If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(PC Magazine)   Forget Java, Flash will screw you over as well   (securitywatch.pcmag.com) divider line 61
    More: Misc, flash, Automatic Updates, user interaction, targeted attacks, Kaspersky Labs, Microsoft Word, Internet Explorer 10, flash player  
•       •       •

4235 clicks; posted to Geek » on 08 Feb 2013 at 2:34 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



61 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-02-08 01:31:26 PM
fc00.deviantart.net
 
2013-02-08 01:32:26 PM
FTFA: Attackers exploited CVE-2013-0633 via a booby-trapped Microsoft Word document containing malicious Flash code attached to an email.

I don't feel sorry for anyone who blindly opens email attachments, most likely from a stranger.

In other news, dogs are a huge threat to all humanity because one time I kicked a dog and it bit me. HOW WAS I SUPPOSED TO ANTICIPATE THAT?
 
2013-02-08 01:57:23 PM

Ed Finnerty: I don't feel sorry for anyone who blindly opens email attachments, most likely from a stranger.


My job requires me to open email attachments from strangers. It also requires me to mount USB drives that strangers hand me. I've learned to live in a sandboxed world as much as possible.

I use Macs to keep the odds in my favor, too.
 
2013-02-08 02:06:12 PM

Ed Finnerty: I don't feel sorry for anyone who blindly opens email attachments, most likely from a stranger.


When I get these they usually come from friends who've fallen for it and opened the attachment.
 
2013-02-08 02:41:22 PM
This can't be.  I've been informed by fark that flash is perfect and an absolutely necessity to even get out of bed in the morning.  So I can't believe this.
 
2013-02-08 02:49:25 PM

gingerjet: This can't be.  I've been informed by fark that flash is perfect and an absolutely necessity to even get out of bed in the morning.  So I can't believe this.


Being necessary and being perfect are not the same thing. Nobody claimed that flash is perfect you made that up.
 
2013-02-08 02:50:35 PM
lordargent.com
 
2013-02-08 02:51:16 PM

gingerjet: This can't be.  I've been informed by fark that flash is perfect and an absolutely necessity to even get out of bed in the morning.  So I can't believe this.


Lots of people need to justify their "programming" "talent".
 
2013-02-08 02:55:44 PM
Flash > HTML5
 
2013-02-08 02:56:18 PM

Kyosuke: I use Macs to keep the odds in my favor, too.


That's like wearing a helmet 24-7 to keep the odds against cranial injury in your favor...
 
2013-02-08 03:00:12 PM

LoneVVolf: Kyosuke: I use Macs to keep the odds in my favor, too.

That's like wearing a helmet 24-7 to keep the odds against cranial injury in your favor...


No, but thanks for playing.
 
2013-02-08 03:05:50 PM
TFA: "It is interesting to note that even though the contents of Word files are in English, the codepage of Word files are 'Windows Simplified Chinese (PRC, Singapore)',"

This new malicious exploit was being used by someone from china? You don't say! I am shocked, nay positively flabbergasted! There must be some sort of mistake, never in a million years would I have expected such duplicity from such an upstanding country!

/this is my surprised face
 
2013-02-08 03:13:02 PM

T.rex: Flash > HTML5


I know you're trolling but a proprietary plugin that needs constant updates and requires a $300 investment to develop for is really better than the thing you use to look at the internet and requires a $0 investment to develop for?
 
2013-02-08 03:13:39 PM

T.rex: Flash > HTML5


And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.
 
2013-02-08 03:28:05 PM

NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.


This, wholeheartedly. Silverlight kicks Flash's ass on a regular basis.
 
2013-02-08 03:38:22 PM
Another good reminder of why the lack of Flash support on iOS and Windows Phone is a feature, not a bug.
 
2013-02-08 03:43:54 PM

FormlessOne: NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.

This, wholeheartedly. Silverlight kicks Flash's ass on a regular basis.


