Three news items ... * Mozilla blocks Flash by default on Firefox browser (59 minutes ago) http://www.bbc.com/news/technology-33520935
Adobe's Flash software is now blocked by default on all versions of the Firefox web browser. Mozilla has also given advice about how to adjust Firefox's settings so that Flash would only run with the permission of a browser's user rather than all the time. It said users should only activate Flash on sites they trust. Firefox is the third most popular desktop browsing program ... * Facebook's new chief security officer wants to set a date to kill Flash By James Vincent on July 13, 2015 http://www.theverge.com/2015/7/13/8948459/adobe-flash-insecure-says-facebook-cso Alex Stamos, the recently appointed chief security officer at Facebook, has called on software company Adobe to announce an "end-of-life date for Flash." In a pair of tweets sent over the weekend, Stamos echoed a number of recent complaints from the security community that the software has become the vector for just too many hacking vulnerabilities. It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. — Alex Stamos (@alexstamos) July 12, 2015 Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once. — Alex Stamos (@alexstamos) July 12, 2015 * Adobe: You just don't know what it's LIKE having to look after Flash security 14th Jul 2015 at 07:01, By Chris Williams http://www.theregister.co.uk/2015/07/14/adobe_response_to_security_holes/ Adobe is under fire because security flaws keep cropping up time and time and time again – if not in Flash then Adobe Reader and Acrobat. We've described Flash as software from Hell and "the screen door through which the raw unfiltered sewage of the internet oozes into the homes of netizens." Harsh, perhaps, but we are not alone in our opinion. All sorts of programs and operating systems – from Windows and OS X to Oracle Java and IBM products you've never even heard of – suffer from critical remote-code execution bugs. But Flash is everywhere, on every platform, and in everyone's browser: your parents use it, your children use it, admit it – you use it. It can be playing a video one moment, and helping a criminal install malware the next. It's an obvious target for hackers, and too often it puts up too little resistance. Facebook's new chief security officer Alex Stamos, a respected chap in the infosec world, said this week that it's time for Adobe to kill off Flash, and for web browser makers to permanently block it. If you don't want to outright uninstall or disable Flash (because you want to watch BBC iPlayer, non-HTML5 YouTube or Twitch.tv videos, or play poker online, or something like that) consider telling your browser to only run Flash files when you tell it to – "click to play" in other words. This slashes the risk of infection if your browser surfs to a dodgy or compromised website that silently and invisibly loads a malicious file that exploits a vulnerability in Flash. _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
