Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites

Posted by samzenpus on from the watch-what-you-watch dept.

MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.

97 of 203 comments (clear)

  1. Adblock, FTW by Kiaser+Zohsay · · Score: 5, Insightful

    Seriously, who even sees ads anymore?

    --
    I am not your blowing wind, I am the lightning.
    1. Re:Adblock, FTW by buchner.johannes · · Score: 2, Interesting

      Youtube just switched to HTML5 video by default, so perhaps we can uninstall Flash for good now!

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    2. Re:Adblock, FTW by Anonymous Coward · · Score: 1

      I do, I could turn on adblock at any time, but I really don't care. Most of the sites I visit I would like to give money to. Webcomics, slashdot, and so on. I have no problems with them having banners. Porn sites are an interesting breed though, maybe people should be firing up a web blocker before hitting up some of those sites, or sites that don't seem to filter their own ads.

    3. Re:Adblock, FTW by Tsolias · · Score: 1

      Most of the videos I am watching are unable to be streamed other than 360p.

    4. Re:Adblock, FTW by FreonTrip · · Score: 2

      As far as I know Hulu and Amazon Prime won't work without it for now. Otherwise it's basically flushable.

    5. Re:Adblock, FTW by Severus+Snape · · Score: 1

      Considering ad revenue is the biggest revenue stream for the internet. I'd say quite a lot of people.

    6. Re:Adblock, FTW by Anonymous Coward · · Score: 3, Interesting

      or sites that don't seem to filter their own ads.

      Oh, you mean like Google Adsense? They've been known to run malicious ads on countless occasions.

    7. Re:Adblock, FTW by NatasRevol · · Score: 2

      Hulu works fine on an Apple TV. No flash available.

      --
      There are two types of people in the world: Those who crave closure
    8. Re:Adblock, FTW by Darinbob · · Score: 2

      BBC still uses them. Probably the most important site left for me that does.

    9. Re:Adblock, FTW by FreonTrip · · Score: 1

      That it does. Ditto Chromecasts and a lot of "smart" Blu-ray players; I just meant for typical PCs.

    10. Re:Adblock, FTW by hcs_$reboot · · Score: 3, Informative

      Seriously, who even sees ads anymore?

      People using iPhones and iPads.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    11. Re:Adblock, FTW by davester666 · · Score: 1

      flash = video drm for PCs now.

      --
      Sleep your way to a whiter smile...date a dentist!
    12. Re:Adblock, FTW by NatasRevol · · Score: 1

      Pretty much.

      --
      There are two types of people in the world: Those who crave closure
    13. Re:Adblock, FTW by antdude · · Score: 1

      Aren't there ad blockers for iOS? I hate it when web sites don't work with ad blockers. :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  2. Maybe if Adobe fixed their broken updater... by GerbilSoft · · Score: 4, Insightful

    Selecting "automatically update" doesn't actually automatically update. It just causes it to complain that an update is available every time you reboot and/or log on.

    Maybe if Adobe fixed this, there wouldn't be so many success Flash-based attacks.

    1. Re:Maybe if Adobe fixed their broken updater... by Anonymous Coward · · Score: 3, Insightful

      I totally agree. I solved this by disabling any Adobe stuff on any browser or platform or device.

      And when you go to Update it. It takes you to a web page. If you're not paying attention, it will try to install other stuff like the useless Mcaffee. The Adobe web page downloads a shim installer - not the real thing. The shim installer downloads the real thing and then installs that...

      Do Adobe programmers smoke crack or something?

    2. Re:Maybe if Adobe fixed their broken updater... by jandrese · · Score: 5, Interesting

      My favorite part is where the updater tells you that a new update is ready, but it won't install it automatically because Adobe needs another ad impression or something and you have to download and install it yourself. This is why I don't have Flash or Java installed anymore. I especially like when they try to sideload some crapware toolbar with their security update too. I can kind of understand this sort of behavior from a sketchy freeware app being hosted by J. Random Guy, but Oracle and Adobe are multimillion dollar corporations. Do they really care so little about their brand?

      --

      I read the internet for the articles.
    3. Re: Maybe if Adobe fixed their broken updater... by Billly+Gates · · Score: 1

      I don't have this problem and yes I use a standard user account. Newer flash in the last few years runs as a service so it can update

      --
      http://saveie6.com/
    4. Re:Maybe if Adobe fixed their broken updater... by s.t.a.l.k.e.r._loner · · Score: 5, Insightful

      Mandatory: http://xkcd.com/1197

    5. Re:Maybe if Adobe fixed their broken updater... by tlhIngan · · Score: 2

      My favorite part is where the updater tells you that a new update is ready, but it won't install it automatically because Adobe needs another ad impression or something and you have to download and install it yourself. This is why I don't have Flash or Java installed anymore. I especially like when they try to sideload some crapware toolbar with their security update too. I can kind of understand this sort of behavior from a sketchy freeware app being hosted by J. Random Guy, but Oracle and Adobe are multimillion dollar corporations. Do they really care so little about their brand?