I wasn't a huge fan of Silverlight.  It wasn't so much a way of delivering interactive web applications as it was just a way to sandbox a .NET application in the browswer.  I was just Microsoft's next version of ActiveX. I'm kind of glad that Microsoft gave up on it.

My hope is that someone comes up with a secure, open source VM that allows us to write HTML 5 applications in some language other than JavaScript. I don't care if it's Java, or .NET, or something else entirely.  Just as long as it's not JavaScript.
 
2013-02-08 03:46:25 PM

The Larch: My hope is that someone comes up with a secure, open source VM that allows us to write HTML 5 applications in some language other than JavaScript. I don't care if it's Java, or .NET, or something else entirely.  Just as long as it's not JavaScript.


I seem to remember something about the upcoming version on ECMAscript version solving a lot of JSs shortcomings

/And will probably be called JavaScript when it's actually used
 
2013-02-08 03:48:24 PM
Do these patches mean my laptop will stop searching for Sarah Connor?
 
2013-02-08 03:50:10 PM
Word doc with flash in it. Sounds safe...
 
2013-02-08 04:18:02 PM

FormlessOne: NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.

This, wholeheartedly. Silverlight kicks Flash's ass on a regular basis.


Ugh.  Please avoid non-standard shiat, no matter how much 'cooler' it looks.  That's how we got into the mess in the first place - embrace and extend.
 
2013-02-08 04:22:31 PM
Imagine that, the two languages so easy that even a web developer can use them are full of nasty little problems.
 
2013-02-08 04:29:36 PM

BumpInTheNight: Imagine that, the two languages so easy that even a web developer can use them are full of nasty little problems.


Which probably has a lot more to do with the number of programmers than anything else.
 
2013-02-08 04:35:16 PM

The Larch: FormlessOne: NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.

This, wholeheartedly. Silverlight kicks Flash's ass on a regular basis.

I wasn't a huge fan of Silverlight.  It wasn't so much a way of delivering interactive web applications as it was just a way to sandbox a .NET application in the browswer.  I was just Microsoft's next version of ActiveX. I'm kind of glad that Microsoft gave up on it.

My hope is that someone comes up with a secure, open source VM that allows us to write HTML 5 applications in some language other than JavaScript. I don't care if it's Java, or .NET, or something else entirely.  Just as long as it's not JavaScript.


Check out Haxe.  I've been developing with it for about a year now too.  You can also use it to build to other platforms.  The language is in its infancy, but it's gaining a lot of support.
 
2013-02-08 04:54:30 PM
I always preferred Barry Allen to coffee.  Now I may have to reconsider.
 
2013-02-08 05:01:58 PM
Obvious Tag is Obvious.

/Seriously, has *anyone* seen crappier code - Especially Installers - than Adobe's, recently?
One of the things I particularly "love" about the Flash installers is the underlying assumption that no one ever has more than one browser, or more than one type of browser, installed.  "We'll just update for the default browser, and everything will be fine!"

//Yeah, we have IE installed.  We're a web development group with Gov't and other corp. stuff as clients.  We have to support IE, FF, Chrome, etc.  So our systems have several browsers installed.  Deal with it, Adobe.
 
2013-02-08 05:05:54 PM

Nicholas D. Wolfwood: Obvious Tag is Obvious.

/Seriously, has *anyone* seen crappier code - Especially Installers - than Adobe's, recently?
One of the things I particularly "love" about the Flash installers is the underlying assumption that no one ever has more than one browser, or more than one type of browser, installed.  "We'll just update for the default browser, and everything will be fine!"

//Yeah, we have IE installed.  We're a web development group with Gov't and other corp. stuff as clients.  We have to support IE, FF, Chrome, etc.  So our systems have several browsers installed.  Deal with it, Adobe.


And of course having to remember to opt out of installing McAfee  'antivirus'.
 
2013-02-08 05:06:36 PM

Kyosuke: Ed Finnerty: I don't feel sorry for anyone who blindly opens email attachments, most likely from a stranger.

