Slashdot Mirror
Adobe Flash Remote Code Execution Flaw Exploited In the Wild
An anonymous reader writes "Adobe has released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux, and OS X, the exploitation of which can result in an attacker gaining remote control of the victims' systems. The flaw is being actively exploited in the wild, but apart from crediting its discovery to researchers Alexander Polyakov and Anton Ivanov of Kaspersky Labs, no details about the ongoing attack has been shared."
They even updated the explicitly unsupported NPAPI GNU/Linux version.
A security flaw in Flash? Really? How surprising.
How far away are we from gaining a critical mass of website who don't necessarily need flash anymore, with the arrival of HTML 5? How long before the scale tips?
Adobe Flash has been a security hole for at least 10 years now.
That people still use it (or install it) boggles the mind.
I won't even install it on my machines.
Lost at C:>. Found at C.
+ standard user account and stop using XP.
Common sense folks.
Using a modern IE and Chrome is also a great defense. Firefox has no lowrights mode and is therefore not fully sandboxed even under a standard user account. As much as I prefer firefox as of late I can tell you from experience that those whose email accounts get hacked almost always use that browser. Hairyfeet mentioned this too in his journal with yahoomail sending out spam when browsing porn. Lowrights mode only works in Windows Vista or later so dump XP too if you need to be extra safe with extra kernel level sandboxing, ASLR, and additional DEP.
Chrome is nice in that its flash in Pepper has extra protection as well.
I recommend flashblock. I can still watch videos on youtube. I just need to click on it.
Adblock plus gets rid of questionable advertiser networks too that are known to be hacked by Russian mob folks so that ad video for toothpaste may have malware in a buffer overflow.
I personally do not use noscript as this would kill the web. Without javascript it is not useful and a big fucking pain the in ass UAC style to enable for each site. Enabling it makes you vulnerable all over gain. But if you are willing to put up with it it does a lot too.
Of course run an AV product. I know those with a smile say they are proud not to run it but I bet you $$$ 90% are infected and have banking trojans and God knows what else. Avast and Avira do not use hardly any cpu cycles or slow disk. The days of crappy Norton 360 slowing your system down to a 386 level are done mostly.
http://saveie6.com/
Looks like it's already out for Ubuntu
to check and see your version:
http://www.adobe.com/software/...
Not even sure it would help not knowing how this exploit works, but I've tended to disable all plugins from running on page load, rather on demand when I click. Similar to NoScript/FlashBlock addons. You can then whitelist the sites that you want to allow have flash on load. http://lifehacker.com/5685352/... Wonder what percentage of exploits center around Flash / Acrobat. Thanks Adobe! If your not tricking me into installing unwanted toolbars your exposing my computer to malicious twats.
It seems like just a few months ago... http://tech.slashdot.org/story...
Let's just stop bagging on Adobe... At the least they are taking ownership of the issues they have and are making efforts to correct large security flaws. It's called responsibility...
Bagging on Adobe at this point is like calling out a politician for actually making an effort to improve a dysfunctional law in a constructive way...
"They even updated the explicitly unsupported NPAPI GNU/Linux version. "
Afraid of pissing off one of the GNU zealots?
No software in common use today is mathematically proven to be correct; therefore, all software is buggy.
The most likely place for bugs is in error handling code, because no matter how many tests you write it is impossible to simulate every possible error condition.
We hope that everyone walking into a store doesn't steal something. Only a tiny minority do but a much larger number could get away with it.
The same goes for software. Any halfway decent programmer can find bugs in error handlers. If he chooses to be a whore, then he uses that skill to make money for criminal gangs or in some cases for anti-malware companies. Programmers who are not whores write actual new and useful software, and usually get paid enough that they can lead fairly happy lives. But it always helps to program defensively. Make your error handling just a bit better than the next piece of software. It will never be perfect. But as a society we count on the fact that nearly all people don't try to use whatever particular knowledge they've acquired to screw you over. Programmers are especially moral. We could bring society to its knees if we wanted to, but we prefer to make the world better.
I don't blame Adobe for the bugs. Millions of people are using this software and probably a dozen or two as I put it whores are in league with criminal gangs trying to sell you boner pills and the like. This handful of people aren't the ones finding new classes of exploits. That is a good function of security researchers. These people are instead likely just exploiting old, known, and quite ordinary bugs.
