Here's a brilliant idea-
Don't open shady looking attachments from your E-mail inbox kids.
Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack. Users of the animation software on other browsers and operating systems will have to wait until next week for the same patch. Chrome was able to beat the rest of the pack thanks to …
Your kind makes people to setup a page with the flash exploit, mask it with url shortener, put link to some xxx looking mail sent to your address and exploit your computer saying "what did you say?" while erasing all data.
Must be glad I am not a black hat.
Flash vulnerability means, it can be run embedded from any web page to infect poor non techie users. Got it? They even put them in Ads!
Mail admins where I worked always tried to train users to save attachments to disk before opening them. This gives the AV software a chance to scan the file before it is opened. As an Outlook shop, it also solves the problem of maroons opening the attached document, editing the crap out of it, saving it, but not as a new file, and then losing all of their changes when they DIDN'T save the email from which they edited the document.
As for your Black Hat alternative, that wouldn't hit me either. I don't open dodgy emails for XXX pics either. So you need a REAL drive-by exploit to nail me. On Windows there are plenty of them out there and I've been nailed by some. Worst one was from an MSN banner ad because I forgot to change the default page to Google before starting IE6 to run MS updates to patch the newly built XP SP3 system. On the upside, since it was brand-spanking new, there was no data loss and the decision to delete partitions and start fresh was easy.
Read. Think. Don't post.
* Malware Installed by LiveJournal Ad
http://it.slashdot.org/story/06/06/24/1420251/Malware-Installed-by-LiveJournal-Ad
* Major Ad Networks Found Serving Malicious Ads
https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210
* Google Text Ads For Known Malware Sites
http://tech.slashdot.org/story/08/11/14/1352221/Google-Text-Ads-For-Known-Malware-Sites
* Hackers Use Banner Ads on Major Sites to Hijack Your PC
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
* Malware Rising - Attacks Increasing Through Malicious Online Advertising
http://www.securityweek.com/malware-rising-attacks-increasing-through-malicious-online-advertising
etc.
"Google patches Flash bug before Adobe"
"Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack".
--->
I think you mean "does a work around"... not "fixes" or patches Flash - unless you are saying that Adobe is hacking or forking Adobe's very own source code?
reading comprehension fail, google chrome really uses a patched flash plugin, not a work-around.
http://www.adobe.com/software/flash/about/
in firefox: You have version 10,2,152,32 installed
in chrome: You have version 10,2,154,25 installed
The table below contains the latest Flash Player version information. Adobe recommends that all Flash Player users upgrade to the most recent version of the player through the Player Download Center to take advantage of security updates.
Platform Browser Player version
Windows Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 10.2.152.32
Windows Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 10.2.152.32
I thought I would go ahead and share the fine article with you:
"Chrome was able to beat the rest of the pack thanks to ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash, Adobe spokeswoman Wiebke Lips said. "
Let my try to use small words for you. Google gets a release of flash from adobe which has a fix but is not yet completely tested in all browsers by adobe. google, not needing to test in any browser but Crome, is able to verify the patch faster then Adobe is, and therefor release sooner. It is an Adobe-written fix, not a fork.
No, they really do mean that the Chrome update includes a fixed version of Flash. Adobe aren't
quite hacking or forking Adobe's code, but they do have access to newer versions than the
rest of us. You might want to try reading *all* of the article next time (or at least the second
paragraph!).
Excel supports ActiveX controls, and I dare say there are thousands of legitimate uses for such extensibility. Flash is an ActiveX control. Ergo, Flash can run in Excel.
You might as well ask why computers are able to run Flash. It's all software. It's flexible. Get used to it or find another job.
We must make sure newbies install Google spyware browser (with default settings) and lock themselves and private lives to Google not to be exploited by no-name spyware installed by flash vulnerability.
Funny part is, I haven't heard any spyware that "reads" user private mail and makes sure it is never actually deleted.
If both companies read this comment, here is why the entire planet hates you.
This post has been deleted by its author
This post has been deleted by its author
Why the only version of flash you should ever allow on your computer is the one that comes with the latest Chrome and even then you should always run Chrome with the --safe-plugins flag to make sure its sandboxed. In general if you have any Adobe software (malware portals) on your system you are asking to join a botnet regardless of other safety precautions.
I had heard that.
I had also heard that reputable websites generally don't do (or serve) Flash adverts because (a) they have some respect for their readers (b) the prevalence of assorted Flash blockers and disablers means it's just so much wasted space for the website anyway.
Or was I dreaming or under the influence?
I had a similar issue with CA about 20 years. I needed to be able to run one of CA's product's in a certain way and could not because they hadn't updated their software.
It was at the time one of the few CA products that still shipped with source. I asked CA and they said in the best case 4-6 months. I was on deadline and couldn't wait for them so I went in and patched CA code to allow running their product (it was *LEGAL*). It took me say 3 days and the code was in one specific area so that made it extra easy. I tested it over the weekend and it worked. SO I called CA monday AM and told them I figured out the fix (they were getting a lot of pressure from other users). I told them to go to hell. It works and if you want to pay me I will have to have a contract made up. They figured i would give them it for free, HAHA!!