My job requires me to open email attachments from strangers. It also requires me to mount USB drives that strangers hand me. I've learned to live in a sandboxed world as much as possible.

I use Macs to keep the odds in my favor, too.


And I'm so cautious that I refuse to to even touch a computer!
 
2013-02-08 05:10:12 PM
Ah, Adobe.

Bringing poorly coded, ill-designed virus vectors to great popularity since 1982.

/
 
2013-02-08 05:17:04 PM
Welcome to ten years ago, subby.
 
2013-02-08 05:18:30 PM
I guess I need to update Click to Flash so it can be Click to Infect.
 
2013-02-08 05:32:43 PM

moothemagiccow: T.rex: Flash > HTML5

I know you're trolling but a proprietary plugin that needs constant updates and requires a $300 investment to develop for is really better than the thing you use to look at the internet and requires a $0 investment to develop for?


If someone made an HTML 5 authoring tool that was even 1/10th as good as Flash, I'd gladly pay $300 for it.
 
2013-02-08 06:08:37 PM
Chrome updated in background. Never even knew it was happening.
 
2013-02-08 06:39:35 PM

Havokmon: FormlessOne: NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.

This, wholeheartedly. Silverlight kicks Flash's ass on a regular basis.

Ugh.  Please avoid non-standard shiat, no matter how much 'cooler' it looks.  That's how we got into the mess in the first place - embrace and extend.



Yeah but what happens when these exploits are all in HTML 5, everyone having gotten rid of Java and Flash, and all the Java and Flash capabilities are wrapped into every browser by default?

Are browsers just magically not going to have any exploitable errors? If so, that's really, really good news....
 
2013-02-08 07:48:34 PM

Kyosuke: My job requires me to open email attachments from strangers. It also requires me to mount USB drives that strangers hand me. I've learned to live in a sandboxed world as much as possible.

I use Macs to keep the odds in my favor, too


Does your job require you to execute those things, or just view documents?

Don't execute things, and turn autoplay completely OFF. You don't need a Mac to help you with those simple rules.
 
2013-02-08 07:49:29 PM

Christian Bale: Are browsers just magically not going to have any exploitable errors? If so, that's really, really good news....


You'll never get rid of bugs, but having it be an open spec and implemented in open-source browsers means that there will be a lot more eyes looking for them, and fixes will be deployed and made available much more rapidly.
 
2013-02-08 07:59:56 PM
I'm on Debian testing and getting a kick out of this
 
2013-02-08 09:51:03 PM
Just thing - once everyone is using HTML 5 for everything - instead of turning off Flash or Java you can just turn off your browser!
 
2013-02-08 10:09:06 PM
Adobe is a brutally bad software company. Yes, content-aware fill on CS6 is amazing, but Flash and Reader, etc. are just an endless stream of patches that risk breaking your machine daily.
 
2013-02-08 10:22:18 PM

NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.

If you look at Netflix you do
 
2013-02-08 11:12:05 PM

drjekel_mrhyde: NewWorldDan: T.rex: Flash > HTML5

And Silverlight > Flash, except for the part where no one has it installed. And CSS is an absolute nightmare.
If you look at Netflix on a computer you do


Good thing I watch Netflix on Roku and iPad.
 
2013-02-09 12:15:50 AM

thrasherrr: Ah, Adobe.

Bringing poorly coded, ill-designed virus vectors to great popularity since 1982.


Be fair, that was actually Macromedia.  Adobe just bought them out.

And never did any sort of maintenance on the software.

They bought the company in 2005, and didn't even have an alpha of 64-bit until 2008.  And that was Linux.  Mac and Windows had to wait for 2011 to get a 64-bit version.
 
2013-02-09 01:23:34 AM

GWSuperfan: Christian Bale: Are browsers just magically not going to have any exploitable errors? If so, that's really, really good news....

You'll never get rid of bugs, but having it be an open spec and implemented in open-source browsers means that there will be a lot more eyes looking for them, and fixes will be deployed and made available much more rapidly.