Recommending any proprietary software to do any task is recommending a security hole. It's trivially easy for any proprietor to include code that spies on you, as computer programmers have long known and Edward Snowden has shown us again. No amount of experience running proprietary software will tell you what you need to know to fix its problems, share your fixes with others, hire others you have good reason to trust to fix problems on your behalf, or even allow someone you have good reason to trust to inspect the program to see if anything needs to be fixed (they're forbidden to do this work for the same reason you are). Picking one proprietary anti-virus program over another, picking one proprietary browser over another, or picking any proprietary program over another proprietary variant of the same kind of program is merely choosing your master. You cannot arrive at a trustworthy solution in this way.
Instead you should choose free (libre) software for your OS, your firmware (via Coreboot), and for all the software you run atop that system. Eschew services that require you to adopt non-free software and gain more control over your computer. The Free Software Foundation's Respects Your Freedom recently added a computer that meets these criteria. We should help them and help free software hackers write more free software to do the jobs we need to be done.
Digital Citizen
No Flash, no problem.
Are the browsers providing sufficient sandboxing, or is the situation the same as its been for the last 10 years? Does this flash vulnerability require another vulnerability in the browser ecosystem that has already been blocked in current versions?
Interesting. I just checked: the Flash bundled with my Chrome is the older version (but it's sandboxed to some extent). So then I opened up Firefox and checked the plugin version, and discovered it was already at the newest patched version. I don't recall any update, so I guess the Flash Player plugin updated itself in the background without me noticing, and actually managed to do that faster than Chrome did. Impressive!
Is Flash -designed- to be impossible to sandbox? Cannot the browser vendors force adobe to bend and setup their plugin to be easier to sandbox? I don't understand why this is still a problem after all these years.
Nice try there Adobe.
Seriously though, Flash has gone NOWHERE in the last few years. Adobe refuses to standardise the platform, they take shortcuts to "match the features of competition" and they end-of-life'd it anyways.
Complete FUD.
Yes by default it lets some non intrusive ads with a good security record. Follow the link above and it will disable all ads. I will let some in that I know that are safe to make sure websites get their bills paid. Just not ones that blast commercials and install malware.
http://saveie6.com/
Just keep in mind Flash is a target due to its ubiquity. The same applies to (desktop) Windows, IE and Android. That's not to say these products are without flaw. After all, they're software - of course they have flaws. It's just there's far more people looking for these flaws than in, say, OSX.
No colour or religion ever stopped the bullet from a gun
It's pretty obvious that Flash has become one of those legacy products where there are only two guys in the entire company that know their way around the codebase. Both have developed chronic alcoholism from maintaining this disaster of a product for so long.
We need an alternative to Flash. An open source alternative which can be forked and maintained by anyone for years and years to come. Something without royalties, patents trademarks and is free to use and modify by whoever wants to and can be implemented into the browser without fear of imprisonment, death or legal embroilment.
Join the Slashcott! Feb 10 thru Feb 17!
They even updated the explicitly unsupported NPAPI GNU/Linux version.
From Adobe's blog:
For Flash Player releases after 11.2, the Flash Player browser plugin for Linux will only be available via the “Pepper” API as part of the Google Chrome browser distribution and will no longer be available as a direct download from Adobe. Adobe will continue to provide security updates to non-Pepper distributions of Flash Player 11.2 on Linux for five years from its release.
Certainly doesn't make it better than hosts (not by longshot - see my last post on that note, OR BETTER STILL, the link to my program for hosts file creation -> http://start64.com/index.php?o...
* When you can PROVE Adblock or Ghostery (advertiser owned or paid off "foxes guarding the henhouse") do MORE than hosts, & better, without being a REDUNDANT slower layer? Then, you can talk!
Since after all: Otherwise, You "eat your words"...
APK
P.S.=> "Almost all ads blocked"? Doesn't hold a candle to hosts nigh ubiquitous versatility in giving users more speed, security, reliability, & even anonymity - period (& you know it, I know it, as does anyone ELSE reading with 1/2 a brain)...
... apk
All the other software companies have fixed all of their security flaws. What is wrong with Adobe. If it wasn't for Flash the internet would be 100% secure.
I assume the sarcasm tags are not needed.
The flash uninstaller is located in /Applications/Utilities on Mac OS X.
Here I go again with the broken "web" sites. Probably should use my iOS apps more again for news etc.