      Yes, this.

      I don't get it - I mean Flash used to have an auto-updater that popped up when you rebooted and installed the latest version after getting permission. Now they make you visit their damn web page to download the updated installer which you then must run.

      At least Oracle is slightly better in that it downloads and runs the updater automatically. Only slightly because they both want you to install Symantec or McAfee or Chrome or Ask or whatever.

      But Flash updates are useless as they just point you to their website. And it used to work just fine by itself.

    6. Re: Maybe if Adobe fixed their broken updater... by slaker · · Score: 2

      Run this command from the named Administrator account:
      @powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

      Add this to the machine startup script or acceptable alternative of your choosing.
      choco install flashplayeractivex
      choco install flashplayerplugin

      Flash is now less retarded.

      Also, the site for direct download of Flash installers is: http://www.adobe.com/products/...
      And the sad thing is I typed that shit out from memory because it is etched in my brain at this point.

      --
      -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
    7. Re:Maybe if Adobe fixed their broken updater... by radarskiy · · Score: 1

      My favorite part where after every update it re-asks whether you want to auto-update.

    8. Re:Maybe if Adobe fixed their broken updater... by blackomegax · · Score: 1

      Just because the shady back-alley freeware does it, does not in any way make a good excuse for a AAA software vendor to do so. It just bogs them down in the same mindshare as the rest of the scumware vendors, as a scumware vendor. Not that I care about Adobe anymore. Their products have all been supplanted by superior alternatives at this point in time.

    9. Re: Maybe if Adobe fixed their broken updater... by slaker · · Score: 2

      The powershell stuff installs the Chocolatey.org software repository on a client. It's also entirely readable as pseudocode.

      Once it's installed, it's like have ports or apt, but on a Windows machine.

      --
      -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
    10. Re:Maybe if Adobe fixed their broken updater... by lgw · · Score: 1

      Just because the shady back-alley freeware does it, does not in any way make a good excuse for a AAA software vendor to do so

      And AAA vendors don't. Adobe products are simply shady back-alley freeware as proven by their installer. Java too, of course.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    11. Re:Maybe if Adobe fixed their broken updater... by penguinoid · · Score: 1

      Selecting "automatically update" doesn't actually automatically update. It just causes it to complain that an update is available every time you reboot and/or log on.

      It is necessary to do it that way, otherwise they wouldn't get permission to install malware. Without that dialogue box the installed malware wouldn't be legit.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  3. Well I guess it's a good thing... by SeaFox · · Score: 3, Insightful

    I block ads on ALL websites.

    1. Re: Well I guess it's a good thing... by Billly+Gates · · Score: 1

      As soon as sites stop putting in 40 freaking ad networks each page perhaps we will sTop. They are getting worse and worse with MOST SHOCKING

      --
      http://saveie6.com/
    2. Re:Well I guess it's a good thing... by gstoddart · · Score: 5, Insightful

      I'm curious... At this point do we just expect everything to be 100% free? Or do we think money fairies give companies the capital to pay for bandwidth and processing power?

      Hey, there will always be people who don't block ads. Some sites have subscriptions, which people are free to use.

      But the reality is, most sites with ads are infested with literally dozens of third party crapware, places which sideload junk into your system (specifically through crap like Flash), and which want to collect collate and sell your private information.

      I will allow a site which serves its own advertising to show ads as long as they're not overly intrusive. But doubleclick, discus, scrorecard reasearch, quantcast, facebook, twitter -- and literally hundreds of other shit sites I have no interest in, well -- that's not my problem.

      I'm visiting your website. Unless you lock me out via subscription (in which case I'll ignore your site), I do not owe you ad revenue, and I sure as shit don't owe the 20 other sites embedded in your website anything.

      Honestly, if you eventually go out of business ... that is not my problem. Protecting myself from marketers and malware is my problem, and quite frankly, Flash gets reported as loading up malware pretty regularly. I've treated it as malware for over a decade now.

      But let's not act like I owe you something. And let's certainly not act like just because you collect your money from a bunch of shady assholes that I owe them anything.

      --
      Lost at C:>. Found at C.
    3. Re:Well I guess it's a good thing... by SeaFox · · Score: 1

      I'm curious... At this point do we just expect everything to be 100% free?

