Here's a brilliant idea-
Don't open shady looking attachments from your E-mail inbox kids.
Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack. Users of the animation software on other browsers and operating systems will have to wait until next week for the same patch. Chrome was able to beat the rest of the pack thanks to …
Don't open shady looking attachments from your E-mail inbox kids.
Your kind makes people to setup a page with the flash exploit, mask it with url shortener, put link to some xxx looking mail sent to your address and exploit your computer saying "what did you say?" while erasing all data.
Must be glad I am not a black hat.
Flash vulnerability means, it can be run embedded from any web page to infect poor non techie users. Got it? They even put them in Ads!
Read. Think. Don't post.
* Malware Installed by LiveJournal Ad
* Major Ad Networks Found Serving Malicious Ads
* Google Text Ads For Known Malware Sites
* Hackers Use Banner Ads on Major Sites to Hijack Your PC
* Malware Rising - Attacks Increasing Through Malicious Online Advertising
Mail admins where I worked always tried to train users to save attachments to disk before opening them. This gives the AV software a chance to scan the file before it is opened. As an Outlook shop, it also solves the problem of maroons opening the attached document, editing the crap out of it, saving it, but not as a new file, and then losing all of their changes when they DIDN'T save the email from which they edited the document.
As for your Black Hat alternative, that wouldn't hit me either. I don't open dodgy emails for XXX pics either. So you need a REAL drive-by exploit to nail me. On Windows there are plenty of them out there and I've been nailed by some. Worst one was from an MSN banner ad because I forgot to change the default page to Google before starting IE6 to run MS updates to patch the newly built XP SP3 system. On the upside, since it was brand-spanking new, there was no data loss and the decision to delete partitions and start fresh was easy.
1 week extra left vulnerable to test the other combinations? Who are they kidding?
Is this Google's new strategy, get people to use their browser by sneakingly convincing the buggiest plugin in history to delay security patches for other platforms?
"Google patches Flash bug before Adobe"
"Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack".
I think you mean "does a work around"... not "fixes" or patches Flash - unless you are saying that Adobe is hacking or forking Adobe's very own source code?
it says Google had access to a pre-release version of that-particular-bug-fixed Flash
maybe the content of the article makes that a bit clearer. If only I had time to read it...
reading comprehension fail, google chrome really uses a patched flash plugin, not a work-around.
in firefox: You have version 10,2,152,32 installed
in chrome: You have version 10,2,154,25 installed
The table below contains the latest Flash Player version information. Adobe recommends that all Flash Player users upgrade to the most recent version of the player through the Player Download Center to take advantage of security updates.
Platform Browser Player version
Windows Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 10.2.152.32
Windows Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 10.2.152.32
No, they really do mean that the Chrome update includes a fixed version of Flash. Adobe aren't
quite hacking or forking Adobe's code, but they do have access to newer versions than the
rest of us. You might want to try reading *all* of the article next time (or at least the second
I thought I would go ahead and share the fine article with you:
"Chrome was able to beat the rest of the pack thanks to ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash, Adobe spokeswoman Wiebke Lips said. "
Let my try to use small words for you. Google gets a release of flash from adobe which has a fix but is not yet completely tested in all browsers by adobe. google, not needing to test in any browser but Crome, is able to verify the patch faster then Adobe is, and therefor release sooner. It is an Adobe-written fix, not a fork.
is a brilliant name
Gnash is pretty much dead mate, at best they're flogging a dying horse [8 months since last update]......
If Google with scores of hard-ass developers and billions in the bank are partnering with Adobe on Chrome integration that must tell you something.
"animation software" ? What is this, the Daily Mail ?
Wiebke Lips.... where does this name come from? a german porn star actress?
We must make sure newbies install Google spyware browser (with default settings) and lock themselves and private lives to Google not to be exploited by no-name spyware installed by flash vulnerability.
Funny part is, I haven't heard any spyware that "reads" user private mail and makes sure it is never actually deleted.
If both companies read this comment, here is why the entire planet hates you.
No, it means that Adobe has already coded the patch for the flaw but will only release the patched version it to Google for deployment because Google helped test it while every other browser platform still needs more testing before Adobe will release it for the others.
HTML5 - youube will do VP8 rather than flash. Wait a while...
"ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash"
Why the hell is it possible to embed a Flash video in an Excel spreadsheet anyway? Because spreadsheets aren't exciting enough there has to be a way to animate those numbers?
^^ Oh no. That's why.
...that Google pushed out the update with minimal testing?
Why the hell do you need flash running in Excel it's just a bloody spreadsheet, I assume LibreOffice does not allow the same attack vector ?
Don't just blame Adobe on this one folks
Excel supports ActiveX controls, and I dare say there are thousands of legitimate uses for such extensibility. Flash is an ActiveX control. Ergo, Flash can run in Excel.
You might as well ask why computers are able to run Flash. It's all software. It's flexible. Get used to it or find another job.
Flexibility at the expense of security ?
I think you should get another job (assuming you are a MCSE) and by the way flash is not an activeX control on linux or OSX.
ActiveX is a botched security nightmare.
Why the only version of flash you should ever allow on your computer is the one that comes with the latest Chrome and even then you should always run Chrome with the --safe-plugins flag to make sure its sandboxed. In general if you have any Adobe software (malware portals) on your system you are asking to join a botnet regardless of other safety precautions.
I had heard that.
I had also heard that reputable websites generally don't do (or serve) Flash adverts because (a) they have some respect for their readers (b) the prevalence of assorted Flash blockers and disablers means it's just so much wasted space for the website anyway.
Or was I dreaming or under the influence?
Adobe proves itself the Acquired Immunity Deficiency Syndrome of the internet.
Roll on HTML 5 when this company and its crappy vuln-ridden products will be obsolete.
I had a similar issue with CA about 20 years. I needed to be able to run one of CA's product's in a certain way and could not because they hadn't updated their software.
It was at the time one of the few CA products that still shipped with source. I asked CA and they said in the best case 4-6 months. I was on deadline and couldn't wait for them so I went in and patched CA code to allow running their product (it was *LEGAL*). It took me say 3 days and the code was in one specific area so that made it extra easy. I tested it over the weekend and it worked. SO I called CA monday AM and told them I figured out the fix (they were getting a lot of pressure from other users). I told them to go to hell. It works and if you want to pay me I will have to have a contract made up. They figured i would give them it for free, HAHA!!
fscked by SHA-1 collision? Not so fast, says Linus Torvalds