17 enumerated points here hosts do & adblock can't http://start64.com/index.php?o... which YOU are FREE TO PROVE that Adblock can do for users - since hosts certainly can do those items... & adblock, just plain CAN'T!
* I absolutely KNOW Adblock can't do as much as hosts do, OR as well - period!
(Hey... not only is adblock & even ghostery "souled-out" to advertisers, but they're VASTLY inferior in security/speed/reliablity/anonymity gains hosts files DO give users of them (& adblock doesn't + can't - period)).
---
Lastly?
My app downloads, sorts, & deduplicates data that blocks ALL ads (good & bad), known sites/servers that serve up malware, botnet C&C Servers, rogue DNS servers, & FAR more DAILY (as often as I like manually, automagically every 12 hours if you wish) from 12 reputable & reliable sources in the security community...
Plus - YOU have immediate control over it... do you with"ALMOST ALL ADS BLOCKED"?
Answer = No...
You have to wait on them to patch (useless soon, clarityray will END adblock), & that takes time... & knowledge in regexps, where hosts are an IMMEDIATE + EASY textfile edit, locally.
APK
P.S.=> You can *try* your b.s. ALL DAY LONG, but it's not stopping my facts I put out in favor of custom hosts files, & their overall huge superiority over adblock especially (souled out to advertisers like it is, crippled by default, & WEAK against "clarityray")... apk
(note: sarcasm noted; below is to add some historical info)
Remember back when the iPhone's browser had an exploit that could root the phone? People were using it to gain root privileges by simply going to a website. It was being used for a positive purpose at the time, but there was absolutely NOTHING stopping it from becoming a malware vector that could take over phones.
And that was without Flash being usable on Apple's devices.
No, but how many of those critical security flaws allows an attacker to remote control my machine? In this day and age, this shouldn't be happening considering with what we know now, yet it does and the same problems still exist today as it did 10-15 years ago.
Assuming you can get it to download...I had to turn off my spyware/malware prevention tools to get the right download page to appear. Others have the same issues.
http://bytestopshere.wordpress.com/2014/01/21/adobe-flash-12-download-debacle/
Then the insane effort to get it to install. So far the installer is crashing every time I run it.
Perhaps the key to running a "more secure" system is to not run this Adobe POC ("piece of crap") software??
What ever happened to truly creative HTML page designers (people)? I think they got lazy when they saw Adobe Flash and similar tools come along.
Yeah I remember those heady days. Remote code execution in the browser! Amazing!
A scant few years later and I have to exploit the goddamned firmware of the iPhone with a physical link to get into it, because iOS, which Flash predates, has been upgraded to somewhere between the level of duck's ass and nuclear bunker in terms of seals.
Flash, after all that time, has been upgraded from "These ads are hideous, and they will destroy the web" hyperbole, to actually being one of the things that is destroying the web.
I trust Java more than I trust Flash, which is kinda like choosing between HIV and Ebola, but if you had to pick ONE, I'd still go with HIV.
YES!
(It's basic design is insecure.)
This is not even news anymore. Just patch it up and wait for the next exploit.
The thing is Flash is not going away, as much as everyone keeps talking HTML5 the majority of video content on the web is Flash. Best thing Adobe could do is set a date in stone that Flash will no longer be supported. Because Flash for Linux is already done officially and you might as well stop it on OS X and Windows. Do everyone a favor Adobe.
No, you don't have to install the bloatware - the browser includes the bloatware!
And you don't update Firefox and Chrome every other day? FF is version 26, and Chrome is 32... o wait, Chrome needs to update again.
Anyway.. slashdot haters gotta hate
Absolutely: Especially after Billy Gates outright RAN from a fair challenge here http://it.slashdot.org/comment...
* :)
(It makes me laugh - it really truly does: You're only PROVING my points are unassailable truth, & that your "so-called 'solutions'" ARE truly INFERIOR... you know it, I always KNEW it, & now? So does anyone else reading with 1/2 a brain!)
APK
P.S.=> Now, above ALL else - Is it MY fault that you use INFERIOR solutions (DNS, adblock, ghostery, requestpolicy etc.) that don't DO a fraction of what hosts can in added speed, security, reliability, & even anonymity? No, not @ all...