      The website should be a way for the business to reach new potential customers. Not an ends to producing profit in itself.
      I buy plenty on Amazon despite blocking those affiliate third-party retailer ads at the bottom of the pages.
      There are porn websites that operate on giving away short video samples, and subscribers paying for full videos.

    4. Re:Well I guess it's a good thing... by digitalPhant0m · · Score: 1

      I stand corrected.

    5. Re: Well I guess it's a good thing... by tlhIngan · · Score: 1

      As soon as sites stop putting in 40 freaking ad networks each page perhaps we will sTop. They are getting worse and worse with MOST SHOCKING

      Ironically, they're all owned by Google, those ad networks. Maybe if you went to shadier sites you'll find the 2% (Google has around 98% marketshare in online advertising thanks to ownership of such fine ad networks like DoubleClick and other purveyors of pop ups and pop unders) that Google doesn't have.

    6. Re:Well I guess it's a good thing... by digitalPhant0m · · Score: 1

      I will allow a site which serves its own advertising to show ads as long as they're not overly intrusive. But doubleclick, discus, scrorecard reasearch, quantcast, facebook, twitter -- and literally hundreds of other shit sites I have no interest in, well -- that's not my problem.

      Unfortunately they are the only ones that probably pay well enough to generate profit. I know, profit is evil. But yeah, it will kind of be your problem when the "free" content or service you get used to using is no longer available.
      This is what makes subscription services great (no ads) but then everyone complains about the prices of the subscription, again evil corporate profit.

      But let's not act like I owe you something. And let's certainly not act like just because you collect your money from a bunch of shady assholes that I owe them anything.

      Clearly. The operating entity of the site owes you their content.

      Personally, I'll take the good with the bad as not every situation is so black and white and weigh in the "real" price of said services.

    7. Re:Well I guess it's a good thing... by digitalPhant0m · · Score: 1

      Good luck only buy from companies, or even private parties for that matter, that don't expect to make profit.

    8. Re:Well I guess it's a good thing... by bmo · · Score: 3, Interesting

      But the reality is, most sites with ads are infested with literally dozens of third party crapware, places which sideload junk into your system (specifically through crap like Flash), and which want to collect collate and sell your private information.

      This.

      And you know what I've found out? The "serve ads" and "collate demographics to sell" industries have merged completely. There is probably nobody left that merely serves ads and doesn't track across websites. Go ahead and delete Adblock Plus and run /only/ Ghostery and Privacy Badger. You get nearly the exact same results as if you ran an adblocker that uses a popular list.

      Why Privacy Badger on top of Ghostery? Because it gets the things whitelisted by Ghostery. You didn't think that Ghostery was pure as the driven snow, did you?

      --
      BMO

    9. Re:Well I guess it's a good thing... by phantomfive · · Score: 4, Insightful

      At this point do we just expect everything to be 100% free? Or do we think money fairies give companies the capital to pay for bandwidth and processing power?

      I used to agree with you, but at this point, it's too dangerous to not block ads. You never know when one of them will be malware, and it's not a risk I want to take.

      Last time this conversation came up, someone suggested that the internet was better before advertising. I think there's some truth to that.

      --
      "First they came for the slanderers and i said nothing."
    10. Re:Well I guess it's a good thing... by fightinfilipino · · Score: 5, Insightful

      I'm curious... At this point do we just expect everything to be 100% free? Or do we think money fairies give companies the capital to pay for bandwidth and processing power?

      i'm curious...at this point should we accept malware as just a regular part of going to websites?

      the question's rhetorical of course - until websites prevent malware from being distributed through their ad networks, i will block ALL ads to defend my computer.

    11. Re:Well I guess it's a good thing... by gstoddart · · Score: 3, Insightful

      They don't owe me a damned thing, and I don't owe them anything -- but until they find a technology solution to stop me, too damned bad.

      I'm still going to block as many advertising and analytics companies as I can, using as many plugins as I can find. In every browser I use.

      The sites I read aren't in any danger of going under because I don't give them ad views -- and even if they were, I still don't trust the companies involved.

      But blocking Facebook and Twitter and the big ad/a analytics companies? If you think I give a crap about that, you're sadly mistaken.

      So you go ahead and be a well behaved little consumer, me, I'll continue to not give a crap about the revenue of large corporations.

      --
      Lost at C:>. Found at C.
    12. Re:Well I guess it's a good thing... by gstoddart · · Score: 1

      Leech.

      Let's be clear here ... fuck yeah.

      I don't surf little private vanity sites, I hit major news agencies, and sites owned by large corporations.

      Let me be perfectly clear: I don't give a crap about the revenue of large corporations. Not now, not ever.

      You think I should give a shit if Dice gets ad revenue? Or cnn? or google? Or Microsoft? Of Ziff Davis? Or Facebook? Or Twitter?

