a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by ooli
ooli  ·  3427 days ago  ·  link  ·    ·  parent  ·  post: Facebook's new CSO urges chronically insecure Flash to go away

For a vulnerability so "exploitable", it seems we lack victims!

Flash is what? 15 years old with billions of users. I still have to see a victim of any flash exploit. And everyone use it daily with videos and games.

It's kind of fishy. Someone probably want to push his own multimedia plugin.





messiah  ·  3427 days ago  ·  link  ·  

    It's kind of fishy. Someone probably want to push his own multimedia plugin.

Well, the thing is, he is not. He doesn't have a commercially available plug in of his own. While MS is pushing Silverlight, most people, Stamos included, are pushing for HTML5. Kind of interesting since Zuckerberg bashed HTML5 not too long ago, and here is the CSO tweeting about using it.

As a Firefox user, I am constantly shocked by the amount of Flash still out every time a new vulnerability is detected. It has been called out several times over the past several years, yet almost every page I visit has a warning pop up. Half of the time, I was never aware of the site using flash since videos and games are not included.

They are not just doing this with Flash either. Java was blocked like every other week after Oracle's acquisition of it. They were quick to patch, but then a new vulnerability would pop up. I partially wonder if Oracle's unpopularity as a software giant had some role to play in people finding more vulnerabilities after the acquisition. It's not like they immediately changed the dev team and screwed it up.

tla  ·  3427 days ago  ·  link  ·  

Here's a list of public Flash vulnerabilities.

Hacking Team used "the most beautiful Flash bug for the last four years" to help get 400gb of data. That article also describes it being in numerous malware kits.