Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Zero-Day Vulnerability Found In Adobe Flash Player (gbhackers.com)

Posted by BeauHD on from the out-in-the-wild dept.

GBHackers On Cyber Security and an anonymous Slashdot reader have shared a story about a new zero-day vulnerability found in Adobe's Flash Player. Bleeping Computer reports: South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild. According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents. Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea. Adobe said it plans to patch this zero-day on Monday, February 5.

87 comments

  1. Again... by JaredOfEuropa · · Score: 5, Informative

    I treat Flash itself as potential malware, and consider it to be compromised at all times. Thankfully, these days you hardly ever need it anymore.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    1. Re:Again... by Anonymous Coward · · Score: 1

      I treat Flash itself as potential malware, and consider it to be compromised at all times. Thankfully, these days you hardly ever need it anymore.

      Too bad it's embedded in every Windows since 8 ;)

    2. Re:Again... by ChunderDownunder · · Score: 2

      IIRC, non-MS programs can't see the system copy, i.e. Firefox. Google Chrome sandboxes its own installation.

    3. Re:Again... by Anonymous Coward · · Score: 0

      So, all the people telling us that the new Microsoft is different from the Microsoft Bill Gates ran are actually right.

      Back in the day, Bill Gates declared that security would take the front seat within Microsoft, and things actually did improve quite a lot.

      Then, just as everyone realized that Flash was actually the greatest security threat on the planet (after we got rid of Java), and dumped that garbage, Microsoft decided to include it in the OS.

      New Microsoft is indeed different from old Microsoft.

    4. Re:Again... by Oswald+McWeany · · Score: 1

      I hate things like Flash, and Shockwave, and some of those other obsolete technologies that some sites desperately hang on to. I won't use sites that require them.

      Fun fact: "Flash" in the Victorian era was slang for "criminal or nefarious". I think "Flash" was a very appropriate name from Adobe.

      --
      "That's the way to do it" - Punch
    5. Re:Again... by Anonymous Coward · · Score: 0

      I hate things like Flash, and Shockwave, and some of those other obsolete technologies that some sites desperately hang on to. I won't use sites that require them.

      Fun fact: "Flash" in the Victorian era was slang for "criminal or nefarious". I think "Flash" was a very appropriate name from Adobe.

      How dare you, sir!

    6. Re:Again... by TechyImmigrant · · Score: 1

      >I treat Flash itself as potential malware

      Why? He was the savior of the universe.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    7. Re:Again... by ayesnymous · · Score: 1

      VMware vCenter requires Flash for full functionality (their HTML5 web client is limited), so our production systems require very old versions of Firefox and Java in order to support Flash.

  2. There are _still_ people using Flash Player? by gweihir · · Score: 2

    Talk about having a death-wish...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:There are _still_ people using Flash Player? by jonwil · · Score: 4, Informative

      There are still streaming video sites out there that need Flash.
      Including the iView catch-up TV site for the Australian ABC (national government-run broadcaster) which refuses to work without Flash on my Windows 7 PC using any of the browsers I have (including Internet Exploder and Mozilla SeaMonkey)

      That said, I do not have the ActiveX version of Flash installed (which is what this exploit is targeting) and I have Flash set in SeaMonkey so it will ask me before activating any Flash content (meaning I can white list those sites that need Flash). So I should be safe from Flash exploits unless someone hacks the iView site to serve out bogus Flash files I should be safe from Flash related nasties :)

    2. Re:There are _still_ people using Flash Player? by AmiMoJo · · Score: 1

      Holy crap you are right! Their web site doesn't work on about 70% of due to lack of Flash support!

      Flash is blocked in Chrome now, except for a whitelist of sites which iView is not part of. It doesn't work on any of the major mobile browsers either.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:There are _still_ people using Flash Player? by Anonymous Coward · · Score: 0

      Still quite used on Porn sites. CB and MFC for example require it for RTMP. Warned MFC 4 years ago someone was actively exploiting users over chat and through Flash but they either didn't care or were the ones doing it (I suspect the latter).

      People like to act surprised when flash is brought up, I think it's more surprising they assume flash can go away overnight.

