topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 2:56 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Patch your Flash! Version 19.0.0.226 (October 16, 2015)  (Read 13495 times)

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« on: October 16, 2015, 07:21 PM »
Adobe has released an update to patch a critical vulnerability, details in the link.

You can check your current version here and update if necessary.

• Online Update: https://get.adobe.com/flashplayer/
• Offline Update: https://www.adobe.co...r/distribution3.html

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #1 on: October 17, 2015, 04:09 AM »
Thanks lanux :up:
Tom

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #2 on: October 17, 2015, 09:21 AM »
Maybe people should generally abandon Flash.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #3 on: October 17, 2015, 10:25 AM »
Maybe people should generally abandon Flash.

I look forward to the day!
Flash + Firefox has been a disaster for years now. I ran without it for a while on my desktop lately, but found I did need it for a couple of sites (at least one of them work related), so, back with it now.
Tom

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #4 on: October 17, 2015, 10:27 AM »
What do you do at work? Review old-fashioned non-HTML5 porn sites?  :huh:

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #5 on: October 17, 2015, 11:37 AM »
I enabled click-to-play for plugins in Chrome a while back, and there aren't that many sites that require me to run flash anymore. The only slightly annoying thing is that you have to right-click and run the built-in PDF viewer as well.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #6 on: October 17, 2015, 12:34 PM »
What do you do at work? Review old-fashioned non-HTML5 porn sites?  :huh:

eh, no :p :-)
This year I had to do a share of work using an interactive flash-based mapping site (has various layers that can be interchanged e.g. mapping from various times, etc. and shows location of archaeological sites). I mainly do archaeological illustration -- including some maps, with site locations, etc. (here's an older example).
Tom

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #7 on: October 17, 2015, 01:30 PM »
Thanks for the heads up.  :up:

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #8 on: October 17, 2015, 04:11 PM »
I mainly do archaeological illustration -- including some maps, with site locations, etc. (here's an older example).

A bit off topic, but it looks like it must be an interesting job!  The example you posted reads a bit like a map from a Tolkein book (probably because I don't know a lick of Gaelic):

  - Bóthar Mór
  - Lin Mór
  - Lough Atalia
  - The Green
  - Suckeen Bogs
  - Struthán Muire

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #9 on: October 17, 2015, 05:10 PM »
A bit off topic, but it looks like it must be an interesting job!  The example you posted reads a bit like a map from a Tolkein book (probably because I don't know a lick of Gaelic):
:-)
I'm no expert, but can say that the Irish language has less in common with middle English (Tolkien's speciality) than, for example, Icelandic, or even modern English for that matter. Irish (Gaeilge/Gaelic) and Scottish Gaelic are very closely related. They are in turn related to other Celtic languages -- Welsh, Breton, etc., but you have to go back much further for their relationship to other European languages.

partial translations
  - Bóthar Mór = (the) Big Road
  - Lin Mór = (the) Big Pool
  - Lough Atalia = anglicisation of Lough an tSáile = Lake of the Willows
  - Suckeen Bogs = Suckeen is an anglicisation of something, but I dont know what. The '-een' suffix was originally a diminutive: '-ín' as in 'Coleen' (wee girl), 'Bóthairín' / 'Boreen' (little road), or 'Tomáisín' [Tomawsheen] (little Tom), etc.
  - Struthán Muire = Mary's Stream

Tom

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #10 on: October 18, 2015, 02:41 PM »
I'd recommend using Firefox as your primary browser, without any of Java, Flash or AdobePDF plugins, but with stuff like Adblock Origin, Ghostery, Certificate Patrol and (if you can suffer it) RequestPolicy + RefControl + NoScript.

Whenever you need Flash or Java, open that particular site in Chrome.
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #11 on: October 18, 2015, 02:44 PM »
with stuff like Adblock Origin, Ghostery, Certificate Patrol and (if you can suffer it) RequestPolicy + RefControl + NoScript.

