the same stuff as the dashboard, which includes a flash fallback thing for playing audio/video
2. they deliberately load a video player just in case the random background they pick happens to be a video (if that’s possible?)
3. they’re using it to track you — you can store data from flash, just like a cookie, but it’s far less likely that you’ll notice or delete it
kinda betting on #1 tbh. on a big complex site it’s a huge pain to cut down the js/css to exactly what a particular page needs. plus if they load all that stuff on the (otherwise relatively small) login page while you’re busy typing your password, the dashboard will load faster.