Tag Archives: Flash Player

Nomination for the “Most-Slanting-Phishing-Site-of-the-Year” award

10 July 2015

I am receiving about 20 phishing mails a week. Most attackers invest a lot of effort in their counterfeits but, sometimes they overshoot the mark. My July candidate for the Most-Slanting-Phishing-Site-of-the-Year award is:

Most-Slanting-Phishing-Site-of-the-Year award - July 2015 candidate

Most-Slanting-Phishing-Site-of-the-Year award – July 2015 candidate

Earlier this week the Italian company Hacking Team was hacked. The attackers made more than 400GB of confidential company data available to the public. The leaked data included tools and exploits provided by the company to carry out attacks, among them a new Flash Player zero day affecting Flash Player up to version 18.0.0.194.

Two critical vulnerabilities in as many weeks, that’s really annoying. The problem with the latest Flash Player attacks is that the payload is hidden in Flash Player SWF files. Thus, basically every SWF file might carry a malicious payload…

… It’s definitely time to solve the Flash Player problems once and for all.

Have a good weekend.

I haven’t missed it – The first week without Adobe Flash Player

4 July 2015

In my last week’s post I raised the question whether it might not be useful to solve the endless problems with Flash Player once and for all by just deactivating this add-on.

I haven’t missed Flash Player on my iPad II so far. Regarding usage at home my expectations were clear: The world would not change dramatically. But I hadn’t any clue about the changes at work. Is Flash player often used as add-on in business applications or in the company Intranet?

On Monday morning I started a self-experiment and deactivated Flash Player on my company PC.

Now it’s time to draw a first summary: My expectations were clearly exceeded. Deactivating Flash Player has absolutely no impact on my daily work. I found only one intranet site where  Flash Player was used.

I will continue this experiment for some weeks. My feeling is that Flash Player can be disabled with little or no impact on business. Moreover, it is important to design new sites and applications without using Flash videos.

If you manage to waive Flash Player the attack surface of your system as well as the effort for patching will be reduced dramatically.

Happy 4th of July!