Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 (onthewire.io)

← Back to Stories (view on slashdot.org)

Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016 (onthewire.io)

Posted by BeauHD on Wednesday December 7, 2016 @02:05PM from the majority-rules dept.

Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says.

72 comments

Min score:

Reason:

Sort:

Official statement from Adobe: by Anonymous Coward · 2016-12-07 14:11 · Score: 5, Funny

We're proud to have 6/10 of the top bugs and will work hard to have even more in the top 10 next year.
1. Re:Official statement from Adobe: by Anonymous Coward · 2016-12-07 15:07 · Score: 2, Funny
  
  IE is slipping - only 4/10 top bugs. Heads will roll in Redmond!
2. Re:Official statement from Adobe: by hcs_$reboot · 2016-12-07 16:38 · Score: 2
  
  IE is only E now...
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
3. Re:Official statement from Adobe: by Anonymous Coward · 2016-12-07 17:20 · Score: 0
  
  IE was actually only 1. interestingly firefox had far more bugs but they didn't make the exploit kits.
4. Re:Official statement from Adobe: by Anonymous Coward · 2016-12-07 17:46 · Score: 3, Insightful
  
  It is only hard to understand by people like you because you think that a bug is the same as a vulnerability. Guess what?? THEY AREN'T THE SAME THING.
  You can have millions of bugs and the application can be without a single vulnerability.
  Also, not all vulnerabilities are equal. Anything that requires physical access to the device is low on the vulnerability scale, while something that only requires somebody to visit a web-page is HIGH and dangerous.
5. Re:Official statement from Adobe: by gravewax · 2016-12-07 17:58 · Score: 1
  
  https://www.mozilla.org/en-US/...
6. Re:Official statement from Adobe: by Anonymous Coward · 2016-12-07 18:05 · Score: 1
  
  It is only hard to understand for people like you that walk around with your eyes shut. Firefox has been shit security wise for some time now, go check out firefox vulnerability list for the last 2 years and how often they have had exploitable holes that require no user interaction beyond browsing to a malicious site.
7. Re:Official statement from Adobe: by Bert64 · 2016-12-07 21:06 · Score: 4, Informative
  
  Flash gets targeted because its a monoculture, 95% of potential victims are running the same flash plugin with the same vulnerabilities, there aren't really any alternative flash plugins.
  Targeting the browser is less effective these days as there are several major browsers and your potential victims could be using any of them.
  Targeting IE instead of Firefox is still more effective as its a default install. Anyone running Firefox has generally gone out of their way to install it and is more likely to keep it up to date, users running IE are generally doing so just because it's there and are likely to be less tech savvy.
  Back when IE had 95% of the browser market it was the obvious target.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
8. Re:Official statement from Adobe: by Anonymous Coward · 2016-12-08 00:43 · Score: 0
  
  Flash is broken by design. Once it leaked out of the original sandbox, it's been nothing be a fucking nightmare which has cost the global PC user billions per year; not only in protection tools and clean-up software, but in wasted time - both in business and personal.
9. Re:Official statement from Adobe: by The-Ixian · 2016-12-08 04:01 · Score: 1
  
  A bug is only an unexploited vulnerability...
  
  --
  My eyes reflect the stars and a smile lights up my face.
10. Re:Official statement from Adobe: by The-Ixian · 2016-12-08 04:03 · Score: 1
  
  On the flip side, at least you get to see animated ads and Farmville!
  
  --
  My eyes reflect the stars and a smile lights up my face.
11. Re:Official statement from Adobe: by Anonymous Coward · 2016-12-08 23:02 · Score: 0
  
  sadly firefox is more the millions of vulnerabilities and millions of bugs combo. It has become a disgrace. You used to be able to point at it and say look at what open source created, now people point and laugh and say look at what open source created.
You got the wrong guy by fustakrakich · 2016-12-07 14:12 · Score: 1, Flamebait

The operating system is responsible for all of the bugs.

--
“He’s not deformed, he’s just drunk!”
1. Re:You got the wrong guy by Anonymous Coward · 2016-12-07 14:20 · Score: 0
  
  The operating system is responsible for all of the bugs.
  Is this why the exploit is attributed to the Linux operating system?
2. Re:You got the wrong guy by fustakrakich · 2016-12-07 14:29 · Score: 1
  
  I don't know. Does Adobe flash run on Linux? I've always used Chrome or VLC when I need to play Flash content.
  