    4. Re:There are _still_ people using Flash Player? by Zontar_Thing_From_Ve · · Score: 2

      Yes. I'm a Starbucks shareholder and this week I got email telling me where to get my electronic copy of their annual report. I like to glance at the annual reports for any stocks I own and read shareholder proposals. I rarely vote to approve those but there have been a few really good ones that I voted for. Imagine my surprise to find that the Starbucks annual report was only available in Flash, not PDF.

    5. Re:There are _still_ people using Flash Player? by DigiShaman · · Score: 2

      I love how the VMWare vSphere client recommends using Flash over the HTML5 interface, even for 6.5.

      1. HTML5 based UI should at least be fully implemented by now.
      2. Flash is, and remains to be absolute ass!
      3. The stand-alone vSphere client was perfect, but doesn't support ESXi 6.5 (only 6.0 and below)
      4. How in the fuck can VMWare code ASM and C++ code, but can't get something like HTML5 right, and fallback on Flash.

      The world sucks!

      --
      Life is not for the lazy.
    6. Re: There are _still_ people using Flash Player? by Anonymous Coward · · Score: 0

      Flash went away for me overnight. I uninstalled it one day and never looked back.

    7. Re:There are _still_ people using Flash Player? by Doctor+Memory · · Score: 1

      The last time I used vSphere, the HTML5 client wasn't anywhere near to parity with the Flash version, and I didn't get the impression that VMware was making it a priority to bring it up to snuff. This was a couple of years ago, sounds like they haven't done much since then either.

      --
      Just junk food for thought...
    8. Re:There are _still_ people using Flash Player? by Eravnrekaree · · Score: 2

      Does Seamonkey sandbox Flash like Chrome does (like Chrome even sandboxes its own content). You think you are being secure but the fact is I bet using seamonkey or palemoon you are actually much worse off than you are with Chrome.

    9. Re:There are _still_ people using Flash Player? by gweihir · · Score: 1

      Well, true. But why are people using them? If these sites would see a massive drop-off in views, the Flash-problem would be solved pretty fast.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re:There are _still_ people using Flash Player? by DigiShaman · · Score: 1

      When it comes to VM infrastructure, we're a pretty conservative shop. Whatever the bleeding edge is, often we're a full version back. v6.5 is mature about now, so when I spoke with someone from VMWare (a BTW question for an unrelated technical issue) how well the HTML5 UI was with v6.5 over 6.0, the response I got was that it's better, but still go with Flash.

      I really wanted Flash killed in fire. No, scratch that; I want it devoured by a black hole never to be seen again with zero chance of ever coming back.

      --
      Life is not for the lazy.
  3. Is this really a problem? by Anonymous Coward · · Score: 1

    Who the fuck still uses flash or has it installed these days?

    1. Re:Is this really a problem? by Anonymous Coward · · Score: 0

      Microsoft

    2. Re:Is this really a problem? by Opportunist · · Score: 1

      Every MS-Office User. Whether you like it or not.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Is this really a problem? by DontBeAMoran · · Score: 1

      Good thing I stay away from the office packages from the big corporations and use Apple iWork instead!

      --
      #DeleteFacebook
    4. Re:Is this really a problem? by Anonymous Coward · · Score: 1

      VMWARE administrator ( crying :'( ) . I am going to install HTML interface soon, but some plugins are not compatible.

    5. Re: Is this really a problem? by Anonymous Coward · · Score: 1

      Same here. And I have about a dozen Enterprise management tools which rely on Flash to some extent.

    6. Re:Is this really a problem? by Opportunist · · Score: 1

      Irony or ...?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:Is this really a problem? by Anonymous Coward · · Score: 0

      That would be the one from Apple Records?

      Not from one of "the big corporations" - Apple, Google, Microsoft...

    8. Re:Is this really a problem? by DontBeAMoran · · Score: 1

      Sarcasm.

      --
      #DeleteFacebook
    9. Re:Is this really a problem? by Anonymous Coward · · Score: 1

      If you have vCenter 6.x installed you should be able to already access it via https://vcenterhost/ui

      It's nice, but not yet completely in parity with the flash version, and yeah many plugins don't work.

    10. Re:Is this really a problem? by Anonymous Coward · · Score: 0

      Or you could keep using the VSphere client that doesn't require any flash or browser

  4. The whole 10 people this affects by Anonymous Coward · · Score: 0

    Who still uses flash these days?

