New Flash flaw lets you beat White House and NATO security Don't ignore the next emergency Flash Player update you receive: it might be trying to fix yet another vulnerability in the chronically-insecure plug-in. According to Trend Micro, the vulnerability is already being used by Pawn Storm in phishing attacks against a variety of governments. Trend's analysts reckon the zero-day …
I know this sounds trite and has been said many times before in El Reg's forums, but just get rid of Flash if you possibly can and you will have eliminated a major target for malware on your machines. Yes, many companies have it as part of their image, but most tend to be motivated by their bottom line and having to patch Flash is a major time sink for their respective IT departments.
It's getting (gotten) to the point now where a flash vulnerability isn't news.
Flash in its day was awesome. I remember the countless hours I wasted at school in the early late 90s ignoring the teachers and playing flash games online.
Now I work as a sysadmin for a company that uses flash for interactive modules on its Moodle (Training/Learning web) platform and the continuous updates/patches of several thousand end devices is a pain in the a$$.
Roll on HTML5 (as soon as I'm allowed).
</rant>
Yeah flash back in the days in school was some damn good times!
It made history much more interesting when your at the back of the room with your monitor turned at an angle the teacher can't see while your playing "Strip that girl"[1]
I also remember getting detention once through getting caught.
And oh man and the weak security on those computers.. in college I could crash IE6 which would let me log in as admin without a password and fully control the computer.. that was until I had an audience of students around me saying "Hey his in the admin account!" of which the tutor noticed and the next day I get pulled aside by the IT guys to show them how I did it.. which they soon fixed.. :-(
School was fun though..
Now back on topic.. yes.. modern day flash.. kill it just kill it already. I actually have it uninstalled myself at the moment. When I upgraded my computer to Fedora 22 I simply never got around to actually installing it. To be honest that was 3 months ago. I've now noticed I simply don't need it so have decided to not install it at all.
Although I bet modern day teens love flash now too.. as with all it's exploits it probably makes it much easier to bypass the computer security to bypass web filers..
[1] You pervert blah blah blah, I was 12/13 going through those new teenage hormones so I had no control over my actions...... that's my excuse and I'm sticking to it.
Computers are cheap enough nowadays that you can just give everyone two machines to work with: One for the real work disconnected from the internet and completely locked down, and a second machine that is for accessing public-facing email and things requiring internet access which is wiped regularly. That way if any compromises do happen, it doesn't really affect much. Perhaps even just use thin clients / VDI and have the VM's set to throw away all changes on reboot.
Why is it that The Register is (understandably) so against using Flash, and denounces it for its security flaws, but at the same time continues to publish articles containing videos that require Flash for them to be viewed?
I have my browser set to prompt me to enable the Flash plugin, and it seems that most articles on The Register web site that contain a video require Flash to be enabled in order to be viewed.
So, it's really buggy and exposes you to security risks, but we will still continue to use it, and at the same time expose our readers to security risks.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
