Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delete Or Update All Adobe Flash Player Instances, Experts Warn (threatpost.com)

Posted by EditorDavid on from the Flash-in-the-pan dept.

An anonymous reader quotes an article from BankInfoSecurity: Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 21.0.0.242 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system." Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."

96 of 172 comments (clear)

  1. Well by johnsmithperson123 · · Score: 5, Informative

    Flash is literally a zombie at this point.

    1. Re:Well by 93+Escort+Wagon · · Score: 5, Informative

      Flash is literally a zombie at this point.

      Yeah, I removed the Flash plugin from my computer maybe a year ago. Prior to that, I'd been running ClickToFlash for several years... but then I realized just how infrequently I actually "clicked" to enable anything. Plus Adobe's insistence on installing it for all users, and with admin privileges to boot - really ridiculous, especially given Flash's horrible track record.

      Since Chrome has Flash built in, and since I don't use Chrome as my main browser - if there's ever something Flash-based I actually want to access, I just launch that browser. But I can't remember the last time I actually did that...

      --
      #DeleteChrome
    2. Re:Well by macs4all · · Score: 2

      Flash is literally a zombie at this point.

      Yeah, I removed the Flash plugin from my computer maybe a year ago. Prior to that, I'd been running ClickToFlash for several years... but then I realized just how infrequently I actually "clicked" to enable anything. Plus Adobe's insistence on installing it for all users, and with admin privileges to boot - really ridiculous, especially given Flash's horrible track record.

      Since Chrome has Flash built in, and since I don't use Chrome as my main browser - if there's ever something Flash-based I actually want to access, I just launch that browser. But I can't remember the last time I actually did that...

      My 2013 MacBook Pro didn't come with Flash installed. I counted that as a Feature.

      2016, and that MBP is still blissfully Flash-Free...

      Don't miss it at all.

    3. Re:Well by Snotnose · · Score: 1

      Yeah, I removed the Flash plugin from my computer maybe a year ago. Prior to that, I'd been running ClickToFlash for several years... but then I realized just how infrequently I actually "clicked" to enable anything

      I get ClickToFlash daily, but actually click maybe twice a week.

      I'm not a www engineer, but what's pissing me off is the sudden multitude of autoplay videos I'm getting. I assume that's because of HTML5, but that's a WAG. What I do know is if someone came out with a ClickToHTML5 I'd prolly install it, fark autoplay anything.

    4. Re:Well by ChunderDownunder · · Score: 2

      At least once a week I encounter a news website where HTML5 won't play a video either through buffering or failing to start.Flash STILL seems to handle those cases better.

      main browser: Firefox (no flash), flash browser (Chrome)

    5. Re:Well by Anonymous Coward · · Score: 1

      You can do it in Firefox and Chrome.

    6. Re:Well by Intron · · Score: 1

      I've never had any viruses or trojans on my machine. .

      How do you know?

      --
      Intron: the portion of DNA which expresses nothing useful.
    7. Re:Well by K10W · · Score: 1

      I use it daily to watch video streams. It works fine and I've never had any viruses or trojans on my machine. Frequent updates and good anti-virus is key.

      this thinking is part the problem, it isn't the 90's now and the game has changed in the past 20 years so an AV and frequent updates do NOT protect you completely now. Sure it stops a few bottom feeders but certainly not deliberate targetted attacks. Don't know how many times this has been debunked and yet people on sites liek this should know better but keep repeating that myth.

    8. Re:Well by RockDoctor · · Score: 1

      eah, I removed the Flash plugin from my computer maybe a year ago.

      As late as that? I think I'd already shit-canned Flash when I was first given a machine with Vista on it. 2010? Something like that?

      Never missed it. Video doesn't play? So fucking what? Page doesn't have sound track? So fucking what? Advert doesn't display dancing penguins? So fucking what?

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  2. So we're fucked either way? by Anonymous Coward · · Score: 5, Insightful

    Ok, so if we stick with Flash we might be subjected to security problems.

    But if we stick with HTML5-based technologies, then we'll just be more easily tracked by advertisers.

    Sounds like we are fucked in both cases!

    1. Re:So we're fucked either way? by 93+Escort+Wagon · · Score: 5, Informative

      But if we stick with HTML5-based technologies, then we'll just be more easily tracked by advertisers.

      I am not sure what you based this on - one of Flash's big selling points to advertisers has been just how much info it can provide to them about your browsing habits.