  --
  “He’s not deformed, he’s just drunk!”
3. Re:You got the wrong guy by Anonymous Coward · 2016-12-07 14:31 · Score: 1
  
  The operating system is responsible for all of the bugs.
  no, it's electricity that's responsible for all the bugs, stop the flow of electricity and the bugs will also stop
4. Re:You got the wrong guy by Neuronwelder · 2016-12-07 14:37 · Score: 1
  
  I don't use Chrome. But I do use Firefox with Ubuntu. So.. It can be forced to work with Firefox you click on the site that wont work. It warns you that Flash is dangerous (or outdated) then it asks you if you want to proceed. Click on yes.
5. Re:You got the wrong guy by Anonymous Coward · 2016-12-07 15:11 · Score: 0
  
  Fucking guns.
6. Re:You got the wrong guy by Anonymous Coward · 2016-12-07 15:29 · Score: 0
  
  Yes, unfortunately.
7. Re:You got the wrong guy by Anonymous Coward · 2016-12-07 21:03 · Score: 0
  
  Um... You should update the Flash plugin, rather than clicking yes.
  Firefox only shows that dialog when your Flash plugin is horribly out of date and have known security holes.
8. Re: You got the wrong guy by Anonymous Coward · 2016-12-08 04:54 · Score: 0
  
  To be fair, that's true most days.
9. Re:You got the wrong guy by Anonymous Coward · 2016-12-08 05:09 · Score: 0
  
  Firefox is a dead skunk, squashed by advertisers. Chrome has all that stuff built in and is updated regularly, and you don't get silly warnings about their version of Flash. And it reads PDFs also. One less adobe plugin you need to download. But with Chrome, you have to clean out the cache manually and regularly. You can't set it to zero. That is unfortunate. But it's still the better alternative by far. You should trash Firefox. If you insist on using a Mozilla product, always stick with Seamonkey.
10. Re: You got the wrong guy by Anonymous Coward · 2016-12-08 06:28 · Score: 0
  
  If we outlaw electricity, only outlaws will have electicity. Is this what you want? Think of the children before you answer.
More holes than swiss cheese by Anonymous Coward · 2016-12-07 14:13 · Score: 2, Insightful

How can *one* piece of software have so many fucking critical vulnerabilities over the years? Seriously, Flash has had new exploits just about every month, going back 10 years or more. There comes a point where the opposite of Hanlon's razor becomes likely; this simply can't be incompetence anymore, it must be malice. Is the NSA running the show at Adobe or something?
1. Re:More holes than swiss cheese by bmo · 2016-12-07 14:30 · Score: 4, Informative
  
  >How can *one* piece of software have so many fucking critical vulnerabilities over the years?
  Because it's spaghetti code. It's so bad that the single Linux maintainer flipped his shit years ago and wrote an angry blog post about it. I tried looking for the article, but that is too much of a needle/haystack problem.
  Apparently it's been a fucking mess from the beginning.
  --
  BMO
2. Re:More holes than swiss cheese by turning+in+circles · 2016-12-07 15:17 · Score: 2
  
  OK, so I'm an amateur, and I don't know squat, but even I know you don't ever run Adobe Flash for any reason on your browser. And if you really really feel the need to run Adobe Flash, you do it in a throwaway browser that you only use to run Adobe Flash. So is this really news.
  
  --
  Might as well face it I'm addicted to data.
3. Re:More holes than swiss cheese by msauve · 2016-12-07 15:34 · Score: 3, Informative
  
  If someone's ever actually interacted with an Adobe product, they know. They're shit. Really. Open an Acrobat index, and the search dialog (which is what you want to get to) appears _behind_ a blank document window, which is useless. WTF?
  
  Adobe's contribution to computing began and ended with Postscript. I'll also give some credit for the pdf format/concept itself, despite obvious flaws in the implementation. Photoshop is a convoluted mess which is successful in spite of its faults, purely due to inertia and lack of competition. All else they've ever created simply sucks.
  
