Archive for Adobe

« Older Entries
Newer Entries »

Adobe Advises You To Update Flash NOW As A Result Of Hacking Team Breach

Posted in Commentary with tags , on July 8, 2015 by itnerd

The fallout from the Hacking Team breach and data dump that I reported yesterday has begun. Security expert Brian Krebs who is the go to guy for all things security related posted this on his blog yesterday:

Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks. The flaw was disclosed publicly over the weekend after hackers broke into and posted onlinehundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups.

And:

The Flash flaw was uncovered after Hacking Team’s proprietary information was posted online by hacktivists seeking to disprove the company’s claims that it does not work with repressive regimes (the leaked data suggests that Hacking Team has contracted to develop exploits for a variety of countries, including Egypt, Lebanon, Ethiopia, Sudan and Thailand). Included in the cache are several exploits for unpatched flaws, including apparently a Windows vulnerability.

Sure enough, there is an advisory from Adobe that has been posted and yet another emergency fix is due today. For those of you keeping score at home, this is the third emergency fix in the last month for Adobe Flash and further proof that it is not only being used actively in attacks, but it also incredibly insecure. Thus it appears that the decision fto remove it from my system is the correct one as constantly patching something that is clearly not secure is not a winning strategy. Having said that, if you still run Flash, you should patch your systems as soon as the patch is available. Meanwhile, I expect other vendors including Apple and Microsoft to be coming out with patches that mitigate anything that was in the Hacking Team data dump shortly as well. You might want to keep your eyes out for them and install any new patches that come out in the next week or two.

Leave a comment »

Stop Me If You’ve Heard this Before…. Update Adobe Flash NOW To Stop Active Exploit

Posted in Commentary with tags on June 23, 2015 by itnerd

Adobe today put out let another security bulletin to advise users to update to the latest version of Flash. Here’s the reason behind this bulletin:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.

So you have been warned. Download the latest updates for Flash to make sure you’re not a victim of this. Or better yet, just avoid this constant updating by avoiding Flash altogether.

Leave a comment »

One Huge Reason Not To Run Adobe Flash: Malware That Exploits Flash Is On The Rise

Posted in Commentary with tags on June 11, 2015 by itnerd

Frequent readers of this blog will know that I recently dumped Adobe Flash on my Macs except for running it in Google Chrome or inside a virtual machine. PC Magazine has a big reason why you may want to dump Flash regardless of whether you run a Mac or PC. Flash based malware:

Adobe Flash malware attacks are on the rise, according to McAfee Labs, which reported a 317 percent surge in the first quarter.

Attackers’ attention appears to have been diverted from Java and Microsoft Silverlight to un-patched Flash vulnerabilities.

Lovely. Here’s why this is a popular attack vector:

In the May McAfee Labs Threat Report, researchers chalk it up to several factors: the technology’s popularity, users’ delay in applying patches, new methods of exploitation, an increase in mobile devices compatible with Flash files, and the difficulty in detecting some exploits.

So, if you don’t update Flash, you’re asking to get pwned. In my case, it was simpler to dump Flash altogether. My Mac is safer and runs a bit better because I did. You might want to do the same.

Oh, speaking of updates, you should update Flash now if you do have it installed as remote access attack exploits are out there if you don’t. Charming.

Leave a comment »

Stop Me If You’ve Heard This Before…. Update Adobe Flash NOW

Posted in Commentary with tags on April 15, 2015 by itnerd

Once again, Adobe has posted a bulletin telling users of Adobe Flash on the Mac, Windows, and LINUX platforms to update ASAP because of an exploit that is in the wild. Specifically:

Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations to the latest versions: 

Lovely. I am so glad that I dumped Flash as I really don’t want to have to constantly worry about threats like these. Maybe Adobe should look at making Flash way more secure than it is currently so that users will be secure? Is that so hard to ask?

In the meantime if you are running Flash, upgrade now to protect yourself.

Leave a comment »

Another Alert To Update Adobe Flash Due To Remote Access Threat

Posted in Commentary with tags , , on March 15, 2015 by itnerd

Stop me if you’ve heard this before, but you should update Adobe Flash now. The bulletin put out by Adobe says this:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions

Lovely. I really think that taking Flash off of my Mac was the best decision that I made. Clearly with these never ending bulletins from Adobe, I think you can conclude that Flash isn’t going to get secure anytime soon. Thus you might want to consider doing the same.