      --
      #DeleteChrome
    2. Re:So we're fucked either way? by NotInHere · · Score: 2

      Flash isn't much better in the regards of tracking than the html5 based technologies. Maybe flash ships with its own fonts, not relying on the OS fonts so you cant fingerprint basing on the fonts. But otherwise flash is in fact better for ad based tracking because you can't disable parts of it, you either take it all, or nothing of it.

      Whoever told you that HTML5 allows better tracking than flash, is just outright wrong.

      In fact, in the past flash has allowed so-called "supercookies", dunno if they are still enabled.

      If you wanted to disable them, you had to visit the adobe website. How comforting to know that adobe can change whether I enable supercookies or not.

    3. Re:So we're fucked either way? by bloodhawk · · Score: 5, Insightful

      With flash you get the WORST of both. you get the tracking AND the security problems.

  3. Re: Why was my reply deleted? by Anonymous Coward · · Score: 1

    If you disagree with the moderators here, your reply gets deleted. My roommate is a corporate officer of Adobe, and I've posted quotes from him several times. They've all been deleted.

  4. Porn by Anonymous Coward · · Score: 3, Insightful

    There's a reason all the adult sites are going to HTML5 over Flash for video. You know your platform is outdated and totally not worthwhile when the porn industry abandons you.

  5. The problem isn't flash by BarbaraHudson · · Score: 2

    Ban indiscriminate access to the internet and watch how the problems fade away.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    1. Re:The problem isn't flash by fustakrakich · · Score: 1

      :-) Whose router?

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:The problem isn't flash by Anonymous Coward · · Score: 2, Insightful

      APK's internet access should be banned.

  6. let this be a lesson by RichMan · · Score: 4, Insightful

    The once dominant interactive web "standard" is dead.
    What killed it? Security problems.

    For the web, security needs to the number one priority considered from day one when the architecture, specifications and scope of the project are first looked at.

    1. Re:let this be a lesson by guruevi · · Score: 5, Insightful

      Flash was never a "standard". I've always recommended clients to get rid of Flash sites because it wasn't a standard and not everyone could use it. When Flash was first introduced, a large number of people were still on dial-up and Flash sites were a big no-no because by then we already knew that people would click away if their site didn't load in 5s or less. Flash was then marketed towards people marketing towards broadband (video and interactive sites and DHTML were going to be all the rage once everyone got broadband).

      When everyone started getting broadband, companies like Google sprang up (or rather, became embedded in the culture) and "SEO" became the buzzword, Google wasn't Flash-aware or compatible, Flash was dead as a 'standard' platform for 'broadband' because no 3rd party company (outside Macromedia and later Adobe) wanted to support it.

      It eventually got taken over by Adobe and it was dead then because nobody trusted Adobe to fix it. It had many security issues already and many compatibility issues even within it's own tools. Adobe never fixed it, they just kind of half-integrated it with the rest of their suite but they effectively put it on life support. When Apple released the iPhone, Flash was dead and now it's just being this zombie process you know you have to get rid of at some point, but you don't really want to because maybe you may need it in some obscure corner of the web.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:let this be a lesson by knorthern+knight · · Score: 1

      > The once dominant interactive web "standard" is
      > dead. What killed it? Security problems.

      The security problems were caused by mission creep, e.g. stuff like "Actionscript" https://en.wikipedia.org/wiki/... If they had stuck to being a media player, instead of inserting an "object-oriented programming language", they'd be OK. And it wouldn't be so effing bloated. I just removed removed Flash from my machine (Gentoo linux). To re-install would require 7 megabytes just for the Flashplayer. This does not count fonts, and nss, and nspr.

      Similarly, I gave up on Adobe Acrobat a long time ago, and switched to mupdf. If they had stuck to simply redering PDF documents, rather than some singing-dancing monstrosity, that would not have been necessary.

      --

      I'm not repeating myself
      I'm an X window user; I'm an ex-Windows user
    3. Re:let this be a lesson by Billly+Gates · · Score: 2

      Did you read the part about work??

      Shit enterprise IT is always way behind since the turn of the century and hasn't been an innovator of newer stuff since the .com crash which now views IT as a cost and not an asset.

      We can't update at work. This would require software to be updated that requires a monthly subscription of over $1000 a month! Why? So audio will work now in which flash version 16 works just fine?! Oh you say record in HTML 5?