... or just µBlock + uMatrix.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #12 on: October 18, 2015, 04:05 PM »
... or just µBlock + uMatrix.
I didn't get to looking at uMatrix yet - does it fully cover what RefControl + RequestPolicy can do?

Ghostery is almost superfluous if you have tight 3rd-party domain blocking, but there might be a few sites that do statistics reporting to their own domain... and I like the overview of trackers it gives :)

Wouldn't do without NoScript.
- carpe noctem

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #13 on: October 18, 2015, 04:19 PM »
I'd recommend using Firefox as your primary browser, without any of Java, Flash or AdobePDF plugins, but with stuff like Adblock Origin, Ghostery, Certificate Patrol and (if you can suffer it) RequestPolicy + RefControl + NoScript.
Whenever you need Flash or Java, open that particular site in Chrome.
_______________________

I'd pretty much arrived at the same conclusion by experimentation. I use FF as the main browser and information-gathering tool (because I collect stuff using the Scrapbook extension and the Zotero utility), and, though I used to use Google Chrome Canary for Flash/Java web pages it had become just fat bloated software, so, when I switched to Win10 I started using MS Edge and that seems to work much more efficiently, so I tend to stick with that.

My kids use a lot of Flash-based games that I have downloaded over time, so I use IrfanView to play those.

So, the thing I miss in FF - my main browser at the moment (but probably not for that much longer) - is easy Flash and YouTube viewing - e.g., pages in the DCF with Flash and YouTube content do not display properly and many discussion threads that used to paginate quite quickly became sluggish (this seems to have been seriously aggravated in the recently-implemented DCF platform).

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #14 on: October 18, 2015, 04:23 PM »
I didn't get to looking at uMatrix yet - does it fully cover what RefControl + RequestPolicy can do?

It does different things with the same result. :D

Wouldn't do without NoScript.

What does NoScript do for you that uMatrix doesn't, except eat more RAM?

About Ghostery: I, personally, prefer my trackers blocked. I don't want to see them, I want them to just be away. :)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #15 on: October 18, 2015, 04:57 PM »
As I said, I haven't looked at uMatrix yet - but here goes:

The combination of RefControl + Request Policy lets me control which 3rd-party domains get contacted at all, and lets me control whether the HTTP Referer [sic] header is set for the domains I allow to be contacted.

Ghostery both shows trackers as well as blocks them. Does uMatrix block trackes on the 1st-party domain, including both POST and GET based ones? And does it come with a big library of known trackers, or do you have to write your own rules for everything?

NoScript allows me to block scripts (and other active elements) on the 1st-party domain, as well, as it allows me to allow requests (images, stylesheets, ...) on 3rd-party domains without allowing scripts to be executed there. Does uMatrix handle the same usecases (and without a lot of manual rule entries)?
- carpe noctem

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #16 on: October 18, 2015, 05:03 PM »
So, the thing I miss in FF - my main browser at the moment (but probably not for that much longer)
I wouldn't move to Edge for my main browser experience - while MS definitely have been working hard on improving security, and have done a lot of interesting and nice things both for Edge and Win10, IE + Edge are still going to be the most heavily targeted browsers for a while yet, simply because of market share. That, combined with the lack of security-focused extensions, still makes Firefox the #1 choice.

But interesting the MS is building Flash into Edge, might make it a viable alternative to Chrome for the secondary browser - though I'll obviously still be on Chrome on the work macbook :)
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #17 on: October 18, 2015, 05:32 PM »
The combination of RefControl + Request Policy lets me control which 3rd-party domains get contacted at all

That's the whole point of uMatrix.

Does uMatrix block trackes on the 1st-party domain, including both POST and GET based ones?

Blocking trackers is what (good) ad blockers are for. µBlock has lists for that.

And does it come with a big library of known trackers, or do you have to write your own rules for everything?

^ The lists ...

NoScript allows me to block scripts (and other active elements) on the 1st-party domain, as well, as it allows me to allow requests (images, stylesheets, ...) on 3rd-party domains without allowing scripts to be executed there. Does uMatrix handle the same usecases (and without a lot of manual rule entries)?