    Aside from all the security issues with it, I think the final nail in the coffin for flash was when they decided they were not going to support mobile devices. Since sites these days want to be as interoperable with mobile as possible that was pretty much the end of flash.

  5. Great response Adobe by Anonymous Coward · · Score: 0

    Only 5 days from public disclosure to a patch... Wouldn't wanna force y'all to work weekends, fucking jokers.

    1. Re:Great response Adobe by Hal_Porter · · Score: 1

      " And because Adobe programmers were very sinful God revealed a zero day on a Friday and did say 'Only 5 days from public disclosure to a patch... Wouldn't wanna force y'all to work weekends, fucking jokers'. An lo! Adobe engineers trying to sneak out of work at 4:50pm were caught by God in his 'Lumbergh' form and asked to work at the weekend "

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    2. Re:Great response Adobe by rjune · · Score: 2

      They are getting better. I posted on February 20, 2009 that it took Adobe 18 days to release a patch for a critical flaw. I think this URL will get you to the discussion: https://slashdot.org/comments....

      With regard to Adobe and security flaws, check out this URL: https://en.wikipedia.org/wiki/...

    3. Re:Great response Adobe by Anonymous Coward · · Score: 0

      Naw it was revealed yesterday. Slashdot is just slow on the news.

  6. OMFG by NoNonAlphaCharsHere · · Score: 4, Funny

    A Flash SWF file embedded in a MS Word file. What could possibly go wrong?

    1. Re:OMFG by AmiMoJo · · Score: 2

      Better replace it with an ActiveX control ASAP.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:OMFG by NoNonAlphaCharsHere · · Score: 2

      On further reflection, I'm thinking that the fopen() would probably cause an explosion that would make matter/antimatter look like Alka-Seltzer.

    3. Re:OMFG by Anonymous Coward · · Score: 0

      This methodology can also be delivered through FrontPage server extensions.

    4. Re:OMFG by Anonymous Coward · · Score: 0

      I hate to break it to you, but the Flash player used for embedded SWF objects in Microsoft applications is already an ActiveX object.

  7. Zero Day by Anonymous Coward · · Score: 0

    I wish people who use this term understood it. It is only a zero day if it was first discovered and used today. If they patch it on Monday, and it really is a zero day, then they will be patching a three day.

    1. Re: Zero Day by Anonymous Coward · · Score: 0

      No.
      A zero day could be used for years.
      As long as the company doesn't know about it, it's a zero day.

  8. The problem. by Anonymous Coward · · Score: 4, Informative

    The problem is that in China, nearly every video website used Flash-based video players.Also, some major e-banking websites require Flash.
    I do not know the exact reason, but someone said that Flash-based "web apps" are easier to make and Flash is easier to implement DRM (you know those ____ing sites that do not want you to download those videos by any means unless you sign up and pay)

    1. Re:The problem. by jbmartin6 · · Score: 2

      A lot of cloud based security camera systems have the same problem.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    2. Re:The problem. by Anonymous Coward · · Score: 0

      Change banks. Flash isn't even on my computer. If any site requires it, I leave the site. Don't be stupid and use Flash.

  9. Qui Bono? by mentil · · Score: 1

    Ya know, I'm wondering what the benefit of NK hackers using ransomware, or stealing cryptocurrency is. Ok they manage to transfer it to a bank in Switzerland or South Korea or whatever... now what? They can't transfer it to a NK bank because of the sanctions (not like numbers in a NK database help them). They can't buy a truckload of food and drive it over to NK because of sanctions/blockades. They can't rent a DC10 and airdrop food into NK because of DMZ/no-fly-zone/sanctions. I was wondering why the hackers, who are presumably reasonably intelligent, are doing their hacking from outside of NK, have access to the wider internet, and realize the NK propaganda is mostly BS, don't just run away, giving the middle finger to NK. Sure, maybe their family back home is being threatened by the NK government... but chances are good that their family is gonna be fucked by war and/or famine, so why wouldn't a young man just say "fuck it all" and never look back?

    Last I heard, chances are good that China of all nations is going to be at war with NK, as early as next month. I'm sure they'll have zero compunction about glassing the entire country, papering over the literal fallout with propaganda if necessary. Easy way to take care of that 'refugee problem', eh? I imagine other countries would have a difficult time poo-pooing out one side of their mouth while breathing a sigh of relief from the other; ya know, aside from the actual fallout-caused problems (which would still be preferable to an errant NK nuke, assuming China doesn't use salted warheads).