      Fuck that.

      --
      Lost at C:>. Found at C.
    13. Re:Well I guess it's a good thing... by digitalPhant0m · · Score: 1

      They don't owe me a damned thing, and I don't owe them anything -- but until they find a technology solution to stop me, too damned bad.

      This is exactly the entitlement mentality that puts said evil corporation in an arm's race to beat your technology and become more intrusive in the first place.

      They feel entitled to make a profit by any means necessary, while you feel entitled to their content or service by any means necessary.

      So you go ahead and be a well behaved little consumer, me, I'll continue to not give a crap about the revenue of large corporations.

      The point is obviously lost on you. No one is advocating that; I was, and still am pointing out that everything comes at a cost. You can't have it both ways.

    14. Re:Well I guess it's a good thing... by slaker · · Score: 1

      I can and have donated directly to web sites or content publishers whom I choose to support. I don't owe anyone else anything, least of all the opportunity to partake of their malware vectors.

      --
      -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
    15. Re:Well I guess it's a good thing... by digitalPhant0m · · Score: 1

      I merely asked a question. I wasn't advocating for the behaviour of the adware companies, blocking or not blocking.

      I was simply trying to point out the sense of entitlement that seems to be pervasive.

      Everyone seems to jump on the "f*ck the evil corporate profit monger" bandwagon, but no one ever seems to think about who's going to keep the lights on.

      Like that blog site? Guess what?
      That guy blogging needs to eat, pay his rent and provide for his family. How is he going to pay for that: with high ideals? I think not.

      Ok, too small.
      Fox News, CNN, take your pick. Some big news site.
      Those evil f*ckers are spamming you with ads and malware.
      Guess what? There's some guy working as a blogger/sysadmin/toilet cleaner/take your pick that needs to provide for his family.

      See where this is going?

      Again, I'm not advocating for, or against. Just pointing out that we need to put things in perspective.

    16. Re:Well I guess it's a good thing... by fightinfilipino · · Score: 2

      It's an arm's race.

      FYI, a great way to "defend" your computer is to not intentionally put it on the front-line.

      by "not putting it on the front line", do you mean not going to websites? like, at all?

      i mean, the article specifically notes adult websites here, but these sorts of drive-by installs and sideloading exploits occur on more mainstream sites, too. are you saying to simply not use the web?

    17. Re:Well I guess it's a good thing... by Anonymous Coward · · Score: 2, Insightful

      We don't feel entitled to their content.

      They are free to remove their content from the internet, or put it behind a paywall. But we ask them for a page, they give us a page. What we do with the page after we get it is up to us.

    18. Re:Well I guess it's a good thing... by ah.clem · · Score: 2

      I'm curious... At this point do we just expect everything to be 100% free? Or do we think money fairies give companies the capital to pay for bandwidth and processing power?

      Umm... if the advert sites go away for want of revenue, so what? I am currently involved in development work on a site in which we expect a lot of traffic, fill a niche not addressed in the chosen field, and we have no plans to run ads or charge for the service; that goes against all of our principals. And we will pony up the dough to run it ourselves, no contributions asked, expected or accepted. I also belong to a couple of private sites that are of interest to me and I contribute cash a few times a year to defray the operating costs. I also kick some cash to Wikipedia a few times a year just to help keep it ad-free. Provide it or not. Perhaps it will all come back around to Usenet and Fidonet connecting text-based RBBS. In any case, the profiteers will go away, but the information will still flow. Obviously, just my opinion.

      --
      "Life is not magic." Dr. Ron Weiss - "If we don't play God, who will?" Dr. James Watson
    19. Re:Well I guess it's a good thing... by phantomfive · · Score: 4, Interesting

      Yeah, once again, compare the dross on the internet to the good things. Slashdot, Wikipedia, a bunch of corporate websites you can visit to learn about their company, restaurant websites, Linkedin seems to be a decent place to look for a job, ebay, amazon, some news websites. Slashdot and some news websites would die without advertising, but I would be willing to subscribe to those.

      Now look at all the negative stuff. Buzzfeed, wired.com, all those websites that spew crap in order to attract your eyeballs. Out of all of that, are there any websites that would die without advertising, which you would also not be willing to subscribe to?

      The only one I can think of is Facebook, and if that one died, it would only encourage a distributed model, where everyone essentially ran their own RSS feed for their friends to look at (or something similar).

      So let the advertising die, I say, the internet will be a better place for it.

      --
      "First they came for the slanderers and i said nothing."
    20. Re:Well I guess it's a good thing... by digitalPhant0m · · Score: 1

      if the advert sites go away for want of revenue, so what?