      OOps. Not happening as our clients still use IE 6 and they pay our bills. We use a website through server 2003 for all critical data which is HIPPA (facepalm) and the site will work up to IE 8 through quirks mode in 1999 IE 5.5 mode to display the flash training material which won't work with audio in any version above flash 16.

      If you say something to the customer you will be fired at work. You are not authorized as IT and your boss and his boss is not authorized either and needs VP approval for a request like that to update. Also they can go to a competitor if we do not comply and we can't ahve that happening.

      So yes your own pc is one thing but at work we have lots and lots of things that will never be ported thanks to Adobe greed with renting software and lots of things that need to be re-encoded or can't ever be re-encoded for compatibility.

      --
      http://saveie6.com/
    4. Re:let this be a lesson by GuB-42 · · Score: 1

      Not really, consumers rarely care that much about security.
      Poor integration with the browser, lack of accessibility features, poor mobile support, poor support by Adobe (not only about security) all contributed.
      Then Apple stopped supporting its and others followed as HTML5 caught up. Even Adobe stopped believing in it years ago.

    5. Re:let this be a lesson by thegarbz · · Score: 1

      What killed it? Security problems.

      Not even remotely.

      What killed it was an open alternative to a proprietary technology i.e. HTML5. Flash could be perfectly secure and people would still be slowly migrating away from it many thanks to platform incompatibilities (iPhone, and any other touch input device for that matter).

    6. Re:let this be a lesson by Solandri · · Score: 3, Interesting

      When Flash was first introduced, a large number of people were still on dial-up and Flash sites were a big no-no because by then we already knew that people would click away if their site didn't load in 5s or less. Flash was then marketed towards people marketing towards broadband (video and interactive sites and DHTML were going to be all the rage once everyone got broadband).

      You've got that backwards. The very reason Flash exists was to reach people trying to access the Internet on dialup. Dialup wasn't fast enough to stream video, but real-life video is different from animation. Flash was originally an artist's tool to allow animation over dialup. Instead of having to send a constant video stream, you could send a few sprites and images of backgrounds, then animate those on the user's local computer.

      It was only later when web developers realized that Flash was flexible enough to essentially run universal interpreted code (same code would work on PC, Mac, and Linux) that they went nuts. Entire websites in flash, thus defeating the whole purpose of HTML (displaying info in the format the end-user decided was best). Flash ads bypassing the user blocking animated GIF ads. And flash streaming video became ubiquitous (which wouldn't have happened if the folks at W3C had actually added the features web developers were asking for like embedded streaming video, instead of waiting 10 years like they did with HTML 5).

      That's why Flash is so full of security holes. Because when Macromedia invented it, they were just thinking of a a good way to animate stuff on the end user's PC. They had no idea it was going to become The way for web developers to do everything they wanted but couldn't because "HTML didn't support it." It's still an excellent animation tool. A large number of animated TV shows and animated movies are partly or completely made with Flash.

    7. Re:let this be a lesson by guruevi · · Score: 1

      Yes, that was what Flash was intended for. But many sites sprung up that were pure flash. They were 50-500kb monstrosities that took forever to load. There were a few animated sites that took advantage but the promises of Flash were not just animations but also video and hell, video conferencing. None of that ever took place.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  7. HTML5 promo ? by redelm · · Score: 1

    Please tell me how to distinguish this "bad Flash" info from Fear, Uncertainty and Doubt (FUD) disinformation from HTML5 advocates? Patching will inevitably be, well, patchy. So the only safe course seems to be elimination.

    Have there really been statistically significant exploitation measured? If so, why haven't websites banned it themselves?

    1. Re:HTML5 promo ? by Fragnet · · Score: 1

      Might as well remove it. Why would you want to keep it anyway? Some pressing use case?

    2. Re:HTML5 promo ? by NatasRevol · · Score: 1

      Is it *really* that hard to google 'adobe flash hack' & go to the first page?

      http://krebsonsecurity.com/201...

      "For the second time in a week, Adobe Systems Inc. says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team,"

      --
      There are two types of people in the world: Those who crave closure
    3. Re:HTML5 promo ? by ColdWetDog · · Score: 1

      With your UID you do realize that we have been banging on Flash since before HTML 5 was a gleam in W3C's blinky tagged eyes.

      --
      Faster! Faster! Faster would be better!
    4. Re:HTML5 promo ? by Motherfucking+Shit · · Score: 2

      Unfortunately, most NOAA/NWS radar products still require Flash. Livestream, which powers my local TV news broadcasts, also uses a Flash based player. There are a few other use cases for me personally, most of them being government entities.