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    1. Re:Qui Bono? by gtall · · Score: 0

      Do the words "prevailing wind patterns" and "fallout" ever occur in your brain simultaneously?

    2. Re:Qui Bono? by Opportunist · · Score: 1

      Run away? Heck, why? They have a very well paying job (not just for NKor levels) and when they're home, they are basically above any and all laws as long as they don't piss off anyone higher up in the hierarchy.

      Imagine you, as a US citizen, could have all the hookers and blow you want, could treat everyone but politicians like garbage up to the point of pretty much getting away with murder if you so please and everyone has to do your bidding OR ELSE, because you're simply more valuable than anyone else in the country to the big and mighty, and no pesky "human rights" or constitution getting into your, or their, way.

      Would you want to get out?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Qui Bono? by gbjbaanb · · Score: 1

      a regime like that... damn right I'd want to get out.

      But then I'm a grown up adult with a sense of responsibility to the wider world and humanity. This is also why I'm dead set against the "liberals" with their sights set on their totalitarian fascist desire to tell everyone else what to do while profiting from it.

    4. Re:Qui Bono? by jrumney · · Score: 1

      There is no DMZ or no-fly zone between China and North Korea or Russia and North Korea. Driving a truck across those borders without being stopped for 'sanctions reasons' probably doesn't cost much in bribes either.

  10. Just throw the baby out with the bathwater by Anonymous Coward · · Score: 0

    Flash is due to be end of lifed anyway, get the pain over with now rather than 2020 when there will be a panic of developers.

  11. What's Flash? by pikester · · Score: 1

    Steve Jobs declared the end of Flash in 2007. 10 years later (or 11 if your round really up), it has been true for a couple of years. I'm still surprised that I see Flash video from a local major content supplier. I'm not the guy to fix it, but I'll be happy to enlighten people (let's talk in fact).

  12. Did BeauHD slip? This isn't RUSSIA'S!!!! fault?!? by Anonymous Coward · · Score: 1

    I'm surprised BeauHD didn't find a way to pin the very existence of Flash on RUSSIA! RUSSIA! RUSSIA!

    Oh, yeah, this is The Onion's take on the Nunes memo:

    FBI Warns Republican Memo Could Undermine Faith In Massive, Unaccountable Government Secret Agencies

    WASHINGTON—Stressing that such an action would be highly reckless, FBI Director Christopher Wray warned Thursday that releasing the “Nunes Memo” could potentially undermine faith in the massive, unaccountable government secret agencies of the United States. “Making this memo public will almost certainly impede our ability to conduct clandestine activities operating outside any legal or judicial system on an international scale,” said Wray, noting that it was essential that mutual trust exist between the American people and the vast, mysterious cabal given free rein to use any tactics necessary to conduct surveillance on U.S. citizens or subvert religious and political groups. “If we take away the people’s faith in this shadowy monolith exempt from any consequences, all that’s left is an extensive network of rogue, unelected intelligence officers carrying out extrajudicial missions for a variety of subjective, and occasionally personal, reasons.” At press time, Wray confirmed the massive, unaccountable government secret agencies were unaware of any wrongdoing for violating constitutional rights.

  13. Why by Anonymous Coward · · Score: 0

    Why is anyone still using flash today exactly? Trash that crap out the uninstaller window and never use it again. It was and will always be, the biggest security risk on your computer, because Adobe can't do anything right.

  14. lol Beau, lol by Anonymous Coward · · Score: 0

    The story broke on Bleeping Computer: https://twitter.com/campuscodi/status/959092532520148993
    Why is that shit from GBHackers even linked here. They can barely write in English and they obviously stolen the content from the original publication.
    Come on Beau, get your shit together and start promoting quality reporting.

  15. Flash .. insecure by design ... by Anonymous Coward · · Score: 0

    I'm sorry, but Flash and all of its incarnations has been a gaping fucking security hole since the late 90s ... you know, as long as it has existed.

    I've been disabling Flash for a very long time.

    It's a steaming turd, and always has been.

