Flash Vulnerabilities Affect Thousands of Sites
An anonymous reader sends us to The Register for this security news. The problem is compounded by the fact that some of the most popular Web development tools for generating SWF produce files containing the recently disclosed vulnerabilities. "Researchers from Google have documented serious vulnerabilities in Adobe Flash content which leave thousands of websites susceptible to attacks that steal the personal details of visitors. A web search reveals more than 500,000 vulnerable applets on major corporate, government and media sites. Removing the vulnerable content will require combing through website directories for SWF files and then testing them one by one. Updates in the Adobe software that renders SWF files in browsers are also likely, but they probably wouldn't quell the threat completely... No patch in sight from Adobe, that's the price to pay for depending on proprietary solutions."
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
to b\e abou7 doing Posts on Usenet are
Just throwing it out there but I'd point the finger at Microsoft. Come on, they are developing Silverlight, a competitor to flash based on XAML/JS (Why not focus on SVG/JS/XForms? Money probably). They just released December previews of Expression Blend, the integration development tool for it along with SP1 for Expressing Design. They see an opportunity to make people say "Well you can't trust Flash! It's proprietary and insecure." And they jumped on it. Never mind the facts that they have the most sparkling security track record either, their Silverlight plugin for browsers other than IE crashes most of the time, and above all, their solution is proprietary as well.