  I'd believe the spaghetti code explanation, but that's a rationalization, not an excuse.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
4. Re:More holes than swiss cheese by Kjella · 2016-12-07 15:49 · Score: 2
  
  OK, so I'm an amateur, and I don't know squat, but even I know you don't ever run Adobe Flash for any reason on your browser. And if you really really feel the need to run Adobe Flash, you do it in a throwaway browser that you only use to run Adobe Flash. So is this really news.
  You don't know squat about knowing squat. People who don't know squat aren't even able to tell that "you are infected click here to fix" is just a web banner and not an actual dialog box, much less what a browser or a plug-in or flash is. I'll also give you the Star Trek universal translation matrix, whenever people like that are asked "Do you want to flubber the gavot on the pinoshi? [Yes][No]" or anything else incomprehensible it translates to "You want this to work? [Yes][No]" and they click yes yes yes. They've given up trying to understand, much less figure out if the dialog is actually genuine.
  
  --
  Live today, because you never know what tomorrow brings
5. Re:More holes than swiss cheese by Dutch+Gun · 2016-12-07 17:06 · Score: 2
  
  Moreover, it's incredibly complex code that performs real-time media playback, animation, and scripting. Essentially, it's got all the vulnerabilities of a complex media player (like the Stagefright library) combined with a scripting language runtime environment (like Javascript), all written in a language (C) that more or less hands an attacker a potential security vulnerabilities if a programmer made the tiniest of errors when handling memory buffers and file formats with deliberately malformed data, and which occurs in hundreds of thousands of places throughout the codebase.
  Then someone said: Hey, let's allow unvetted content from remote servers on the internet to be interpreted and executed in this incredibly complex module on a client's machine! Because in the early 2000's, that apparently sounded like an awesome idea, and thus were born Flash, ActiveX, the Java plugin, PDF readers with Javascript enabled by default, and other monstrosities of the early web.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
6. Re:More holes than swiss cheese by gravewax · 2016-12-07 17:26 · Score: 1
  
  sadly many of us have to use poorly made enterprise tools written by incompetent companies that don't give a shit about security and hence REQUIRE flash player, until companies like VM Ware move into the 21st century we are stuck with this shit.,
7. Re:More holes than swiss cheese by Anonymous Coward · 2016-12-07 19:02 · Score: 0
  
  Does VMware require flash for their linux installer? I don't think so... Unless you're speaking of their other products, then I'm sorry.
8. Re:More holes than swiss cheese by aristotheron · 2016-12-07 19:19 · Score: 1
  
  what is a REWRITE
9. Re:More holes than swiss cheese by Anonymous Coward · 2016-12-08 00:46 · Score: 0
  
  I'll take "Things Adobe has spent 12 years being too cheap to do" for $100, Alex.
10. Re:More holes than swiss cheese by Anonymous Coward · 2016-12-08 08:13 · Score: 0
  
  VSphere requires it for their webclient. So yes it is needed reguardless of OS. They have finally started moving to HTML5, but the new HTML5 client has limited functionality.
alternate name = Rule 41 by Anonymous Coward · 2016-12-07 14:15 · Score: 0

Seriously. What will the LEOs/GOs/other spooks do when Flash eventually dies?
Competition by Dan+East · 2016-12-07 14:48 · Score: 2

It's just a friendly competition is all. The Adobe Flash team has a lot of work ahead of them still to catch up to Adobe Reader as the all-time champion of browser-based attack vectors. However they're giving it their best shot.

--
Better known as 318230.
1. Re:Competition by Anonymous Coward · 2016-12-08 08:40 · Score: 0
  
  Why? About the only part of flash which is "needed" today is the DRM component, which obviously can't be open source. Mozilla are already trying to handle that (by wrapping a minimal component within some kind of jail). Adobe should just drop flash and push that (they still get a piece of the pie, since they're the ones supplying the closed-source bit AFAIK).
seems to be by Anonymous Coward · 2016-12-07 16:08 · Score: 0

why people need to update.
this is using flash and ie mostly. even ubuntu with its admin normal user(by default) is more secure than windows and in linux its easy to broadcast os and browser to websites ie spoof that info and thus they would give bad code there are still indicaters though for the dilligent.
I know how to make Flash less dangerous by Applehu+Akbar · 2016-12-07 16:17 · Score: 1

We could make it even more annoying than it is now. Rather than just having to be updated every time you use it, the model that Windows users are familiar with when they run Adobe Reader, make it update two or three times during the playing of each video. Websites will have to stop using it.
Open Warfare...on exploits. by Ostracus · 2016-12-07 16:31 · Score: 1

So has anyone written an open source version of the Flash browser plug-in?

