Welcome Guest.   Make a donation to an author on the site October 23, 2014, 04:17:48 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2010! Download 24 custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: New Adobe Flash Player Security Exploit Reported Today (tuesday may 27)  (Read 4699 times)
mouser
First Author
Administrator
*****
Posts: 33,581



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: May 27, 2008, 03:07:28 PM »

This is a good reason to install a firefox extension that blocks Flash movies unless you specifically whitelist the website.  For example: NoScript or FlashBlock.

Quote
Exploits target new Adobe Flash bug

Symantec on Tuesday revealed that the latest version of the Adobe Flash Player contains an unpatched vulnerability that is being actively exploited.

Logged
housetier
Charter Honorary Member
***
Posts: 1,321


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: May 27, 2008, 04:13:02 PM »

I have been reluctant in the past to install yet another extension into my browser, but I am now adding flashblock to my list of extensions.

I wonder if I should get rid of the flash plugin altogether...
Logged
Grorgy
Supporting Member
**
Posts: 820

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #2 on: May 27, 2008, 04:47:39 PM »

Trouble is, if we start disabling or removing all the plugins and so on, we will end up browsing plain text, which may be nostalgic for some and safe, but ohh so dull.
Logged
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: May 27, 2008, 05:30:03 PM »

My experience with FlashBlock (up until about 6 months ago) was that flash movies would occasionally be loaded prior to FlashBlock disabling them. I believe it is not as deeply integrated into the browser as NoScript is, which is why i switched (plus j/s and xss protection etc), and have not had the same problem since. I would recommend NoScript over FlashBlock both for the additional functionality, and the seemingly tighter protection.

Ehtyar.
« Last Edit: May 27, 2008, 08:41:00 PM by Ehtyar » Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: May 27, 2008, 05:58:55 PM »

Ehtyar: thanks for that word of warning, if it's not been fixed, that basically means FlashBlock is useless.

I never installed NoScript because I don't find flash to be that intrusive, as long as I'm running AdBlockPlus. I did consider it a few times, because I had the nagging feeling that sooner or later, somebody would find a 0day exploit for flash, and we'd be in royal trouble. But out of lazyness (whitlisting, *sigh*) I never did it.

Is the exploit that's now in the wild based on the NULL pointer exploit? Pretty nasty stuff.
Logged

- carpe noctem
Gothi[c]
DC Server Admin
Charter Honorary Member
***
Posts: 857



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: May 27, 2008, 06:04:45 PM »

I have used noscript for a long time, to block flash and java. It's handy because you can whitelist sites or allow stuff on the fly. I only use it on my own computer now anymore though, because too many times my wife would not understand why sites did not function correctly. Even though she knew to click allow on the noscript button, sometimes you have to allow multiple sources etc... I imagine it can be a bit confusing for people that aren't much into computers.
Logged
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: May 27, 2008, 08:51:03 PM »

Ehtyar: thanks for that word of warning, if it's not been fixed, that basically means FlashBlock is useless.
...
Is the exploit that's now in the wild based on the NULL pointer exploit? Pretty nasty stuff.
And thank you for the technical info f0dder. Very interesting, not to mention fear-instilling.

Ehtyar.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: May 27, 2008, 08:55:18 PM »

I'm not sure if that's the exploit that's been used, but if so - then it's relatively old. No telling how long it's been silently exploited by 0-day blackhats before it reached the wild, though... banner ads are scary. One compromised banner ad server, and even the cleanest sites on the net can get you infected.
Logged

- carpe noctem
Lashiec
Member
**
Posts: 2,374


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #8 on: May 28, 2008, 06:01:38 PM »

*sigh*, the never ending story with Flash. And they want people to disable ad blocking...

I wonder if Opera's FlashBlock also suffers from the same problem as its Firefox counterpart. Perhaps it's time to disable plugins EVERYWHERE... except in YouTube, of course cheesy
« Last Edit: May 29, 2008, 06:10:11 PM by Lashiec » Logged
PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #9 on: May 29, 2008, 09:41:54 AM »

Adobe confirms the exploit @ Adobe Product Security Incident Response Team (PSIRT).
Logged
Lashiec
Member
**
Posts: 2,374


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: May 29, 2008, 06:11:29 PM »

Well, it seems they already fixed it in the latest version, those are good news! smiley
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: May 29, 2008, 06:13:53 PM »

Well, it seems they already fixed it in the latest version, those are good news! smiley
I'm keeping ScriptBlock, though smiley
Logged

- carpe noctem
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.04s | Server load: 0.03 ]