      I think a lot of people that use stuff like Facebook etc will be bummed, but will move onto a pay-to-play service.

      that goes against all of our principals. And we will pony up the dough to run it ourselves, no contributions asked, expected or accepted.

      Sounds very altruistic, great. So where did the dough to run it come from? Evil corporation or magical fairies?

      I run completely free services like this too, right out of my pocket, with zero profit; the money to pay for bandwidth and hosting comes from my day job: a corporation.

    21. Re:Well I guess it's a good thing... by SeaFox · · Score: 1

      If they can't make a profit without bombarding people with ads, maybe they fail at being entrepreneurs. It's not my job as a consumer to prop up bad business plans.

    22. Re:Well I guess it's a good thing... by bigfinger76 · · Score: 2, Insightful

      They don't "owe" us anything.
      They choose to put info up at a public website. What internet users do with their respective browsers is irrelevant.

    23. Re:Well I guess it's a good thing... by TranquilVoid · · Score: 2

      This entire discussion is a great example of the tragedy of the commons. Consider why you only view the large corporation sites - they offer something superior (for you, and many people), which is why they are larger, but also their revenue size is required to provide that superior service (professional journalists, double-checking by editors etc.).

      So your own browsing habits reveal that you actually do care about their revenue, indirectly. The world wouldn't end if we were all forced to get our news from random blog sites or state media, but the question is, how can larger organisations maintain a sufficient revenue stream given the inherent selfishness of the individual consumer? Subscription doesn't seem to work (and frankly I am surprised that advertising does).

    24. Re:Well I guess it's a good thing... by ah.clem · · Score: 1

      So where did the dough to run it come from? Evil corporation or magical fairies?

      My savings. I worked in education, so I guess magical fairies?

      --
      "Life is not magic." Dr. Ron Weiss - "If we don't play God, who will?" Dr. James Watson
    25. Re: Well I guess it's a good thing... by nehumanuscrede · · Score: 1

      From my experience, subscription services are merely the carrot they try to entice you with to get out from under the deluge of ads you would otherwise see.

      Yes, the typical /.er will kill ads using a variety of methods ( hosts file, any number of addons or dropping them at the firewall / proxy ), the majority of those on the net will not.

      Besides, it's only a matter of time before the subscription users start seeing ads again. They'll start off small but will be right back to full on annoying soon enough. Too much money left on the table otherwise. Cable TV comes to mind here. Sometimes I think there are more commercials than actual content depending on the channel.

    26. Re:Well I guess it's a good thing... by bmo · · Score: 1

      They feel entitled to make a profit by any means necessary, while you feel entitled to their content or service by any means necessary.

      The former is true

      The latter isn't. If the "content providers" suddenly put all their stuff behind paywalls, I'd ignore them. I wouldn't even bother trying to "subvert" such paywalls. You know that "you've used up your free views for this month" BS that you run into with the NYT and such? My panties don't get in a twist, I just close the window and go elsewhere. I don't use bugmenot even today. I'm one of very many people who feel this way.

      Let me reiterate: I block ads. They post their content and they take their chances. If they put up the paywalls, they "disappear" for me and I'm fine with it.

      So let's ask the "what if everyone did that" evaluation of human behavior to examine what damage might be done if all that revenue disappeared from the Internet: Many "content providers" that depend purely on ad revenue would close (like Gawker Media, Dice, etc.,) and it would wind up like it was back in the mid 1990s shortly before the explosion of commercial "content."

      Please, please let this happen.

      --
      BMO

    27. Re:Well I guess it's a good thing... by dave420 · · Score: 1

      Don't try bringing logic to this party. He wants the content he values for free, and doesn't care that his attitude (if extended to everyone else) will cause that content to simply disappear, or become so diluted it won't be worth reading. He simply doesn't get that. No amount of eloquence can convince him of his rampant, selfish asshattery.

    28. Re:Well I guess it's a good thing... by dave420 · · Score: 1

      It is costing them resources to serve up content you obviously want to see (hence you being there in the first place), yet you can't see that? I think the problem here lies more in your brain than in the advertising of the sites you visit. If the advertising offends you so much, don't visit their site. That simple.

    29. Re:Well I guess it's a good thing... by houghi · · Score: 1

      "People are taking the piss out of you everyday. They butt into your life, take a cheap shot at you and then disappear. They leer at you from tall buildings and make you feel small. They make flippant comments from buses that imply you're not sexy enough and that all the fun is happening somewhere else. They are on TV making your girlfriend feel inadequate. They have access to the most sophisticated technology the world has ever seen and they bully you with it. They are The Advertisers and they are laughing at you."