--
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
1. Re:Open Warfare...on exploits. by Anonymous Coward · 2016-12-07 16:38 · Score: 1
  
  There is one, called gnash. It's no longer active.
And then you get rid of Flash by Anonymous Coward · 2016-12-07 16:38 · Score: 0

Funny, now there's still a top ten list of exploits, just not ones in Flash.
As Samuel L. Jackson said ... by the_mushroom_king · 2016-12-07 16:44 · Score: 1

"I'd never know 'cause I [don't use] the filthy motherfucker." -- Jules, Pulp Fiction
only 6? by gravewax · 2016-12-07 16:50 · Score: 1

only 6 of top 10, wow I did not realise Adobe had improved things so much, perhaps their is hope for them yet.
That's still just postscript (zipped) by raymorris · 2016-12-07 17:14 · Score: 4, Interesting

You give them credit for Postscript and for pdf. Pdf is essentially Postscript, zipped, with some of the code commented out. So really they deserve credit just for Postscript.
Except that postscript was largely created at Xerox PARC, before John Warnock and Chuck Geschke left. Warnock and Geschke wanted Xerox to sell Postscript (then called Interpress) as a standalone product, but Xerox chose not to. So the two left and created Adobe to sell Xerox's idea.
So anyway their one great thing, Postscript, wasn't created by Adobe.
In the days when cross-browser Javascript/Actionscript was darn near impossible, Adobe Flash was *conceptually* a good idea - a plugin that carried the same dialect of JavaScript/Emacscript to every browser. Unfortunately they really, really suck at security.
1. Re:That's still just postscript (zipped) by Dog-Cow · 2016-12-07 18:39 · Score: 1
  
  Adobe didn't create Flash either. It was created by Macromedia, who was bought by Adobe.
2. Re:That's still just postscript (zipped) by Dusthead+Jr. · 2016-12-07 19:33 · Score: 4, Informative
  
  Flash wasn't created by Macromedia either. It was created by FutureWave to complete against Macromedia's Shockwave. Macromedia bought FutureWave.
3. Re:That's still just postscript (zipped) by Anonymous Coward · 2016-12-08 01:47 · Score: 0
  
  Flash wasn't created by FutureWave either. It was created by some kid in his parents' basement and then got hired by FutureWave.
4. Re:That's still just postscript (zipped) by Anonymous Coward · 2016-12-08 03:22 · Score: 0
  
  Considering the time period when Flash was written, everyone sucked at security.
5. Re:That's still just postscript (zipped) by Anonymous Coward · 2016-12-08 05:01 · Score: 0
  
  That kid in his parents' basement wasn't created by his parents.
  His grandparents created his parents.
6. Re:That's still just postscript (zipped) by TroII · 2016-12-08 08:52 · Score: 1
  
  Thank you for subscribing to Human Facts!
  Did you know? A human female is born with all the eggs she'll ever have during her lifetime. That means that you, dear AC, were technically halfway into the world while your mother was still in your grandmother's womb!
  Stay tuned for tomorrow's installment of Human Facts, "Why Natalie Portman may calcify but won't ever petrify."
  
  --
  "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
Still big in China by Anonymous Coward · 2016-12-07 17:40 · Score: 0

China is still stuck with Flash. It used to be taught in schools, which has been a criminally hazardous decision. Students were brainwashed with the message that Flash is the best thing since steamed rice.
Many public/government websites still tout Flash. Including unskippable Flash landing pages (remember that?)
China is basically the sink hole of the Internet, full of filth and germs. With a firewall around it.
Why is this the case? by goombah99 · 2016-12-07 17:42 · Score: 4, Insightful