      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    5. Re:HTML5 promo ? by Gravis+Zero · · Score: 1

      Please tell me how to distinguish this "bad Flash" info from Fear, Uncertainty and Doubt (FUD) disinformation from HTML5 advocates?

      it's simple: read the article

      --
      Anons need not reply. Questions end with a question mark.
    6. Re:HTML5 promo ? by Motherfucking+Shit · · Score: 1

      Cool, glad they're moving away from Flash. The TV station websites are still pointing at the Flash video player, maybe I'll email them and see if it does any good.

      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    7. Re:HTML5 promo ? by djl4570 · · Score: 1

      Linux Antares 4.5.5-300.fc24.x86_64 #1 SMP Thu May 19 13:05:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
      I've had the same problem since dumping Windows on my main personal platforms. The radar animations were interesting but not essential. I cannot name another site where Flash is essential.

    8. Re:HTML5 promo ? by sjames · · Score: 1

      Lets just say Flash is a frequent flyer on security warnings. The websites haven't replaced it because it isn't a risk to them and they don't know HTML5.

  8. Weekly Flash Warning. 7 Days Til Next Alert. by zenlessyank · · Score: 5, Insightful

    Since you haven't listened to the 483 times we have told you before, we will tell you again. Uninstall Flash Player. That is all.

  9. And Shame on Adobe by dmomo · · Score: 5, Insightful

    For undermining security to try and trick users into installing McAffe when upgrading. That should be opt IN not opt OUT.

    1. Re:And Shame on Adobe by dmomo · · Score: 2

      Trying to monetize the security upgrade process just reveals that you have an incentive to ship an insecure product.

    2. Re:And Shame on Adobe by dmomo · · Score: 1

      Oh. That's new to me. I at least see a check box, one for MacAffee, the other for Intel True Key. But both are checked by default.

    3. Re:And Shame on Adobe by radarskiy · · Score: 2

      They offer hand-crafted artisanal crapware.

  10. And no Linux version by crow · · Score: 2

    Adobe hasn't released a Linux version since version 11. Unless there's a big surprise, there's no option for Linux users but to give up on Flash entirely.

  11. Re:Just Nuke Adobe by NatasRevol · · Score: 2

    Next version of macOS will also disable it by default.

    --
    There are two types of people in the world: Those who crave closure
  12. Threats from the future? by SeaFox · · Score: 1

    [quote] The bug exists in Adobe Flash Player 21.0.0.242 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS...[/quote]

    According to Adobe the current version of Flash is only 21.0.0.192.
    I'd like to hear where this later version is that is already considered obsolete, and where the patched update is.

    1. Re:Threats from the future? by SeaFox · · Score: 2

      Oops. Misread that there. 22.0.0.192.
      LOL. Carry on, I'm an idiot.

  13. Linux/Firefox latest 11.2.202.626 by jmccue · · Score: 1

    I guess either Firefox/Linux is not vulnerable or it is 'open season' and always will be. The latest version for me is 11.2.202.626, see:

    http://www.adobe.com/software/... -- You probably have to activate flash for that page

    I rarely use flash anyway, so time finally give it the ole heave/ho.

    1. Re:Linux/Firefox latest 11.2.202.626 by Anonymous Coward · · Score: 1

      Yeah, if you're on Linux/FireFox you're screwed until they finish chromification. Linux/Chrome has the fixed flash plugin. There's instructions on how to get the plugin out of the official chrome distribution and into chromium.

  14. Misleading much? by campuscodi · · Score: 3, Informative

    It's only a Flash zero-day that abuses Windows DDE via a six-step process (Flash - DLL file - Windows DDE - LNK file - VBS Script - CAB file). This zero-day is specific to nation-backed hackers, not average exploit kit skids. The exploitation process is just to hard to follow through, and Microsoft EMET detects it as well. So... it's not really that dangerous ffs

  15. alright... so have we learned yet? by Anonymous Coward · · Score: 2, Insightful

    Flash, Javascript, ActiveX... have we learned now?

    Letting random web sites run any form of procedural code on your computer is NOT a good idea. Not just random web sites, but any site THEY in turn want to cross site script. Even when you try to sandbox this stuff, there are still holes. The valid use cases for such scripting are minuscule - it is chiefly used for advertising, tracking, profiling, and interfering with the user experience such as disabling cut and paste. For the very few valid use cases, it can be whitelisted.