So instead of a Java update and Flash update every 2-3 days, it will be a browser update every single day? How much faster can fixes be made than the present "constantly?"

It seems there will also be more eyes looking for exploitable bugs, too.  You know, with everything all open source and well-documented.
 
2013-02-09 05:33:26 AM

Farking Canuck: Adobe is a brutally bad software company. Yes, content-aware fill on CS6 is amazing, but Flash and Reader, etc. are just an endless stream of patches that risk breaking your machine daily.


Content aware is in CS5 too.. CS6 is a pile of shiat.
 
2013-02-09 08:26:00 AM

Christian Bale: GWSuperfan: Christian Bale: Are browsers just magically not going to have any exploitable errors? If so, that's really, really good news....

You'll never get rid of bugs, but having it be an open spec and implemented in open-source browsers means that there will be a lot more eyes looking for them, and fixes will be deployed and made available much more rapidly.

So instead of a Java update and Flash update every 2-3 days, it will be a browser update every single day? How much faster can fixes be made than the present "constantly?"

It seems there will also be more eyes looking for exploitable bugs, too.  You know, with everything all open source and well-documented.


Java is already open sourced (mostly).

the problem isn't any particular technology, it's the paradigm.

When you run a java applet, you are running a java computer program, from somewhere on the Internet, on your computer, inside a browser. Substitute "java computer program" with "c++ program" and it would be just as bad, worse actually.
 
2013-02-09 08:46:43 AM

Christian Bale: Yeah but what happens when these exploits are all in HTML 5, everyone having gotten rid of Java and Flash, and all the Java and Flash capabilities are wrapped into every browser by default?


Here's the difference: your browser is already running an HTML and JavaScript engine, whether or not you're using Java and Flash. HTML5 does not significantly increase the surface area for attacks, except for WebGL which is a gaping security hole waiting to happen.

Flash and Java siginificantly increase the attack surface area- you've got an entire runtime living in process space outside of the browser.

A browser without Flash or Java is no more in danger of being exploited than a word processor, PDF view, or any other document management tool. A browser with Flash or Java is more like running Word with macros enabled and finding random documents online.
 
2013-02-09 08:59:01 AM

The Larch: My hope is that someone comes up with a secure, open source VM that allows us to write HTML 5 applications in some language other than JavaScript. I don't care if it's Java, or .NET, or something else entirely.  Just as long as it's not JavaScript.


Have a look at Microsoft's TypeScript. It's good, has lots of good OO features (It's by anders hejlsberg, the guy who created Delphi and .net) and compiles down to Javascript. And it's open source.
 
2013-02-09 09:09:45 AM

Kyosuke: Ed Finnerty: I don't feel sorry for anyone who blindly opens email attachments, most likely from a stranger.

My job requires me to open email attachments from strangers. It also requires me to mount USB drives that strangers hand me. I've learned to live in a sandboxed world as much as possible.

I use Macs to keep the odds in my favor, too.


I don't agree with Apple much, but Flash can go DIAF.
 
2013-02-09 09:15:41 AM

styckx: Farking Canuck: Adobe is a brutally bad software company. Yes, content-aware fill on CS6 is amazing, but Flash and Reader, etc. are just an endless stream of patches that risk breaking your machine daily.

Content aware is in CS5 too.. CS6 is a pile of shiat.


Yeah I know it was there. I don't actually use them (I use Gimp) but I recently had to repair a series of very badly damaged photos so I downloaded the 30 day demo and just used the content-aware fill. I have to admit that it was damn impressive.

Didn't use any other features so I can't speak to them.
 
2013-02-09 09:48:51 AM

Nicholas D. Wolfwood: /Seriously, has *anyone* seen crappier code - Especially Installers - than Adobe's, recently?




HP's printing drivers & "software" set the bar pretty high for unintelligible decision making during installation & setup.

Would you like to install the printer for which I am written?
Yes.
Which printer would you like to install?
:|
 
Displayed 50 of 61 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report