Is there something instrinsic about the functions that Adode Flash does that makes this inevitable or is it that Adobe started with an unfixable design model or is it that Adobe is incompetent. Offhand I don't see a fourth option. Well maybe just bad luck.
SO for example. In the first option, we can compare the functionality of adobe to other systems. Silver light or H264 is not the same thing since unless I'm mistaken Adobe flash is not just a codec but also a language. So a better point of comparison is Java. If it's a matter of functionality leading to intrinsic vulnerabilities in a browser setting then one would expect Java and Flash to have the same frequency of exploits. Perhaps what saves Java is that it's usually off by default and asks permission to run.
Alternatively if it's an unfixable design model, I don't see a dimes worth of difference between this an incompetence except that the former is worse because one knows the design was incompetent but persists in selling it. It's like the difference between premeditated murder and manslaughter..
So given they could eliminate most expoits why don't all browsers quarantine Adobe or classify it as suspect malware.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:Why is this the case? by drinkypoo · 2016-12-07 17:50 · Score: 1
  
  SO for example. In the first option, we can compare the functionality of adobe to other systems. Silver light or H264 is not the same thing since unless I'm mistaken Adobe flash is not just a codec but also a language.
  Silverlight is just a SDK, and a plugin which lets you use stuff in windows from inside the browser so as to enable development of applications with web interfaces (defined in XAML) in Visual Studio. The things that it provides which aren't necessarily provided by the browser already (besides vector graphics and animations) are "H.264 video, Advanced Audio Coding, Windows Media Video (WMV), Windows Media Audio (WMA), and MPEG Layer III (MP3)". [wp] Thus, it's really more like Flash than H.264, although it's not actually like Flash. You develop Silverlight applications (or whatever they are actually called) which are hosted on an IIS server, and the user has to have the Silverlight plugin to use them. But it's all just brokered through the browser and then implemented using existing Windows functionality.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:Why is this the case? by goombah99 · 2016-12-07 17:59 · Score: 1
  
  Okay so if it has the same range of native functionality then why isn't it a vector for exploits to the same degree?
  
  --
  Some drink at the fountain of knowledge. Others just gargle.
3. Re:Why is this the case? by drinkypoo · 2016-12-07 18:04 · Score: 0
  
  Okay so if it has the same range of native functionality then why isn't it a vector for exploits to the same degree?
  There are probably two reasons. Reason the first, Adobe has always been legendarily bad at security, worse than even Microsoft. Reason the second, Silverlight apps don't actually run in your browser. They run on the server. Only the presentation occurs in your browser. That means they're not adding another scripting language to your browser, either. Any scripting that happens in your browser related to a Silverlight app is using the existing script host.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:Why is this the case? by mentil · 2016-12-07 18:15 · Score: 5, Interesting
  
  Flash is a pileup of every problem you mention and more. A vector animation plugin had a scripting language (ActionScript) tacked on top of it, and there are multiple versions of this language, each with its own legacy bugs, and newer versions of the plugin support older versions of ActionScript (so that old Flash files won't break). When I coded in it circa 2003, ActionScript was incredibly buggy, with many functions malfunctioning or being completely broken; it's safe to say that few to no parameters were being sanity-checked or sanitized. It was created in the ActiveX era where "rush it out the door before the competitors can" was at the top of the priority list, and anyone expressing concern for security was handed a pink slip and laughed out the door. New features were being added all the time at top speed and who has time to make it secure?
  By the time ActiveX got tamped down on in the XP SP2 days, it became more clear how bad Flash (and Java) was in the security department, but I imagine many of the original coders had left, likely with little to no code documentation so it was effectively unmaintainable. Putting out fires of perceived insecurity by fixing publicly found vulnerabilities was the actual security goal then, with little proactive finding of vulnerabilities. Macromedia only made money from their Flash authoring software, not the plugin itself, and there were eventually free/cheaper programs that let you create or at least maintain Flash content, so the money for securing the plugin was never there.
  Thankfully Chrome is leading the charge in killing it off for good. Nearly everything it does is done better (and more securely) by another technology now.
  