    But default-enabled? That's insane, no matter what the web-language flavor of the day is.

    Captcha = mishap

    1. Re:alright... so have we learned yet? by Sigma+7 · · Score: 1

      Flash, Javascript, ActiveX... have we learned now?

      Boot sector viruses... it's a very old lesson that BIOS manufacturers plugged by the F8 key (allows booting from floppy on request rather than automatically).

      For the very few valid use cases, it can be whitelisted.

      Or simply set as (right-)click to start them. This has the advantage of not requiring a whitelist, while stopping all drive-by attacks. Most attacks are from third-party advertisers rather than being uploaded to Newgrounds/Kongregate.

  16. Is Adobe paid for deliberate vulnerabilities? by Futurepower(R) · · Score: 4, Informative

    "Flash is literally a zombie at this point."

    Big problem: Adobe Flash is a "zombie" to technically knowledgeable people who read a lot of technology news. For most people, Flash makes their computers vulnerable.

    Is Adobe selling vulnerabilities to hidden parts of the U.S. government, or to other organizations, and fixing the vulnerabilities only after they are discovered publicly? Or is Adobe management so incompetent that there are 10 or 20 or, in this case, 36 vulnerabilities in every version? In either case, the large number of vulnerabilities seem to be a strong advertisement not to install Adobe products on computers that have a connection to other computers or to the internet.

    I count 11 new versions of Adobe Flash in 10 months.

    The best story I've found about this month's Adobe Flash vulnerabilities is this one: Kill Flash now. Or patch these 36 vulnerabilities. Your choice.

    I see web pages that don't need Adobe Flash Player using it anyway. Is that because most people don't use the Better Privacy browser add-on? Flash makes what are called persistent cookies. Better Privacy deletes persistent cookies.

    Every time I start Adobe Acrobat Professional, it asks to connect to the internet in 3 different ways. So, when I want to make a PDF file, I generally use the free Bullzip PDF printer.

    Because I have no way of knowing what Adobe is doing or hiding, I generally use the free Sumatra PDF Reader.

    To me, it seems that Adobe is engineering such a bad reputation for itself that it will eventually put itself out of business. (It seems that Microsoft is following the Adobe methods. Windows 10 seems to be intentionally vulnerable. Microsoft products also have huge numbers of vulnerabilities.)

    1. Re: Is Adobe paid for deliberate vulnerabilities? by Anonymous Coward · · Score: 1

      See, a zombie- it infects lots of ignorant people while the wise and prepared avoid it.

    2. Re:Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 4, Informative

      That's one of the things I have always liked about OS X: Native PDF support for both Reading and Writing PDFs.

    3. Re:Is Adobe paid for deliberate vulnerabilities? by Anonymous Coward · · Score: 1

      I just use epub instead of PDF. epub is a truly open format that is supported by everything since it's just HTML.

    4. Re:Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 2, Informative

      Windows 10 does as well now...

      Wow, I'm impressed! OS X has only had that for sixteen years (Hint: Since OS X 10.0.0)...

    5. Re:Is Adobe paid for deliberate vulnerabilities? by Anonymous Coward · · Score: 1

      For those whose brains are now breaking, that is entirely true. When NeXT got bought by Apple (or more accurately, NeXT bought Apple for negative 400 million dollars), they were using Display Postscript for graphics. Adobe charged a lot for the licensing of DPS. Apple didn't want to pay that for every Macintosh computer sold (and probably didn't want to pay more than zero in any case), so they created a new graphics kernel (Quartz) based on PDF instead of Display Postscript.

    6. Re:Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 1

      For those whose brains are now breaking, that is entirely true. When NeXT got bought by Apple (or more accurately, NeXT bought Apple for negative 400 million dollars), they were using Display Postscript for graphics. Adobe charged a lot for the licensing of DPS. Apple didn't want to pay that for every Macintosh computer sold (and probably didn't want to pay more than zero in any case), so they created a new graphics kernel (Quartz) based on PDF instead of Display Postscript.

      Interesting. I knew about NeXT being DPS-based; but didn't know that was why Quartz was created; but it makes sense.

      However, I do kinda resist the notion of "NeXT buying Apple for -$400 million", because, in the end, other than the Dock, the Column-View Mode in Finder, and a bunch of API calls that start with "NS", Macs (thank Cthulu) never DID turn in NeXTStations (although there was a bit of an attempt with the G4 Cube), and the OS X GUI of today still looks essentially the same as it has since MacOS 1.4 debuted in 1984.