    At this point, I have no sympathy for anybody who gets impacted by Flash, because Flash has always been broken and insecure.

    Flash should have been killed off years ago. I'm not letting some random web site run arbitrary code on my machine because I don't trust Flash. Because, how the fuck could you possibly trust Flash?

  16. Who cares anymore? by Anonymous Coward · · Score: 0

    Seriously?

  17. Ultra Pedantic by Anonymous Coward · · Score: 0

    I'm not sure it's a zero day now it's been found and distributed.

  18. Who the hell is selling them computers? by sabbede · · Score: 1
    And how are they getting online? Hardline across their Northern border? Since China is so "great" at controlling internet traffic, how about we get them to help keep the DPRK's activities in check?

    There aren't a whole lot of addresses for the DPRK, they can't have that many computers or people with the skills to do this. Is there nothing we can do to monitor and control their access and activity?

    1. Re:Who the hell is selling them computers? by Anonymous Coward · · Score: 0

      So...maybe you are smart, but love propaganda, so aren't toooo smart. But here's a clue. North Korea is not an island.

    2. Re:Who the hell is selling them computers? by Anonymous Coward · · Score: 0

      Right they are connected to China and SKorea.

      I don't know what sort of telecom connection they have to SKorea, but my understanding is that nearly all of their telecom went through China (since China is the only country willing to deal with them).

    3. Re:Who the hell is selling them computers? by Picodon · · Score: 1

      Russia also is an active economic and diplomatic partner of North Korea. And that includes Internet connectivity.

  19. Yet another attack vector that APK failed on by Anonymous Coward · · Score: 0

    Here we have yet another vector that APK's work fails to protect against, yet no script would prevent it.

  20. vSphere still uses it for some stuff by Joe_Dragon · · Score: 1

    vSphere still uses it for some stuff

  21. South Korea Computer Emergency Response Team by 140Mandak262Jamuna · · Score: 1

    South Korea embraced the internet and jumped in early. So early it forced all the banks and other agencies to use some Active X based protocol. Not sure if the country has recovered completely from that fiasco.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:South Korea Computer Emergency Response Team by jrumney · · Score: 1

      The government didn't force banks to use ActiveX. It forced them to use South Korea's homegrown encryption algorithms. For a long time an ActiveX control was the only off the shelf way to deploy those algorithms. They have since been added to TLS and are natively supported by all major browsers by now.

    2. Re:South Korea Computer Emergency Response Team by Anonymous Coward · · Score: 0

      No, they still gonna require to install third part binaries to use bank websites and etc. just it is not gonna be activeX based... *sigh* I am glad I never have to deal with korean banks.

  22. There's a shocker by DaMattster · · Score: 1

    Flash has been riddled with security holes since it came into use. Since it is not based on any kind of standards whatsoever, no one can really review it for compliance. It's been a broken technology since its inception.

  23. Please die already Flash by sn0wflake · · Score: 1

    This news angered me so much that I tried seeking out removing Flash, and I was astonished at how hard it was, technically and what I'd have to give up. First surprise was Windows 10. I honestly thought Flash was just a component that could be uninstalled. How wrong I was. Turned out I would have to change ownership of system-reserved files. Cumbersome and not a pretty solution, so I postponed that project. Next I checked Google Chrome 64. Again I assumed it would just be a simple option of disabling Flash. Again wrong. Older versions of Chrome had a flag to disable Flash, Chrome 64 does not, and I honestly don't know if it's even possible to disable Flash in the latest Chrome version. All I could do was clean up white-listed websites, and while doing so I noticed one websites that I wouldn't like to part with. So, my big project of removing Flash from Chrome and Windows 10 stopped there. It's incredible that this piece of garbage Flash is still around with more holes than Swizz cheese. If holes could have holes they still wouldn't compare to crappy Flash that just don't want to die.

  24. Only at work by AbrasiveCat · · Score: 1

    I removed Flash from my home computers some time ago. Now I only have access at work where it is a required application. (Boneheads.)

  25. Security Mentor uses flash for "security" training by Anonymous Coward · · Score: 0

    I work for a company that uses Security Mentor (http://www.securitymentor.com) for security training. The first time I tried to open a lesson, I was in absolute shock that I had to install flash player. I reached out to them and heard nothing back. I created a sandbox to click through their videos as quickly as possible. I mention this so perhaps the /. effect can help convince them that you cannot credibly teach security while requiring people inherently make bad security decisions to do so.