However - It IS yours for pulling reprehensible "hit & run" downmods of my post attempting to VAINLY "hide it" when all you PROVE IS HOW WEAK YOU ARE being unable to disprove my concrete, verifiable & UNDENIABLE facts + truths I use extolling the virtues of hosts, especially vs. inferior competition!
(VERY stupid of you - most folks here see it anyhow as they mostly browse WELL below the dimwitted default so-called easily cheated "moderations" system here on /.)...
... apk
It's really a shame that Adobe didn't try to create a more open flash platform (the player and spec)... When Adobe bought Macromedia, I'd really hoped that flash would become a package bundle+manifest for SVG + JavaScript/ActionScript and a couple of other files in a zip archive. Flex was a pretty decent toolset, and Flash itself a decent content creation tool for animation, and simple interactive applications and simulations. It's still widely used for training materials, and it takes 3-5x the effort to get similar results with HTML5 still...
If adobe had stepped up here and opened the specification itself, and continued to make the tooling they would still make just as much money, and the browsers could have integrated far better, less buggy support.
Michael J. Ryan - tracker1.info
Why'd YOU RUN FROM THIS SIMPLE CHALLENGE THEN? http://it.slashdot.org/comment...
Who are you *trying* to fool? Yourself??
---
"You don't have immediate control over a hosts" - by Anonymous Coward on Wednesday February 05, 2014 @01:51PM (#46164531)
Clue = NOTEPAD.EXE (or you can have my app do an AUTOMATED job of it even better!)
---
"The hosts file is cached by all modern browsers, so it won't refresh with any updates until you close the browser and restart it" - by Anonymous Coward on Wednesday February 05, 2014 @01:51PM (#46164531)
ARE YOU STUPID??
E.G.=> Then how come I can rename the hosts file to say, hostsX (to disable it) & ads show, then I rename it back to hosts & it works blocking ads again, INSTANTLY???
Cut the LIES moron - You're either STUPID, or you think others here are (& we're not).
---
"Also, on Windows, editing hosts is not easy." - by Anonymous Coward on Wednesday February 05, 2014 @01:51PM (#46164531)
That PROVES my point just above (renaming hosts to make it active/inactive) - it takes instantly!
My app makes it even EASIER to do vs.editing adblock regular expressions ridden "rulesets" which are FAR HARDER for laymen to understand vs, hosts' interior simple line record items).
---
"Windows 8 or later anyway, since it ignores the hosts file when it conflicts with DNS entries.. - by Anonymous Coward on Wednesday February 05, 2014 @01:51PM (#46164531)
Windows 8's ONLY 'issue' w/ hosts = Windows Defender in it & all you need's to add a rule exempting hosts in it.
---
"So you can "try your B.S. all day long", APK, but you're still full of shit. FOADIAF.. - by Anonymous Coward on Wednesday February 05, 2014 @01:51PM (#46164531)
FACT - EVERYONE here saw you "Run, Forrest: RUN!!!" above with YOUR easily disproven point-by-point b.s. I just ripped to shreds above.
APK
P.S.=> You FAIL, troll (badly) vs. myself
... apk
What is the impact on ChromeOS and ChromiumOS?
Be in no doubt- this backdoor was coded quite deliberately by Adobe. The vast majority of backdoors are carefully crafted code offering hacking services to the Intelligence Departments of the West, especially those of the UK, USA, Germany and Israel.
When the cyber-crime gangs of The Ukraine and Israel, using knowledge of the back-door provided by their 'chums', become too blatant, the back-door is patched. But the patch adds at least as many back-doors as it blocks, so the cycle continues.
Doing a "run, forrest: run"? Yes sir http://it.slashdot.org/comment... then downmodding apk's original post you can't validly disprove too? Pitiful of you billy boy.
Just delete Flash.
And YOU KNOW IT since you ran from a challenge -> http://it.slashdot.org/comment... and then got your ASS handed to you when you tried your AC trolling here after that -> http://it.slashdot.org/comment... where all your crap was shot down instantly. Then you used your "sockpuppet" alternate account to downmod apk's original post here -> http://it.slashdot.org/comment... after apk mopped the floor with your b.s. and inferior crippled by default souled out to advertiser 'solutions' too? Please... go away now. You failed.
To hosts: Which YOU were "schooled" on here & you RAN-> http://it.slashdot.org/comment...
