Conspiracy!
It's an evil plot by Steve Jobs to strengthen Gianduia's position over Flash!
Adobe Systems on Monday warned of a critical vulnerability in the most recent version of its Flash Player that is being actively exploited in the wild. The vulnerability affects Flash Player 10.1.82.76 for Windows, Macintosh, Linux, Solaris, and Android operating systems, Adobe said in an advisory. “There are reports that this …
>> since Flash is used by Gmail and other web-based email services
That statement is misleading since such services can USE Flash but they most certainly don't NEED Flash to function. An example would be a Gmail user being able to view a Youtube video that's part of a message they received. But outside of something like that Flash is not a necessary part of any webmail service I'm aware of. I just don't want to see people being spooked about some kind of vague distinction that webmail services are more or less vulnerable as that isn't the case.
Microsoft refocused on security and we went from "ha ha" default security in Windows 2000 to "not impenetrable but arguably within reach of the competition" in Windows 7. It’s not just Flash; it’s Adobe Reader too.
I second Dan's noscript call:
http://www.theregister.co.uk/2010/08/11/sysadmin_noscript/
And I raise a few more plugins besides:
http://www.theregister.co.uk/2010/08/10/sysadmin_secure_browser/
http://www.theregister.co.uk/2010/08/06/sysadmin_malware_magnet/
Adobe, Pull your damned socks up.
You dinosaurs would still rather be working on computers running unix or dos with a green screen VDU.
Graphics are what most users want to experience on their PCs and flash enables that. Sure, it needs to be more securely coded, but to dismiss it outright shows some of you lot to be old farts
While I agree with your assertion that most users want to use a graphical interface; not only I do I flat out reject the rest of your argument, but am now convinced that you are an absolute idiot because you don't comprehend Adobe hasn’t gotten their security ‘shit’ squared away after years of "second chances".
Just say no to flash!
This article gives the wrong mitigation measures -it says use NoScript and that gmail needs flash
* gmail doesn't use flash, nor does Y! mail, though flickr likes it
* if you install the FlashBlock plugin (Firefox and apparently Chrome) you can block flash everywhere, and selectively enable it where you trust the site.
* Acroread is best handled by uninstalling, switching to a lighter weight viewer. Sometimes these are vulnerable too, but they tend to be targettted less often
Yeah, the main reason I stick with Firefox is the the plugins, particularly, noscript and flashblock, both of which I use. Opera needs to consider opening it's system out to fully to allow powerful plugins if it wants to take on Firefox, and not just try the "we'll include the kitchen sink, features wise, so you don't need proper plugins" approach. Any time I've searched Opera plugins, all there seems to be is 101 calendar apps. Why do I want a bloody calendar in a web browser, FFS?
Worth pointing out though, is that Flashblock isn't infallible, I've had a few "WTF?" moments when flash ads start running by somehow either deliberately or inadvertently bypassing flashblock's Flash detection. Don't know how they do it, but flashblock isn't perfect.
I have worries about HTML5 and it's video streaming capabilities. I suspect it's going to open up a new security can of worms for malware peddlers to exploit. At least I can for the most control flash and flash video with flashblock and noscript.
People wonder why I still use slow Firefox instead of the much faster Chrome or Opera. This is a first class demonstration why. The browser makers always say that their browsers are completely secure so the plugins like noscript, cookie monster, better privacy and ad block are not needed.
But in cases like this with these zero day vulnerabilities (that even affect firefox) I am happy to have these plugins that give an extra level of control and when other browsers have plugins that do the same thing I will be happy to move to them.
From the previous posters comments it looks like Chrome is moving in the right direction. But when I looked up Flash Block it looks like you are forced to allow sites like youtube.
That maybe true, but the main point of my post was to say that I won't touch other probably better browsers until they offer these types of plugins to allow you to shield yourself from these zero day issues until patches are avaliable.
Most browser zero day issues seem to come from javascript, flash etc. We must be allowed control over when these run rather than the browsers 'we are secure so we can allow everything on every website to run' attitued. This is fine until a vunerability they have not thought of appears.
The rumour with Chrome was that Google will never allow anything that stops their browser from doing flash or javascripts as most of their ad revenue comes from them.
>> You dinosaurs would still rather be working on computers running unix or dos with a green screen VDU.
Personally I like both a terminal window and a dancing GUI making mindless sound effects. But both have their own appropriate situations, and I think almost all computer users young or 'dinosaur' feel the same way. The problem with Flash is Adobe has failed in an extreme way to allot proper development resources to optimize and secure it. To Adobe's credit, if you think back to when the Internet was just starting to gain so much general usage, Flash was originally aimed more at animated games and then it's usage for things like online video just grew almost organically. There really wasn't a lot of viable alternatives at the time, like HTML5, WebM, or Silverlight, etc. But getting back to the point, most techies don't hate Flash for what it is and making silly blanket accusations is pointless. I think a more accurate sentiment is the wish for an optimized, cross-platform stable, secure Flash that just works. A proprietary-free environment would be even better. Adobe's refusal to a) give Flash better development support, or b) Open Source it to allow better development support is disappointing. HTML5 is gaining lots of momentum and Flash could become more and more irrelevant.