    Flash is bad. Has always been bad. Needs to die. There's even an html5 zombo now and you can do everything there!

  26. Re: To anyone still using Flash in 2018 ... by junk · · Score: 1

    You'd be sadly amazed by the number of companies that think flash is an acceptable avenue for building interactive web properties. I frequently see it with online classes. Think school lessons, driver's education after s ticket, HR training, "security" tutorials, etc. It's sad but there are so many "developers" that adopted it a long time ago that just aren't picking up HTML5.

  27. Refreshing... by rnturn · · Score: 1

    While Meltdown and company are getting all the attention lately, it's sort of nice to hear about something new from the folks that gave us so many classics.

    --
    CUR ALLOC 20195.....5804M
  28. Flash included with Windows 10 by h4ck7h3p14n37 · · Score: 1

    I recently purchased a cheap laptop running Windows 10 to manage an ESXi server. The voice directed setup was great, but I was shocked to see Flash installed by default. What was Microsoft thinking?

  29. Adobe sells vulnerabilities to secret agencies? by Anonymous Coward · · Score: 0

    "I treat Flash itself as potential malware..."

    Does Adobe sell vulnerabilities to secret agencies? There seem to be far too many vulnerabilities considering the lack of improvements in the software.

  30. So... Microsoft? by Anonymous Coward · · Score: 0

    So as long as I have no Microsoft GarbageOffice software to be used with the malicious payload, Iâ(TM)m fine, right? (Happily, as I use LibreOffice, thereâ(TM)s no application to open the Microsoft GarbageOffice files, right?

    (I know LibreOffice can kinda-sorta open Microsoft GarbageOffice files, but I have mine configured to refuse to load any of the internal code by default in any GarbageOffice file, so it shouldnâ(TM)t matter in my case.

    But hey, itâ(TM)s been a little while since the last big, embarrassing Adobe Flash Security Fuckup, hasnâ(TM)t it?

  31. Yawn by bi$hop · · Score: 1

    I uninstalled Flash and stopped using Microsoft Office years ago. Haven't missed them at all.

  32. Breaking news! New Flash vulnerability! by Mike+Van+Pelt · · Score: 1

    In other astonishing news, the sun came up this morning, water is wet, and it's dang cold in Point Barrow in February.

  33. Re:Breaking news! New Flash vulnerability! by Mike+Van+Pelt · · Score: 1

    (but the sun didn't come up in Point Barrow, Alaska.)

  34. Why are people trusting applications? by ka9dgx · · Score: 1

    Why does anyone trust any application to do what it claims it will do on the tin? Isn't it the job of the Operating System to allocate and determine access to system resources, as specified by the user? We need better OSs.

  35. How? NoScript fails vs. hosts (many levels) by Anonymous Coward · · Score: 0

    NoScript doesn't do a FRACTION of what hosts do for you!

    Can NoScript block & stall botnet client C&Cs? No.
    Can NoScript protect vs. DNS down/poisoned? No.
    Can NoScript protect vs. dns request log tracking? No.
    Can NoScript protect vs. Dns blocklists? No.
    Can NoScript protect vs. spam/phish malicious payloads? No.
    Does NoScript speed you up 2 ways: adblocks & hardcodes? No.
    NoScript operates slower parsing script src tags in usermode.

    * Hosts block before noscript vs. ad & 3rd party scripts in kernelmode not slower usermode where noscript operates from also compounded in added messagepassing inside a browser & addons slow a browser which shows when stacked w/ other addons more!

    APK

    P.S.=> According to the source article, it's done via flash .swf files - as long as hosts have the source host-domain name blocked where it comes from, hosts do it FASTER vs. NoScript - period... apk

  36. Never saw this coming by Anonymous Coward · · Score: 0

    Adobe has such a solid reputation for being a company that produces secure and safe products, with Flash being the foremost example of this. The fact that it had a security hole like this surprises me more than a little bit. Hmm, I wonder if there could be others?

    Also, remember about a year back when we were all led to believe that Flash would be going away? Good times.

  37. Re:Using flash by zwarte+piet · · Score: 1

    Loads of fun?