Hi Rick and all, You write ..
> .. banish Adobe Flash to the trash-heap of crapuscent (my word) software for > eternity. Agreed. And for many of the reasons you note, we have chosen not to install Flash for a few years. It's not missed. Cheers, Stephen > Date: Thu, 9 Jul 2015 18:12:31 -0700 > From: [email protected] > To: [email protected] > Subject: [LINK] Any one else suffering Adobephobia? > > Gentle Linkers, > > Late in June, Adobe issued YAFU (Yet Another Flash Update). And then > yesterdaym YAFU, > this one quite serious. It is being exploited in the wild. You are advised to > update to Adobe Flash > 18.0.0.203 (Windows and Mac), 11.2.202.481 (Linux). > > I decided to read all about it here: > > https://helpx.adobe.com/security/products/flash-player/apsb15-16.html > > Here is a summary of what went wrong in the penultimate release of Flash, > along with my > observations of this billion dollar companies programming skillset: > > heap buffer overflow: > programmer unable to count from one onwards correctly, i.e. he or she stuffed > too many characters into a string buffer ... this is kindergarten stuff > > memory corruption vulnerabilities: > programmer unable to stay within memory limits, i.e. he or she wrote code > that accessed and wrote memory that does not belong to the Flash program - > very naughty, stupid and once again, > kindergarten level programming > > null pointer dereference: > this is plain silly: the programmer used an invalid (zero) pointer to access > computer memory from within Flash. sheer idiocy > > type confusion: > kindergarten programmers have trouble distinguishing apples from oranges, > well, erm, integers from real numbers, that sort of thing > > use-after-free vulnerabilities: > more kindergarten stuff - after freeing up system memory when it is no longer > needed, the programmer went and reused that memory for another purpose, which > of course would confuse the underlying > operating system who will give that same memory (since it is now free) to > another piece of software to use. > > I would fail a year one programmer for a piece of software that had all of > the above bugs been present in a programming assignment. > > A question arises from the above list of country bumpkin programming gaffs. > Can Adobe not afford > software sourcecode analysis kits? They ain't that expensive and would at > least alert programmers at this > august company to the presence of ALL of the above exploits. > > Why the rant? Because of all the software I use that must be updated, Adobe > Flash is by far the software > that requires the most updates. Besides that, their update "app" for Macs > running Mtn Lion is broken, > and one has to engage in a near fruitless and time consuming search through > their tortuous website to > find a direct download for the DMG file containing the update. > > Adobe bullied itself into web applications since the early days of the > internet. As such, they have a responsibilty > to provide thoroughly tested and vetted plug-ins that guarantee online user > safety. They have failed miserably > in their remit and deserve all of the flack and bile we hapless users can > direct at them. > > Bring on HTML5 with its embedded video and audio capabilities and banish > Adobe Flash to the trash-heap > of crapuscent (my word) software for eternity. > > regards > rickw > > > -- > ------------------------------------ > Rick Welykochy || Vitendo Consulting > > I contend that for a nation to try to tax itself into prosperity is like > a man standing in a bucket and trying to lift himself up by the handle. > --Winston Churchill > > _______________________________________________ > Link mailing list > [email protected] > http://mailman.anu.edu.au/mailman/listinfo/link _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