      "You, however, are forbidden to touch them. Trademarks, intellectual property rights and copyright law mean advertisers can say what they like wherever they like with total impunity."

      "Fuck that. Any advert in a public space that gives you no choice whether you see it or not is yours. It's yours to take, re-arrange and re-use. You can do whatever you like with it. Asking for permission is like asking to keep a rock someone just threw at your head."

      "You owe the companies nothing. Less than nothing, you especially don't owe them any courtesy. They owe you. They have re-arranged the world to put themselves in front of you. They never asked for your permission, don't even start asking for theirs."

      --- banksy

      --
      Don't fight for your country, if your country does not fight for you.
    30. Re:Well I guess it's a good thing... by surd1618 · · Score: 1

      But the market has a solution! It's not as though this is a perfect example of the furtherance of our individual isolation dilemna, or that this is contributing to the consolidation of power at the very highest echelons of society.

    31. Re:Well I guess it's a good thing... by SeaFox · · Score: 1

      Yeah, because there's never been a security or privacy exploit on a Linux-based OS made by Google.

    32. Re:Well I guess it's a good thing... by RyoShin · · Score: 1

      I'm hoping that advertising dies as a primary revenue stream purely so that sites like Buzzfeed can die. Not just Buzzfeed, but there are entire networks of websites that do two things:
      1) Repost someone else's original content
      2) Display one at a time along with three ads
      Sets of these kinds of sites use the same network and just have different domain names in order to get around any blocking. They seem to target StumbleUpon, which is where I primarily run into them, hence the need for different domains since StumbleUpon lets you block results from an entire domain.

      Stuff like Patreon and Kickstarter are showing alternatives to advertising, standard subscription models, and random donations, and this will only pick up as the fight against ads increases.

      Hell, I've noticed less ads on Hulu (free version); previously I could expect two+ minutes of ads per break, but recently there have been 2, 1, and in rare cases no ad break at the marked spot even on videos I would expect to be popular. This is without running any kind of ad blocking (the computer I watch it on is a dumb media player), so something has changed in that regard.

    33. Re:Well I guess it's a good thing... by phantomfive · · Score: 1

      I'm hoping that advertising dies as a primary revenue stream purely so that sites like Buzzfeed can die.

      The world would be a better place.

      --
      "First they came for the slanderers and i said nothing."
  4. Adblock by Anonymous Coward · · Score: 1

    And Pornhub displays a message saying:

    You have AdBlock enabled. Adblock is known to cause issues with site functionality. If you are experiencing any issues, please try disabling the extension.

    HAH!

  5. OUTRAGE! by Anonymous Coward · · Score: 1

    They're infecting our porn now? The bastards!

  6. Something Suspicious by Anonymous Coward · · Score: 5, Interesting

    ... About Adobe's plug-in.

    How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too. Do I need a tinfoil hat? Or is it just a tad suspicious that this one product continues to have so many vulnerabilities found in it. After all this time. After all these previous bugs.

    Or is it the case that this is just yet another vector sponsored by the likes of the NSA or others, to infect machines of potential targets?

    This isn't an attempt to be flippant or to trash-talk Adobe. This is a serious question asked of a well-established software house and what must by now be one of the most heavily-scrutinised software packages in widespread use. Can anyone out these with specific knowledge of this product give us any insight as to why it is so regularly found to contain exploits? If we could look at the defect-per-thousand-lines-of-code, I am guessing that Adobe's products must be the worst in the industry... Can that really be the case?

    1. Re:Something Suspicious by FreonTrip · · Score: 5, Insightful

      It's a problem born from software bloat. It was originally intended to be a means of drawing vector graphics and simple animations, but there was a void in functionality in the days before PCs were fast enough to handle Javascript (or even had browsers that could cope with the highly abstracted pages written now). So more functionality was added, and with that came layer after layer of gooey, exploitable cruft. Now Flash doesn't just offer vector graphics. It's a multimedia environment with DRM, a method of offering rich internet applications, a video player, and a buttload more besides. All that bloat's been encouraged because Adobe wants Flash to be used by as many people as possible - it's publicly traded, you've got to show investors and stockholders where all that money's going - and we've now arrived at the point where it's a suppurating pile of vulnerabilities and patched-together functionality with legacy support, far more trouble than it's worth for most users.

    2. Re:Something Suspicious by phantomfive · · Score: 1

      How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too. Do I need a tinfoil hat? Or is it just a tad suspicious that this one product continues to have so many vulnerabilities found in it. After all this time. After all these previous bugs.

      No, it's not suspicious, it's exactly what you would expect from corporate programmers in a system that wasn't designed with security in mind.

      When people try to make code secure, it's difficult. When people don't even try, it's impossible.

