back to article New Flash flaw lets you beat White House and NATO security

Don't ignore the next emergency Flash Player update you receive: it might be trying to fix yet another vulnerability in the chronically-insecure plug-in. According to Trend Micro, the vulnerability is already being used by Pawn Storm in phishing attacks against a variety of governments. Trend's analysts reckon the zero-day …

  1. Robert Helpmann??
    Childcatcher

    Not Worth It

    I know this sounds trite and has been said many times before in El Reg's forums, but just get rid of Flash if you possibly can and you will have eliminated a major target for malware on your machines. Yes, many companies have it as part of their image, but most tend to be motivated by their bottom line and having to patch Flash is a major time sink for their respective IT departments.

    1. big_D Silver badge

      Re: Not Worth It

      I patched ^H^H^H^H^H^H^H^H deinstalled it on my systems back in January. I don't have to worry about patching it any more.

  2. Anonymous Coward
    Anonymous Coward

    On a platter, with a side-order of fries

    US military reports 75 US-trained rebels return Syria

    Unfortunately it was just a flash in a p0wn.

    There's no going home tonight.

  3. Your alien overlord - fear me

    Don't you just need a UK sysadmin with Asperger's syndrome to beat NATO security. What, too soon?

  4. BenBell
    Flame

    It's getting (gotten) to the point now where a flash vulnerability isn't news.

    Flash in its day was awesome. I remember the countless hours I wasted at school in the early late 90s ignoring the teachers and playing flash games online.

    Now I work as a sysadmin for a company that uses flash for interactive modules on its Moodle (Training/Learning web) platform and the continuous updates/patches of several thousand end devices is a pain in the a$$.

    Roll on HTML5 (as soon as I'm allowed).

    </rant>

    1. JakeMS

      Good times..

      Yeah flash back in the days in school was some damn good times!

      It made history much more interesting when your at the back of the room with your monitor turned at an angle the teacher can't see while your playing "Strip that girl"[1]

      I also remember getting detention once through getting caught.

      And oh man and the weak security on those computers.. in college I could crash IE6 which would let me log in as admin without a password and fully control the computer.. that was until I had an audience of students around me saying "Hey his in the admin account!" of which the tutor noticed and the next day I get pulled aside by the IT guys to show them how I did it.. which they soon fixed.. :-(

      School was fun though..

      Now back on topic.. yes.. modern day flash.. kill it just kill it already. I actually have it uninstalled myself at the moment. When I upgraded my computer to Fedora 22 I simply never got around to actually installing it. To be honest that was 3 months ago. I've now noticed I simply don't need it so have decided to not install it at all.

      Although I bet modern day teens love flash now too.. as with all it's exploits it probably makes it much easier to bypass the computer security to bypass web filers..

      [1] You pervert blah blah blah, I was 12/13 going through those new teenage hormones so I had no control over my actions...... that's my excuse and I'm sticking to it.

  5. Crazy Operations Guy

    Air-gapped networks

    Computers are cheap enough nowadays that you can just give everyone two machines to work with: One for the real work disconnected from the internet and completely locked down, and a second machine that is for accessing public-facing email and things requiring internet access which is wiped regularly. That way if any compromises do happen, it doesn't really affect much. Perhaps even just use thin clients / VDI and have the VM's set to throw away all changes on reboot.

  6. AlCro

    If you are against flash, why do you use it so much?

    Why is it that The Register is (understandably) so against using Flash, and denounces it for its security flaws, but at the same time continues to publish articles containing videos that require Flash for them to be viewed?

    I have my browser set to prompt me to enable the Flash plugin, and it seems that most articles on The Register web site that contain a video require Flash to be enabled in order to be viewed.

    So, it's really buggy and exposes you to security risks, but we will still continue to use it, and at the same time expose our readers to security risks.

  7. Anonymous Coward
    Thumb Down

    Flash - BBC dont know

    https://www.whatdotheyknow.com/request/294323/response/719455/attach/html/3/RFI20151634%20Response.pdf.html

    1. arctic_haze
      Facepalm

      Re: Flash - BBC dont know

      They should have replied to the request using a Flash movie.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021