Damon Cortesi's blog

Musings of an entrepreneur.

Filangy Beta

| Comments

Like so many others, I stumbled across Filangy over on Jeremy’s blog. Being hip and trendy, I signed up for a beta and no less than a few days later received an invite.

The theory behind Filangy is awesome and would greatly benefit how I use the web, however I cannot in good conscience use the service.

Why? Simple - security.

I have discovered two fairly major security flaws with their implementation, which I have informed Filangy about, that put Filangy users at risk with respect to the (limited) personal information stored in Filangy. However, it is fairly obvious that this tool was not built with security in mind and that worries me. In my experience, if their developers were not aware of these issues prior to this point, the fixes will likely be tacked on solutions and will fail to fully correct the problem. The fact that the JavaScript rollovers seem to be snagged from Dreamweaver do not make me very optimistic…

Please, Filangy, at least take a look at the Open Web Application Security Project (OWASP) and get Filangy on the right track…I would love to use it.