      Apple even had created a relatively fully-functional Unix-based OS (A/UX) LONG-prior to the NeXT acquisition, so even THAT wasn't something that can be directly traced to NeXT and NeXT alone.

    7. Re:Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 1

      However the BSD + mach kernel still is lineaged to NeXT as well.

      And NeXT did buy Apple, I mean NeXT's CEO became Apple's CEO.

      BTW I am another AC than your parent post.

      So, by your logic, Steve Jobs, who was originally the CEO of Apple, became NeXT's CEO; so NeXT was just a subsidiary of Apple, and Apple just decided to buy out H. Ross Perot's share of the subsidiary for $400 mil. And close the Subsidiary.

      And then the person placed in charge of the NeXT subsidiary came back to Apple to resume his former position as CEO.

      And as far as the lineage of OS X goes, well, that is quite a bit more convoluted than you imply. Sure, their is the BSD + Mach kernel, but that is simply part of the Darwin layer. OS X is MUCH more than that. And if we want to trace the origins of those BSD and Mach layers, well, that starts to look like a Geneology chart of the Origin of the Species...

    8. Re:Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 1

      Windows 10 does as well now...

      Wow, I'm impressed! OS X has only had that for sixteen years (Hint: Since OS X 10.0.0)...

      WTF, MODS? How can a REPLY be FLAMEBAIT?!?

      Oh, wait. I understand now. I dared to post a FACTUAL pro- Apple comment on Slashdot. My bad...

    9. Re:Is Adobe paid for deliberate vulnerabilities? by bobbutts · · Score: 1

      I think of Photoshop and Lightroom when I think of Adobe. Those products dominate the market still.

    10. Re:Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 1

      Apple needed a new OS, NeXT had a product and a credible crew,

      Apple was already deep in the throes of Rhapsody. Now, whether than would have been better than what they ended up with is infinitely debateable.

      But NeXT didn't have any SALES, which is why they were for sale fairly cheap.

    11. Re: Is Adobe paid for deliberate vulnerabilities? by macs4all · · Score: 1

      And how many pro-Android users post that it has had a particular feature for years, then the rabid fan bois be all "we do it better"?

      Um, LOTS of them.

      You must be new here...

  17. Blocking SWF vs. blocking HTML5 by tepples · · Score: 1

    It's a lot easier to limit SWF tracking without disabling essential functionality than to limit HTML5 tracking without disabling essential functionality. To limit SWF tracking, disable the Flash Player plug-in on sites outside the SWF whitelist (Newgrounds, Kongregate, Weebl's, Dagobah, Albino, Homestar). To limit HTML5 tracking, you need to install tracking blockers, and if you do that, some sites will refuse you service because they don't know how to present ads that don't track you. Sites using SWF tracking are less likely to refuse service on grounds of lacking Flash Player because then they'd be refusing service to viewers on smartphones and tablets that run a smartphone OS.

    1. Re:Blocking SWF vs. blocking HTML5 by Waccoon · · Score: 1

      I'd like to see you browse the web when every page looks like this:

      <!DOCTYPE HTML>
      <head>
      <script type="text/javascript" src="bootstrap.js"></script>
      </head>
      <body></body>
      </html>

    2. Re:Blocking SWF vs. blocking HTML5 by the_Bionic_lemming · · Score: 1

      I disable scripting by default - and every web page does not look like that.

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
    3. Re:Blocking SWF vs. blocking HTML5 by thegarbz · · Score: 2

      I tried that once, but I'm old fashioned enough to actually just expect something to work when I access a page, not visit page, damn, enable the first script ... damn, enable the second script ... damn, enable the third script ... yay content works, but links don't ... damn, etc etc.

      It was actually exhausting using the internet with scripting disabled by default.

      Personally I just now block ads. Let them build up a profile of what they should be selling me. It's not like I see their junk.

    4. Re:Blocking SWF vs. blocking HTML5 by MadMaverick9 · · Score: 2

      So?

      What's the problem?

      You don't want me to see your webpage. Then I simply don't.

      I don't give a flying fuck.

    5. Re:Blocking SWF vs. blocking HTML5 by tepples · · Score: 1

      The difference is that an iPad can render Waccoon's example but not yours.