  --
  Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
5. Re:Why is this the case? by Anonymous Coward · 2016-12-07 18:29 · Score: 2
  
  Complete and total BS. Silverlight runs code in the browser on the client machine. It's only hosted on the server. It's just like Flash in that respect.
6. Re:Why is this the case? by Anonymous Coward · 2016-12-07 20:46 · Score: 0
  
  Is there something instrinsic about the functions that Adode Flash does that makes this inevitable or is it that Adobe started with an unfixable design model or is it that Adobe is incompetent. Offhand I don't see a fourth option.
  There is a fourth option: All of the above.
  1. Adobe is incompetent. No doubt about it. Adobe Reader is just as insecure as Flash.
  2. Because of 1, and because Flash was designed back in the days of IE 4 (maybe even earlier?) and Windows 9x, you can be sure that they started with an unfixable design. Besides, even though Adobe is incompetent, they do actually create security updates. By now, Flash probably has had more security updates than Sendmail, and is still less secure.
  3. Flash is untrusted code downloaded automatically from the internet. That's pretty much the definition of a security hole. Yes, Javascript kinda does the same thing, except that a) Javascript code is source, and depends on the browsers Javascript engine, and b) even so, by now everybody has realized that the Javascript engine needs to be heavily sandboxed, because running untrusted code from the internet is an unfixable problem.
7. Re:Why is this the case? by Bert64 · 2016-12-07 21:14 · Score: 1
  
  There are plenty of silverlight vulnerabilities, but the silverlight plugin is not as widespread as flash so there's far less incentive for anyone to attack it.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Quality is Quality is not found by Anonymous Coward · 2016-12-07 17:48 · Score: 0

Why is almost every sentence in the article written TWICE just in a different way. It's like it was plagiarizing itself one sentence at a time. The kicker was spelling frequently as refquently, like how the hell does that happen and why doesn't anyone spell check?
Not news to me by buss_error · 2016-12-07 17:57 · Score: 1

I have stated in the past what an utter disaster Java and Flash are, and have been pounded for my opinion. So be it.

--
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
1. Re:Not news to me by Anonymous Coward · 2016-12-07 20:01 · Score: 0
  
  Probably because at the time you were unable to provide any evidence to support your assertions.
  Or maybe it's your delivery that is the problem.
Flash is a problem by Anonymous Coward · 2016-12-07 18:57 · Score: 0

Fucking DUH!
Whoosh
OMG
WTF
It's Adobe - it's what we do.
User Skills by Tenebrousedge · 2016-12-08 01:39 · Score: 1

This article shows how wide the skills gap really is. By Slashdot standards, the vast majority of computer users are tech-illiterate. What we take for granted -- for example, knowing anything about Flash security -- is completely beyond them. The linked article also fixes this divide as the reason UI is hard: if you are capable of making one, you are ipso facto not able to judge the needs of the average user. My perspective on this has always been that some of humanity has to sacrifice our brains to this technological morass that we have developed, and the rest of humanity is much happier not knowing. We just have to accept that the rest of humanity is perfectly able to lead rich, fulfilling lives without having to give a shit about Flash vulnerabilities, and try to deal with the consequences as best we can.

--
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Does it apply for Flash in Chrome/Chromium? by short · 2016-12-08 01:40 · Score: 1

The article is quiet about Google NaCl (=Native client) + Pepper that jail Adobe Flash to be harmless no matter how insecure it is.
Agreed & source of it? by Anonymous Coward · 2016-12-08 07:03 · Score: 0

Those whose monetary agenda is adversely affected (webmasters & advertisers as it is w/ hosts files for me here but nobody here validly technically proves my points wrong on their superiority to browser addons, locally installed DNS, or even antivirus (both the latter are riddled w/ security issues & all are less efficient & non-native, thus illogically "Bolting on 'MoAr'" that doesn't work or work as well or as efficiently)).
* You got it as have I regarding hosts which blocks out the biggest source of infestation in ads or maliciously scripted sites served up by host-domain names (used by FAR more vs. IP address online for those bogus machinations).
APK
P.S.=> It's amazing how PETTY money makes people - even to the point of them fighting w/ facts + logic they can't overcome (drowning men will grab @ razors in other words) it definitely IS for myself (caught advertisers & webmasters here doing it a few times, flat busted)! apk
Re:Truth by Anonymous Coward · 2016-12-08 10:32 · Score: 0

This is bullshit, even pedophiles know Pizza Hut is shit.