Slashdot has taken the obvious next step and adopted Flash as the new interface for beta.slashdot.org! Adobe, the Industry leader of web technologies, hailed Dice Holdings, Inc. on their commitment to innovation and is in works with Dice to create a premium Dice Toolbar [TM] to further enhance the two companies' browsing authority.
Add the botnet's C&C servers to your custom hosts files as block entries like so:
0.0.0.0 sales.eu5.org
0.0.0.0 www.mobilitysvc.com
0.0.0.0 javaupdate.flashserve.net
0.0.0.0 eu5.org
0.0.0.0 mobilitysvc.com
0.0.0.0 flashserve.net
And "voila" - ,b>this particular exploit "in the wild" out there now, can't TOUCH you (or, conversely - you it either (no way to get hurt by it thus)).
Source data = Kaspersky labs -> http://www.securelist.com/en/b...
APK
P.S.=> What you can't TOUCH, can't hurt you - that's what custom hosts files give users vs. threats like this & other botnets online (best of all, vs. the WORST kind, in fastflux or dynamic dns using ones, fast becoming THE prevalent design that recycles host-domain names they own/paid for)...
... apk
plug that same URL into, for example, an iPhone and an iPad and the desired content ALWAYS loads.
Not always. When I navigate to some YouTube videos on my first-generation Nexus 7 tablet, sometimes I get "The content owner has not made this video available on mobile. Add to playlist to watch it later on a PC." This is even more common on Vimeo.
So which is worse, the virus exploiting Flash security hole, or McFee anti-virus which they try to trick you into installing when you update Flash?
The most popular casual games for iOS are not Flash (unless you count AIR). Nor are the most popular casual games for Android.
You got 'shotdown in flames' & RAN, Forrest -> http://it.slashdot.org/comment...
* :)
APK
P.S.=> Clearly, you show how FEEBLE you are in the art & science of computing, & that yes: I handed you YOUR ASS, easily... apk
Man, and about those third-party gate crashers. Mind if I bring a friend? How about a friend of a friend? How about a friend of a friend of a friend of a friend? Don't worry, he won't do drugs [...] Does anyone who ever attended high school think this is a good security model?
PGP fans seem to think so, and they call it the "web of trust".
I've seen 3D engines in Flash running on machines for which get.webgl.org displays only "Hmm. While your browser seems to support WebGL, it is disabled or unavailable. If possible, please ensure that you are running the latest drivers for your video card." The latest versions of Internet Explorer and Safari don't support cameras at all without Flash, and it's prefix hell on every other browser, meaning each web application has to be written once using "-moz" prefix for Firefox and once using "-webkit" prefix for Chrome.
Again, we see Jobs was right in spurning Adobe. If for no other reason than they can't code their way out of a fucking wet paper bag.
Fucking Jobs is dead yet his reality distortion field persists. Most apple software is garbage also, as far as I can tell. Pretty garbage I suppose, with a simplified interface, yet still garbage under the hood. Recently I had a system c runtime dll disappear. Web search led me to believe it was often an iTunes linked problem. All you have to do is uninstall all the garbage apple dumps onto a windows system for iTunes before restoring the dll:
1) iTunes propper.
2) Apple Application Support
3) Apple Mobile Device Support
3) Bonjour (A "zero-config Multicast DNS responder", unnecessary, historically full of security holes and credited with network connectivity interruptions)
4) Apple Software Update
5) browser plugin helpers (Unsure if this garbage is still installed)
All this garbage for an app that purchases files from a website and transfers them across a USB cable to a device. I'm told this install can end up near 300MB. The HP Printer driver division would be proud.
Apple Software Update is another wonder of engineering: Every time it updates iTunes, the fucker downloads about 100MB and then is extraordinarily slow to install. As little as Microsoft impresses me lately at least they can generate an efficient (diff) patch.
Beta Sucks.
When the core platform shifts away from Flash, and programs stop relying on it as well, then people can move away from it. I don't have a choice outside of not using content, which doesn't exactly work since the same content isn't available in another format.
If you're referring to the use of "GNU/Linux" rather than just "Linux", I would guess the use of "GNU/Linux" was intended to contrast desktop Linux, for which this fix was released, with Android, for which support had been terminated even earlier.
However I don't see anyone switching to the Harvard Architecture anytime soon
Modern processors already run a "modified Harvard architecture" with separate instruction and data caches. A purist would not even allow code to be copied from storage into RAM. A strict W^X policy, such as that implemented in iOS, would ban any JIT engine. And besides, executing code from the stack or heap is old and busted; a newer practice is return-oriented programming, which uses the "return from subroutine" instruction as a threaded code interpreter. All code in a return-oriented program runs from executable memory, just in a different order.