Leave a comment »

Bye Bye Flash! Part 5 – The Wrap Up

Posted in Commentary with tags , on March 1, 2015 by itnerd

Well, I’ve come to the end of this experiment of removing Adobe Flash from my system over the last month. As promised, I downloaded a copy of Google Chrome and found that the issues with the Belkin NetCam site that I described in my previous post went away. That’s because Chrome has the Flash player built into the browser and it is sandboxed. Meaning that if some evil doer tries to use a Flash exploit, it stays within the browser. It also means that there’s no need for a separate plug-in. Another plus is that Chrome auto updates itself so you will always have an up to date copy of Flash installed, though it may take a couple of days before it hits your computer.

So, with that out of the way, my conclusions are as follows:

  • For the most part, there’s no practical need to have Adobe Flash on your computer as most web content will work fine without it. Plus your system will perform better.
  • If you need to use Flash for whatever reason, your best bet is to run Google Chrome. At least that way, you’re protected from the evils of those who exploit Flash and Flash will not impact your system performance simply by having the plug-in installed.

The bottom line is that Adobe Flash is staying off my system going forward and I believe I will be better off for it. What are your thoughts on this? Please share your thoughts below.

Leave a comment »

Bye Bye Flash! Part 4 – I Finally Found Something That I Need That Won’t Work Without Flash

Posted in Commentary with tags , on February 28, 2015 by itnerd

Up until now, life without Flash was perfect. In part 1, I found that the performance and battery life of my MacBook Pro improved by removing it. Part 2 had me answering questions about porn and surveys and finding that they still worked with a couple of exceptions. And part 3 had me experiencing no issues with not having Flash on my system.

That changed today as I discovered that on the Mac platform, you need Flash if you have a Belkin NetCam. That’s because unlike the PC which offers an alternate plug in so you don’t have to use Flash, the NetCam website doesn’t have anything similar for the Mac. Now is this a deal breaker? As long as I have my phone on me, it’s not as the NetCam app allows me to view video. If I have to rely on a Mac to see what’s going on at home, then I have a problem. I’m going to install Google Chrome as it comes with Flash as part of the browser. Thus I don’t have to reinstall Flash on my system. When I get a chance to do that, I’ll report back and finish up this experiment and let you know what the final verdict is.

Leave a comment »

Google Converting Flash Based Ads To HTML5

Posted in Commentary with tags , , , on February 25, 2015 by itnerd

Another sign that Adobe Flash is doomed comes in the form of the news that Google is now converting Flash based ads into HTML5 so that they can be seen on any device:

Back in September, Google began offering interactive HTML5 backups when Flash wasn’t supported. The Flash-to-HTML5 conversion tools for the Google Display Network and DoubleClick Campaign Manager created an HTML5 version of Flash ads, showing an actual ad rather than a static image backup.

Now, Google will automatically convert eligible Flash campaigns, both existing and new, to HTML5. All the advertiser has to do is upload their ads through AdWords, AdWords Editor, or many third-party tools that work with Google’s ad platform.

Now it should be noted that at present, not every ad can be converted from Flash to HTML5, but Google is heading in that direction. The end game being that Flash based ads will be a thing of the past.

It’s a safe bet that the late Steve Jobs is very happy about this.

Leave a comment »

Bye Bye Flash! – Part 3: I’m Not Missing Flash At All!

Posted in Commentary with tags , on February 16, 2015 by itnerd

So I am mid way through my attempt to live without Adobe Flash. I described how and why I removed it and answered some questions that people had. But the real question is, how am I surviving without Flash?

Just fine thanks.

I’ve been using my MacBook Pro without an issue. My surfing activities haven’t been affected and I haven’t found a pressing need to reinstall it. In short, it’s been really uneventful. I can also confirm that my battery life on my MacBook Pro is 45 minutes longer since removing Flash. I can also confirm that my MacBook Pro uses less CPU power when I surf the Internet. These are all positive developments.

As for security, I can’t prove that I am more secure. But knowing that in the last few weeks that there have been multiple Flash updates for security issues that were actively being exploited, I am pretty sure that I am more secure by not having Flash.

I am really glad that I did this. I will continue with this experiment for another 14 days and barring any surprises, I will leave my computer this way.

Leave a comment »

Apple Forcing Mac Users To Update To Latest Flash Version…. Again

Posted in Commentary with tags , , on February 9, 2015 by itnerd

Apple doesn’t like Flash, but they see the need to protect their users from insecure versions of Flash. Case in point, this past weekend the company posted a new support document and Safari blocked users from accessing Flash content if they didn’t have an up to date version of Flash. This is meant to protect them from the issues that I reported last week.

Now this isn’t the first time that Apple has done this as I’ve noted one other instance of this behavior. So I suppose that’s a good thing. But perhaps the better way to protect yourself is to do what I’ve done and dump Flash.

Thoughts?

Leave a comment »

« Older Entries
Newer Entries »