All of those: Yep.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #18 on: October 18, 2015, 06:17 PM »
with stuff like Adblock Origin, Ghostery, Certificate Patrol and (if you can suffer it) RequestPolicy + RefControl + NoScript.

... or just µBlock + uMatrix.
______________________

Many thanks for mentioning that. I have discovered that there is some potentially useful experiential truth there. I knew nothing about either µBlock + uMatrix until you mentioned them, whereupon I did a bit of reading up on them and similar/associated tools. There was definitely something useful in what you wrote, and a trial on a suck-it-and-see basis seemed appropriate to find out more about the potential. That is, the potential to achieve the same (or more) in blocking etc. than existing tools do, by replacing existing security/privacy tools with something that uses significantly less resources (RAM and CPU).
Currently, my existing FF configuration is grossly inefficient when operational and is fast becoming too bloated.

So, now I can blame you for my having installed µBlock Origin + uMatrix.

I don't know why (?) you settled on µBlock instead of  µBlock Origin, but I thought I'd try them both out, starting with  µBlock Origin first.
I'd be interested in any advice/thoughts you might have on this.
(This subject seems a bit off-topic. Maybe I need to put it in a new/separate topic/thread.)

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #19 on: October 18, 2015, 06:26 PM »
So, now I can blame you for my having installed µBlock Origin + uMatrix.

Nooooooo!

I don't know why (?) you settled on µBlock instead of  µBlock Origin

Both are developed in parallel, both copy from each other. I guess it depends on the mood. ;)

As they use the same ad-blocking filter lists, it should not matter much anyway.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #20 on: October 19, 2015, 09:19 AM »
The combination of RefControl + Request Policy lets me control which 3rd-party domains get contacted at all
That's the whole point of uMatrix.
That much I had already gathered, and I've considered looking into uMatrix as a replacement for RequestPolicy. Anyway, you skipped the second part of that line of text - "and lets me control whether the HTTP Referer [sic] header is set for the domains I allow to be contacted.".

I guess I'll have to check out uMatrix, although I'm doubtful it really does handle all the above-mentioned stuff - you probably misunderstood my questions.
- carpe noctem

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #21 on: October 19, 2015, 09:23 AM »
I don't know why (?) you settled on µBlock instead of  µBlock Origin, but I thought I'd try them both out, starting with  µBlock Origin first.
I'd be interested in any advice/thoughts you might have on this.
(This subject seems a bit off-topic. Maybe I need to put it in a new/separate topic/thread.)
I'm sticking with uBlock Origin - here's why.
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #22 on: October 19, 2015, 11:04 AM »
IIRC the reason is not entirely true, but YMMV.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #23 on: November 11, 2015, 12:13 PM »
Right, I've dropped RequestPolicy - uMatrix beats it in every possible way, from performance to advanced features to ease-of-use. All of those were expected, perahsp except ease-of-use... it's really great. I modified the defaults from always allowing css/image references to only allowing them first-party, which means a little more work, but also more safe blocking. The matrix view that quickly lets you identify & check off the stuff you need works extremely well.

It doesn't replace RefPolicy, though, since it only lets you spoof the HTTP REFERER, it doesn't offer the block/allow that RefPolicy does. And I'm still keeping Ghostery and uBlock since uBlock can pretty up visual elements and is more fine-grained than uMatrix (DOM regexes rather than non-regex host-based).

Some day I'll have to take a more indepth look at Ghostery to evaluate whether it adds a lot when I have extensive host blocking - but it works differently than uBlock/uMatrix since it can fiddle with JavaScript to neutralize trackers even on first-party sites where you want to run the non-tracking scripts.
- carpe noctem

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Patch your Flash! Version 19.0.0.226 (October 16, 2015)
« Reply #24 on: November 12, 2015, 05:14 AM »
^^ That's rather interesting. Thanks for mentioning it @f0dder.