There is formal verification, which allows assertions to be proven about a program, but it is generally deemed too expensive to use with commercial off-the-shelf software.
It’s possible that an OS level sandbox beyond the browser (like OS X AppSandbox, Linux AppArmor, SELinux, etc.) might be able to contain an exploit within Flash, limiting it to a user account or a directory; but that would take some careful crafting in terms of OS sandbox configuration.
Then I guess exploits like these are the operating system publisher's fault for not exposing an API that lets a web browser program create and configure a suitable jail for its plug-ins.
2) Start Cookie Clicker, play for a while, hire a couple grandmas, open the menu, and click "Export save". What you see is a JavaScript prompt box, which your web application can create using code like the following. Try it now by copying it into your browser's JavaScript console:
window.prompt("Copy this and paste it somewhere safe","Nobody desires pain for the sake of pain, but people endure it as part of seeking pleasure.");
One limit is that a prompt box does not support newlines; you'll need a custom lightbox for that.
3) Cookie-clicking games have already moved to HTML5.
Other uses of Flash Player include:
4) 3D graphics in web browsers that don't implement WebGL, like Safari and IE pre-11, or on machines whose video card driver is incompatible with the WebGL implementation of the installed browser, like Firefox on Linux on an Atom N450 laptop
5) Camera access in web browsers that don't implement the Stream API, like Safari and IE
Thinking of signing up for the @adobe Creative Cloud? Some of these horror stories might change your mind. http://forums.adobe.com/community/creative_cloud
Remember to change your passwords and check your bank account for the next several month to make sure the hackers that got all that sensitive data from Adobe don’t access your accounts.
Remember back in the day all the "cool" websites were heavily made in flash. Fast forward to 2014 and not much as changed. Kind of depressing.
I can run Flash content on my Android device any time I want. I don't, because the version of Flash Player is ancient and there is nothing I would want to watch or play in Flash... but the option is there if I want.
[Availability of mobile games] doesn't change anything when people are on their PC
The Android SDK includes a device emulator that lets the user use a mouse to generate touch events. But more importantly, any 2D Flash game can be recreated in HTML5 unless a developer expects a lot of players stuck on IE 8 with no privileges to install Chromium or Firefox, and with Windows XP becoming officially insecure in 61 days, that's set to decline rapidly. Cookie Clicker is HTML5, as are most of the incremental games inspired by it.
or don't have a large screen tablet with keyboard and mouse accessories (many games categories are not suitable for mobile screen, or touch).
It doesn't have to be a full alphabetic keyboard accessory; it can also be a clip-on Bluetooth gamepad. Some clip to the bottom, making a phone look like a Game Boy Advance SP or an Xperia Play. Others clip to the sides, making the phone look like an original Game Boy Advance or a PlayStation Vita. The gamepad can substitute for the keyboard in genres other than interactive fiction, and the touch screen can substitute for the mouse much as it does in Metroid Prime Hunters for Nintendo DS.
Flash web games, which importantly also are mostly free while the good iOS/Android ones are mostly paid or free versions that is not the full game.
I imagine that the iOS web games tend to be paid more often because owners of iPhone and iPad devices tend to be more affluent and thus more willing to pay for entertainment. In addition, Apple always launches the iTunes Store in a country before selling iOS devices there, unlike Android which launched in several countries with only free apps available. But anyway, how do Flash and HTML5 game developers feed themselves? If ads, then there are ads in Android games too.
A lot of Youtube content is not available in HTML5 yet.
A lot of it suddenly becomes available if you switch your user agent to
Mozilla/5.0 (iPad; CPU OS7_0_3 like Mac OS X) AppleWebKit/537.5.1 (KHTML, like Gecko) Version/7.0 Mobile/11B508 Safari/9537.53
As you "Run, Forrest: RUN!!!" from a simple challenge -> http://it.slashdot.org/comment... that you can't back up your b.s. against - period.
* :)
(It ASTOUNDS me that you'd *think* that something that does less and worse (adblock) is superior to something that does a LOT more for end users getting added speed, security, reliablity, & even anonymity (hosts))
APK
P.S.=> See subject-line...
... apk