    6. Re:Blocking SWF vs. blocking HTML5 by the_Bionic_lemming · · Score: 1

      wimp

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
    7. Re:Blocking SWF vs. blocking HTML5 by thegarbz · · Score: 1

      I'm an engineer so I look for the efficient way. Nothing wimpy about not slogging through efforts to make your own life difficult for little to no gain.

    8. Re:Blocking SWF vs. blocking HTML5 by the_Bionic_lemming · · Score: 1

      Wimp

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
    9. Re:Blocking SWF vs. blocking HTML5 by thegarbz · · Score: 1

      I'm an engineer so I look for the efficient way. Nothing wimpy about not slogging through efforts to make your own life difficult for little to no gain..

    10. Re:Blocking SWF vs. blocking HTML5 by the_Bionic_lemming · · Score: 1

      Wimp.

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
    11. Re:Blocking SWF vs. blocking HTML5 by thegarbz · · Score: 1

      I'm an engineer so I look for the ... ahh fuck it :)

    12. Re:Blocking SWF vs. blocking HTML5 by the_Bionic_lemming · · Score: 1

      VICTORY IS MINE !!!!!

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  18. Each NWS SWF radar loop has a GIF version by tepples · · Score: 1

    At the top of any SWF-based National Weather Service radar loop, you can follow the "Standard Version" link at the top to get an animated GIF instead. The "National Radar Mosaic Sectors" at the bottom are also animated GIFs.

  19. Just under a year of extended support left by tepples · · Score: 3, Informative

    Flash Player (PPAPI version) for Linux is current. Flash Player (NPAPI version) 11.2 for Linux is outdated but in extended support until May 2017, during which it gets security updates but no new features. Fresh Player is a wrapper plug-in for an NPAPI browser that hosts PPAPI plug-ins.

    1. Re:Just under a year of extended support left by ChunderDownunder · · Score: 1

      Actually I'd prefer if websites would support Shumway.

      But the Javascript browser detection code usually queries the presence of a flash plugin rather than the ability to render swf.

  20. How to convince users to whitelist your web app? by tepples · · Score: 2

    For the very few valid use cases, [SWF, JavaScript, or WebAssembly] can be whitelisted.

    Among these "very few valid use cases" are web applications, such as Google Docs and Slashdot,* and sites offering vector-based animations, such as Homestar Runner and Weebl's Stuff. So how should the operator of a website hosting a web application go about demonstrating to users that the application is among these "very few valid use cases"?

    * Try loading more than the 100 top-scored comments without script. If you succeed, reply and let me know what you pushed.

  21. Can't get rid of Flash yet by jonwil · · Score: 4, Interesting

    I tried removing Flash from my SeaMonkey install and that lasted all of 5 minutes before I found a forum post with an embedded YouTube clip that I couldn't play (and wanted to play). So I can't ditch Flash yet (at least not until YouTube comes up with a way to embed YouTube clips into forum posts, blog posts etc etc without needing Flash installed)

    1. Re:Can't get rid of Flash yet by Anonymous Coward · · Score: 2, Informative

      Embedding HTML5 Youtbe videos works just fine. The problem is that the web site you went to used an older embed method that defaults to Flash.

    2. Re:Can't get rid of Flash yet by melting_clock · · Score: 3, Informative

      You could install flashblock and only allow flash content that you actually need. It cuts down on security threats and ads.

  22. Dupe! by shanen · · Score: 1

    This is news exactly how?

    Perhaps more amazing or a testimonial to the current state of slashdot is a lack of "dupe" among the visible comments.

    So I scanned the insightful comments. Is it the broken moderation system, lousy moderators, or just a general lack of moderation points? Didn't find much in the way of insight with that tag.

    Closest bit was a reference to the need for security. Sorry, NOT insightful.

    Insightful would have been an analysis of the drive for flash over substance, as driven by advertiser eyeballs.

    Even deeper insight might have considered how the lack of liability for security failures and bugs drove the Internet (in particular and most software in general) down the rathole of phucking the users.

    In the end, we wind up with a world dominated by the google's operative motto: "All your attention are belong to us." However, Amazon is probably worse. Did that make you feel better? Also, welcome to Trump's world.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  23. "Persistent Threat Group" also a load of crap by drinkypoo · · Score: 1

    Persistent threat groups target all operating systems every day. So give up operating systems. If you can't enter your program with front panel switches, you're doing it wrong, noob!

