Slashdot Mirror
8 of the 10 Top Security Flaws Used By Cyber-Criminals This Year Were Flash Bugs (recordedfuture.com)
An anonymous reader writes: Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015. Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker. Vulnerabilities in Microsoft's Internet Explorer and Silverlight are also major targets. All of these are the conclusions of a Recorded Future report.
I uninstalled Flash about 4 months ago. Guess what...the web still works. Even the questionable video sites I use work (or at least > 50%, which is enough). Sites that insist on requiring flash in 2015 probably haven't been relevant since 2010. Sites that require wonky plugins had better be for work and get relegated to a Microsoft browser product I don't use for anything else.
Quack, quack.
Also, were/we're. Sue me. It's the vodka.
Quack, quack.
In a world where Flash is not required for any functionality, and where it has been a known security risk for a long while, websites that require it are either painfully incompetent, or malicious - feel free to remind hostmasters of this.
Eating my own dog-chow: https://twitter.com/GNious/sta...
Feel free to retwat it at people who need to stop using Flash :)
Crying shame that you need it for consoles and the like.
Either abstract it, contain it, or visualize it. Using a poorly maintained platform for the games doesn't mean you have to use it for everything.
Quack, quack.
Likely difficult. Windows 10 seems to be written in Flash
Slashdot, fix the reply notifications... You won't get away with it...
There are multiple platforms not using Flash. Look at Apple's Ipad. By default no Flash on this device and still you can visit 99% of the websites (even video content). Its just the developers that need to turn their heads on it, and start using alternatives.
When I last replaced my PC, it was a good while before I felt compelled to install Flash on it again. These days, very few sites require it, even the dodgy Eastern European porn sites and equally dodgy advertising rings seem to have shied away from it. I have Flash installed but the browser is set to block it unless specifically allowed. The last time I activated Flash was to watch a news program on some local TV channel's site.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Likely difficult. Windows 10 seems to be written in Flash
No this is the first good version of windows that was written in flash. Now it only runs on HTML5 and is as good as ever.
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
"8 of the 10 Top Security Flaws Used By Cyber-Criminals This Year Were Flash Bugs"
Bugs in an application can only be exploited by defects in the underlying Operating System
Feel free to retwat it at people who need to stop using Flash :)
I only retweet when someone is saying something clever, and preferably when someone knows who they are. Suggesting that something you said is quotable proves that it isn't, because who would want to quote someone like that?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Flash isn't supported on IOS or Android anymore. It's only supported on Windows & Linux because they are not walled gardens. Can't speak for the Apple Mac but assume it's not supported or at least discouraged.
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Any sites that require [the Flash Player plug-in] tend to be either Eastern European (dodgy porn) or very old.
I'm not sure what you mean by "very old". Do you mean "established long ago" or specifically "not updated in years"? In which sense are Newgrounds, Albino Blacksheep, Dagobah, and Weebl's Stuff "very old"?
In order to spoil such a research project, a site would have to find an exploit that busts out of not only the browser but also the user account and VirtualBox.
Is there a reason you can't play tower defense in Flash Player in Firefox in Xubuntu in VirtualBox?
Have you tried switching from your Flash bank to an HTML5 bank such as Ally or Schwab?
In your theory, once PC desktop is killed off, with what tools will people develop HTML5 apps?
What happens if an application allows for arbitrary code injection and execution due to a buffer overflow bug? Injected code could easily wipe all your user space files by using standard file io operations without ever doing anything that can be construed as exploiting defects in an underlying OS.
Not if the application is running under a separate user account, a jail, or some other containment facility of the operating system. Lack of such a facility is the defect. An application shouldn't be able to access a resource unless both the user has access to it and the user has delegated access to it to the particular application.
Name one OS that can't be "exploited" in this fashion.
Any GNU/Linux distribution with an AppArmor policy in effect. Or iOS on Apple devices. Or IOS on Nintendo Wii for that matter. Or Android, provided the APK doesn't have the SD full access permission. Or OLPC Sugar, which has the Bitfrost capability system. Likewise, both OS X with Mac App Store and Windows 8 and later with Windows Store prohibit store applications from writing outside the application's own data folder and folders chosen by the user or reading outside those folders and the program folder.
And engineering team member, Flash just can't die soon enough.
- Zav - Imagine a Beowulf cluster of insensitive clods...
See if you can set your browser to require click-to-start for Flash. This ought to get you past most of this Flash malware shit, plus all the annoying Flash ads, while still letting you run the rare thing that still needs it. Now that Youtube can be used without Flash, there's no real need to let it run automatically.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Has anyone tried running a PC without Adobe Flash?
Can that PC be used to surf the Net?
Any suggestion would be very much appreciated !
Assuming you have a proper web browser: You can get plugins that stop flash from running automatically. That's almost the same thing as "no flash".
No sig today...
Same here. Using flash these days is gross negligence.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
My former and current employers still use Flash, Java, Silverlight, etc. :/
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
What about those Flash games, interactive http://homestarrunner.com/ etc.? :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
That has to be one of the most absurd assertions I have seen in quite some time.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Seems like a dumb idea to use a bank that isn't physically located near me.
Are you referring to getting money into a bank not physically located near you, to getting money out of a bank not physically located near you, or to some other use case I haven't thought of?
As for getting money into a bank not physically located near you, you can have direct deposit of your paycheck or other ACH transfers sent to any bank. Personal checks can be mailed or in many cases deposited using an iOS or Android device with a rear-facing camera. Cash can be spent locally; I'll often dump cash into the self-checkout lane at a local grocery store. What other money do you regularly receive?
As for getting cash out of a bank not physically located near you, many banks reimburse for ATM fees. Or you can get cash back with a purchase at any retailer that takes EFTPOS cards.