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Something Suspicious by BarbaraHudson · · Score: 2

      So why don't they skip the middleman and write their own browser in Flash? See how well it worked for Java? :-)

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    4. Re:Something Suspicious by Em+Adespoton · · Score: 1

      Actually, there ARE browsers built on Flash. They've got an entire platform people can use should they care to. However, Adobe's revenue stream comes in mostly via the reseller market -- so they make more money off of things like ADS and being an ePub certificate authority -- hence, no reason for them to focus too much time/money on their actual products.

      I guess that's what you get for building with mud.

    5. Re:Something Suspicious by Dogtanian · · Score: 2

      It's a problem born from software bloat. It was originally intended to be a means of drawing vector graphics and simple animations, but there was a void in functionality in the days before PCs were fast enough to handle Javascript (or even had browsers that could cope with the highly abstracted pages written now).

      Did you mean Java or JavaScript (*)? JavaScript of the time (late 90s) was too simplistic to be usable for serious client-side apps on its own, but I don't think it was especially slow. It was Java that was just too heavyweight for PCs of the time to handle; (**) and I think that explains *why* Flash succeeded.

      I've said it before, and I'll say it again- Flash basically snuck in via the back door to (eventually) end up filling almost the exact same role that Java Applets were supposed to meet (i.e. embedded rich software content running on the client PC via a web page) but never did.

      Since- as you say- it started out as little more than a lightweight animation tool, it was probably closer to what PCs at the time could handle, and added capabilities (and "bloat") more closely aligned with PCs' increasing power. I don't believe it was ever originally intended to take on Java Applets, but inevitably moved into that role because of a void left by Java's failure to meet the hype.

      (*) Two totally different languages and technologies intentionally confused by use of similar names
      (**) A reply to my original comment also pointed out that MS tried- and possibly did- kill off client-side Java through intentional cultivation of incompatibility in their own version. In case we'd forgotten how evil they were, given the opportunity.

      --
      "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
    6. Re:Something Suspicious by complete+loony · · Score: 2

      Google ran a massive fuzz testing effort against the plugin and found 400 unique looking crashes that were resolved by about 80 patches. Yeah, the quality isn't looking that great...

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  7. Adobe Flash Installer Download Knows About These by TrollstonButterbeans · · Score: 1

    Which is why the Adobe Flash installer also include McAfee anti-virus as a courtesy.

    --
    Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
  8. Re:Adobe Flash Installer Download Knows About Thes by FreonTrip · · Score: 5, Insightful

    It's galling, isn't it? "We know our software's as safe on the unprotected web as a Craigslist hookup, so be sure to keep this software rubber handy." And it might not be so insulting if McAfee was good at anything besides eating hardware resources...

  9. Security Issues by TrollstonButterbeans · · Score: 5, Insightful

    "How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities".

    Flash didn't start out as a media player, per se, but an interactive presentation layer for animations and for a while imagined itself as browser-independent web based user interface programming language.

    So it is a complex unwieldy beast.

    --
    Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
  10. "Specific" Audience? by Burke311 · · Score: 1

    Its target audience is all-encompassing: porn watchers. FTFY.

  11. This sounds serious! by hyades1 · · Score: 2

    So do action shots of me in my Captain Cocktastic costume (girlfriend's crotchless panties, Captain America helmet, red cape, and big, hairy winter boots), leaping to the attack over a suspiciously-shaped beanbag chair, constitute pornography, comedy or educational material?

    If the first is true, should I worry that I may fall victim to this security threat should the pictures accidentally become public?

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  12. Re:Adobe Flash Installer Download Knows About Thes by Rich0 · · Score: 2

    And it might not be so insulting if McAfee was good at anything besides eating hardware resources...

    Oh, they're rather good at marketing and processing credit card payments too.

  13. Re: again for the naysayers by Rockoon · · Score: 2

    ...all I see is blond, brunette, redhead....

    --
    "His name was James Damore."
  14. Re: again for the naysayers by rubycodez · · Score: 1

    and to all you all that scoffed as I wait minutes for each GIF pr0n via compuserve dial-up, well WHO'S LAUGHING NOW??

  15. Re:Tin foil hattery by dfsmith · · Score: 1

    Well, the company in question did implement their graphics rendering engine (PostScript) as an interpreted language.

  16. Re:Adobe Flash Installer Download Knows About Thes by ShaunC · · Score: 1

    Is there a preference or a killbit to block McAfee from hitching a ride? Java's installer lets you set a registry key to suppress the Ask.com toolbar offer from appearing, would be nice to see something similar for Flash.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  17. porn watchers? by aquabat · · Score: 1

    So the summary says that this thing targets porn watchers specifically, but I couldn't find any stats on what percentage of the total net population that is. Does anyone have any data?

