And this is why...
I use Adblock for all my web viewing. (Sorry El Reg).
Ad networks are festering piles of malware disease, but if I never load the ads, I can't be plagued by them, visually or otherwise.
Confidential source code stolen from Hacking Team, and subsequently leaked online, has revealed new and extremely serious software vulnerabilities that are exploited by the spyware maker to infect victims' computers. The security holes are used to inject malicious code into PCs; that code installs surveillance tools to monitor …
I am waiting for the headline that reads;
at last a day without a Flash problem.
Until then I will not be running flash. It does make some site's 'wonderful videos' unavailable, but if they cannot use something safe, (including using words, not moving pictures) I cannot be bothered to waste my time on them.
And this is why...
I use Adblock for all my web viewing. (Sorry El Reg).
Ad networks are festering piles of malware disease, but if I never load the ads, I can't be plagued by them, visually or otherwise.
What's more, if you're abroad, YOU are paying to download this crud as well - let's remind people of that every time you get this "ads make things cheaper" argument, advertising happens in that case on your dime. It's like in the days before server side Bayesian spam filtering where a good deal of your email bandwidth was downloading crud before you could kill it off locally (this is what you get when your Chairman is so scared of missing juicy business via a false positive on spam that he doesn't permit basic filtering - until secretaries started receiving seriously nasty stuff and we warned HR this was a harassment suit in the making).
The problem with Flash is that it's everywhere, and I do have the luxury as yet to just tell the idiots who use it to go stuff themselves - but we too use AdBlocker and a sideload of redirects in the hosts file (will look up a reference by @Mark 85 as well - thanks for that) because we have no choice if we want to keep it safe. You can say what you want about Jobbs, but he called that one right: Adobe seems to be committed to keep computers as exposed as they were in the early days of Windows.
Bring the popcorn! I'd expect Adobe and MS to counter-sue for breach of their EULA - you know, the part where it forbids reverse-engineering? You did read the EULA, didn't you?
So the ongoing security of users depends on which company can afford more lawyers.
Hell, no popcorn icon, nevermind.
As El Reg stated a couple of weeks ago, Flash is the "The Internet's screen door." Uninstall it. Burn it. Nuke it from orbit. I'm sick of "OMG, You gotta patch RIGHT NOW" zero day Flash vulnerabilities that we seem to hear about weekly.
And you web site maintainers, if you're using Flash (I'm looking at YOU, El Reg), STOP IT. Just get rid of it. There are alternatives, and none of them could possibly be as buggy as that pile of fetid waste known as Flash. Just flush it away.
This has definitely opened up a huge can of worms. Now we see that private hacking companies are out there searching for vulnerabilities that they exploit without letting the software companies know. This is basically black hat stuff.
I am sure that if an individual made use of that kind of information for his own benefit, then the US authorities will extradite him and send him off to Guantanamo. If this is one company's information stash, imagine what kind of stuff the NSA and Mossad have with the amount of funding they receive. Imagine how many exploits they have access to. We have seen what has been leaked by Snowden.
If this is one company's information stash, imagine what kind of stuff the NSA and Mossad have with the amount of funding they receive. Imagine how many exploits they have access to. We have seen what has been leaked by Snowden.
That's why you need defence in depth - services and installed apps must be safe on their own without having to rely on an overall shell. The whole "soft centre, hard shell" approach has been invalidated long ago when it became clear that any Internet use can become a side channel attack via weak spots on the system (such as Flash).
This is why an operating system that needs anti-virus software installed before it is safe is quite simply NOT a good idea, because it makes people that code for that platform lazy when it comes to security and heuristics can only help you so much with zero day exposures.
Whilst we tend to focus on the criminals...
It is beginning to look that within the 400GB of data extracted from Hacking Team are exploits that have been known in certain circles for a long time, but which have not been previously reported and hence effectively made public.
It will be interesting to see what other similar exploits are still to be found within the Hacking Team's data; this discovery certainly makes it worthwhile security experts taking the time to trawl through the data.
Whilst this is unlikely to impact those who's systems have already been compromised by tools supplied by companies such as Hacking Tools, it will help make any future deployments of such tools by such companies/agencies much harder.
I was a little confused from your comment, were you referring to the 'fixed' version of Flash or are you referring to some IP address that you're now blocking? :)
Yes it is the fixed version (for Windows and OS/X):
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Aside: What I found a little worrying was that Flash 18.0.0.194 on Windows, even when explicitly requested to look for updates, didn't see the new version. I had to explicitly download it from the Adobe website, which did update my installation. Whereas Chrome at some stage quietly updated the Flash plug-in to 18.0.0.203.