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  24. Good thing we have v. 16 at work by Billly+Gates · · Score: 1

    The training department in HR uses an older verson of Adobe Captivate for their presentations and audio won't work with any newer version. Since Adobe only rents software I can't justify the $750 a month it will cost for all 3 users to update! Thanks adobe

    So I will be fired or written up if we get any ransomware, but I can't use newer software. What a joy!

    At home I use flashblock for Chrome and Adblock plus for Chrome and IE. Too bad I can't use it at work as my users are drooling idiots who will form a line at my office asking for why flash content won't work automatically and a funny little icon will apear that says click to play. Oh that is write our training links require IE 6 and IE 8 still

    --
    http://saveie6.com/
  25. Fuck HowToGeek by radarskiy · · Score: 1

    HowToGeek puts 0-delay refresh in a meta http-equiv tag inside a noscript tag: "meta HTTP-EQUIV="refresh" content="0;url='...'"

    If you open the page with javascript turned off it refreshed the page immediately after loading is finished and continues forever.

    Fuck those guys.

  26. Re:How the hell by hcs_$reboot · · Score: 1

    When the initial program code is a labyrinthine system, any code added on top of that mess doesn't make the whole system more reliable. Adobe should have rewritten from scratch that p.o.c a long time ago.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  27. Re:I need the Weather by Andreas+Mayer · · Score: 2

    This website does not work in Firefox without the Flash Plugin.

    http://www.ssd.noaa.gov/goes/east/carb/flash-rb.html

    I use this website every day.
    Any suggestions.

    Use the non-flash version?

    http://www.goes.noaa.gov/dml/e...

    Or ist that somehow not good enough? I can't compare; no Flash installed. :P

  28. open source flash replacements by vossman77 · · Score: 1

    are there any good open source flash replacements (mainly for firefox on my mac) that can get me through some older sites that use flash. I just need something with minimal features and tight security.

    I was aware of swfdec back in the day and found some others: lightspark, gnash, Mozilla Shumway.

  29. Re:Uninstall flash? by arth1 · · Score: 1

    Some of us stupider mother fuckers have shitty janitor type jobs where we maintain a thing called VMware.

    This VMware is a really expensive product. It's also really, really, really poorly designed. The management interface requires flash. To boot, it won't even run on Linux clients.

    Huh? I administer my VMware installations remotely from Linux. No flash is needed. Newer software has a html/javascript interface, and older ones have command line tools that work remotely.

  30. Embedding videos in PDFs, then? by pz · · Score: 1

    One of the really useful features in PDF is the ability via Adobe Reader to embed flash videos in PDFs. It's a very convenient way to deliver videos to a client (or in our case, grant review committee) in a nicely packaged way that is guaranteed to be playable (everyone can get Reader). Moreover, everyone that accepts documents for various applications in my circles, accepts them in PDF.

    If we can't use flash (and I recognize that, eventually, another solution will become necessary), what's the alternative for embedding videos in a universally readable document?

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
  31. Heh. by Rhambus · · Score: 1

    Pretty much every modern browser out there has flash included, so I can't fathom why anyone would even have older instances of flash installed. I literally go through my programs on a weekly basis, and if I haven't used it that week it gets deleted.

  32. Re: Why was my reply deleted? by Anonymous Coward · · Score: 1

    You'd think a corporate officer at Adobe could afford his own place.

  33. Good Hacker News comment on why Flash vulnerable by darpo · · Score: 1

    https://news.ycombinator.com/i...

  34. Pfft by rainer_d · · Score: 1

    They uninstalled it a while ago, after one of those zero-days.
    Then re-installed it, when a patch came around for that zero day
    Then just let it rot. I think it's patched occasionally. Thank god I'm not forced to use that silly Windows-image of theirs.
    They know what they're doing. They just think an APT can't or won't hit them. Or that AV and their silly proxy will catch it. I actually have to chuckle at the thought of that.

    --
    Windows 2000 - from the guys who brought us edlin
  35. Re:How to convince users to whitelist your web app by tepples · · Score: 1

    "Turn it on if you want it to work".

    Then site operators can continue to track people and/or accidentally infect their PCs by making sites that don't work at all without script, and then telling people "Turn it on if you want it to work".

  36. Re:How to convince users to whitelist your web app by tepples · · Score: 1

    Then don't use their site if they track you and/or accidentally infect your PC. This isn't rocket science.

    Knowing that a site will do that if the user chooses to enable scripting for that site is rocket science.