    --
    A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
    1. Re:porn watchers? by The+Wild+Norseman · · Score: 1

      So the summary says that this thing targets porn watchers specifically, but I couldn't find any stats on what percentage of the total net population that is.

      It's 118%.

      --
      "A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
    2. Re:porn watchers? by aquabat · · Score: 1

      Ya. That sounds like the right ballpark. BTW, your sig and mine are like two sides of the same coin.

      --
      A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
  18. Detects virtual machines by Rangataua · · Score: 1

    [...] attempts to detect virtual machines and anti-virus products.

    So if I make all my computers look like they are running as a virtual machine, I'm safe from this exploit?

  19. Re:Maybe... by Em+Adespoton · · Score: 1

    Maybe Mozilla will create a better version of Flash to replace this shitty one Adobe plagues us with, and it will actually be cross-browser in the process. I'm sick of Adobe hugging Google with both arms, and leaving NPAPI and Linux support in the lurch.

    HTML5 much?

  20. But can it play ... by Ungrounded+Lightning · · Score: 1

    Youtube just switched to HTML5 video by default, so perhaps we can uninstall Flash for good now!

    But can it play "Badger Badger Badger"?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  21. Re: again for the naysayers by ChunderDownunder · · Score: 1

    Wow you have ANSI color on your terminal?

    luxury.

  22. Internet ads are self-defeating by Anonymous Coward · · Score: 1

    The advertisers don't seem to realize that the harder that they try to get our attention via more and more garish, disgusting, crap that they try to shove in our faces on web pages, the more people will decide to block ads and scripts etc... on web pages. People go to web sites to see content, not to be distracted by ads. People do not go to web sites to have malware, spyware, or crapware installed on their computers. I bought my computer. It mine. I and I ALONEwill control what is installed on it, what it displays, and I WILL NOT let it be used to spy on me for the profit of others! The same applied to anything else that I buy. While some corporations and government agencies want to make it so that THEY own what I buy, that will NEVER happen as far as I am concerned.

  23. Re:Maybe... by ChunderDownunder · · Score: 1

    NPAPI is on life support, with Mozilla whitelisting some plugins temporarily

    https://wiki.mozilla.org/Plugi...

    B2G doesn't support NPAPI and I doubt servo will either.

  24. Re:Best way to block ads by bmo · · Score: 1

    >clarityray

    Is dead.

    Acquired by Yahoo.

    Just so you can update your spam. HTH.

    --
    BMO

  25. Re: again for the naysayers by Billly+Gates · · Score: 1

    Matrix 1 quote dude

    --
    http://saveie6.com/
  26. The elephant in the room .. by lippydude · · Score: 1

    @Anonymous: "How come such a relatively simple files - something that essentially plays media content - continues to be such a hot-bed of vulnerabilities. And not just bugs, but zero-day exploits too."

    These are not vulnerabilities in Adobe's plug-in, these are defects in the underlying platform, the name of which must never be mentioned on slashdot.

  27. Re:Best way to block ads by bmo · · Score: 1

    Alex, your multiple repostings of identical content is spam.

    I have used your software. It works as advertised. However, it doesn't justify multiple copies of the same message in the same thread. That doesn't do anything except make people tune you out as "mere noise" even if what you have to contribute might not be.

    Honestly.

    And you don't have to talk about yourself in the third person. OK?

    Peace.

    --
    BMO/Dan

  28. Re:Ask yourselves these questions... apk by dave420 · · Score: 1

    And HOSTS files can't block inlined advertising (of which your spamvertising posts are a great example), whereas adblockers can do that effortlessly.

    Go get some help. You need it. I await your replies where you pretend to be a whole different bunch of people all agreeing that I'm some sort of messed up lunatic. Maybe you'll link to some of my comments and you and your made-up friends will judge me on them? I can't wait!

  29. All hail anonymous sites and advertisers by kurkosdr · · Score: 1

    Microsoft tried to implement a system where sites and advertisers are NOT anonymous and hence responsible for their content, as a subset of the web, the world went crazy and MS abandoned the idea. IMO users should be anonymous, but sites and advertisers should not be. Also, the site doesn't mention you should have 16.0.0.296 to be safe, the linked article does.

  30. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  31. Re: again for the naysayers by rubycodez · · Score: 1

    Actually, a text fetch of this comment thread is about 250KB, 59 seconds at 33.6kbs

    maybe I should splurge for the 128kbs ISDN line, could get that load time under 20 seconds, w0h00

  32. Re:"Do nothing/dope smoking" Dave420! by OutOnARock · · Score: 1

    No no....I'm Dave.....let me in...