Everyone reading this should disable Adobe Flash. As in right fucking now.

[sonatine]

A few days ago, a company called Hacking Team got hacked and 400+ gigs of data were exfiltrated from their servers and posted online.

(Funny.)

Their client lists, all their billing data, everything was in the dump. And said client list was a whose who of despotic regimes around the world.

To quote Bruce Schneier;

"It's one thing to have dissatisfied customers. It's another to have dissatisfied customers with death squads. I don't think the company is going to survive this."

(Sides.)

Anyway I'll cut to the chase:

Among the gems uncovered in the 400+ gigs of data that got dumped, is not one but TWO currently unpatched Flash zero day exploits. Both of which are being used in the wild, right now, to compromise Windows, OSX, and Linux hosts.

(Sides in orbit).

So yeah just disable that shit until Adobe patches.

[anonamoose]

A few days ago, a company called Hacking Team got hacked and 400+ gigs of data were exfiltrated from their servers and posted online.

(Funny.)

Their client lists, all their billing data, everything was in the dump. And said client list was a whose who of despotic regimes around the world.

To quote Bruce Schneier;

"It's one thing to have dissatisfied customers. It's another to have dissatisfied customers with death squads. I don't think the company is going to survive this."

(Sides.)

Anyway I'll cut to the chase:

Among the gems uncovered in the 400+ gigs of data that got dumped, is not one but TWO currently unpatched Flash zero day exploits. Both of which are being used in the wild, right now, to compromise Windows, OSX, and Linux hosts.

(Sides in orbit).

So yeah just disable that shit until Adobe patches.

Thanks but no thanks.

[sonatine]

Thanks but no thanks.

I hope this is one of those 'wow sorry I was drunk when I posted that' posts.

[anonamoose]

Thanks but no thanks.

I hope this is one of those 'wow sorry I was drunk when I posted that' posts.

Negative.

I'd rather just uninstall windows than uninstall flash.

[tyde]

I hope this is one of those 'wow sorry I was drunk when I posted that' posts.

Negative.

I'd rather just uninstall windows than uninstall flash.

[sonatine]

Given that the same dump contained currently undetectable RATs, your instincts are correct.

[anonamoose]

Given that the same dump contained currently undetectable RATs, your instincts are correct.

It'll be patched soon and in all likelihood no one that uses flash is going to get it unless you're browsing porn or clicking on shit you shouldn't be to begin with. What is the likelihood I go on youtube or twitch and get this? Probably about 0.000000001%

I'll take those odds over uninstalling something that 90% of the websites I go to uses.

[sonatine]

Given that the same dump contained currently undetectable RATs, your instincts are correct.

It'll be patched soon and in all likelihood no one that uses flash is going to get it unless you're browsing porn or clicking on shit you shouldn't be to begin with. What is the likelihood I go on youtube or twitch and get this? Probably about 0.000000001%

I'll take those odds over uninstalling something that 90% of the websites I go to uses.

Brb paying $200 to get a flash banner in rotation here, at 2+2, and pocket5s.

But yeah good luck with your odds, I'd really like to discuss them and I found a really interesting article on them. I'll PM an url to it to you. You should definitely click on it.

[anonamoose]

It'll be patched soon and in all likelihood no one that uses flash is going to get it unless you're browsing porn or clicking on shit you shouldn't be to begin with. What is the likelihood I go on youtube or twitch and get this? Probably about 0.000000001%

I'll take those odds over uninstalling something that 90% of the websites I go to uses.

Brb paying $200 to get a flash banner in rotation here, at 2+2, and pocket5s.

But yeah good luck with your odds, I'd really like to discuss them and I found a really interesting article on them. I'll PM an url to it to you. You should definitely click on it.

 

this image gave me a virus

 

clicking on this spoiler gave you a virus

[big dick]

I uninstalled it, thanks for the heads up.

[Benford]

So yeah just disable that shit until Adobe patches.

Just temporarily disabling the extension on your browser toolkit should be adequate for this problem, shouldn't it? No full uninstall necessary?

[4Dragons]

A few days ago I updated Flash and Firefox had disabled it (for security reasons). I have had it on 'allow once' since that update. At least now I know why FF did that.

[OSA]

If you are thinking that I am going to miss Tom Dwan looalike porn for some bs hacking nonsense gtfo.


Lolwow approves this message

[sonatine]

http://www.engadget.com/2015/07/13/f...ts-flash-dead/

poor adobe... they had such lofty ambitions for flash too.

[4Dragons]

http://www.engadget.com/2015/07/13/f...ts-flash-dead/

poor adobe... they had such lofty ambitions for flash too.

Flash has been a demoted technology since the release of the first iPhone. It's just been a very slow death. The last Google update 'mobilegedden' was pretty much the end of it but a lot of people still haven't gotten the memo.

[Crowe Diddly]

I never installed flash for firefox, but chrome does that shit in-browser, right? is there anything you need to do for chrome to made it safe, or is it cool by design?

[sonatine]

I never installed flash for firefox, but chrome does that shit in-browser, right? is there anything you need to do for chrome to made it safe, or is it cool by design?

chrome implements a 'sandbox' designed to contain the damage from any in browser exploit. eg java, flash, so on.

but its become exceedingly easy to break out of that sandbox, and you can raise considerable hell from within it too.


if youre going to disable it, just hollar at:

chrome://plugins

in your browser url and disable flash player. real easy.

[sonatine]

http://www.engadget.com/2015/07/13/f...ts-flash-dead/

poor adobe... they had such lofty ambitions for flash too.

Flash has been a demoted technology since the release of the first iPhone. It's just been a very slow death. The last Google update 'mobilegedden' was pretty much the end of it but a lot of people still haven't gotten the memo.

there is a lot going on beneath the hood thats fueling the google/apple vs flash friction. remember that in the mid/late 90s, flash's whole raison d'etre was that it was going to be the heir apparent for all mobile device UIs.

and around the time adobe needed to do a total teardown of the code and start proactively addressing security patches, two things happened:

1) they fired all their competent managers and outsourced everything they possibly could to india.

2) they got compromised and source code to pdf got exfiltrated (ostensibly to china), and within like days we started to see pdf zero days making the rounds.

so it was basically a perfect storm of internal chaos that permanently back burnered a secure flash redux.

steve jobs, for all his faults, was not an idiot and walked away from flash at that point.

google has very serious beef with adobe/flash because google's upper tier security team ran a massive flash audit program that slid adobe exploitable issues, really asking nothing but public recognition, and adobe managed to fuck that all up because they absolutely 100% dont get how the security community thinks/works/acts, so adobe burned that bridge too.

but none of that is whats really going to kill flash. HTML5 is going to kill flash, in the fucking head, with a tire iron, in front of its wife and children.

[4Dragons]

Flash has been a demoted technology since the release of the first iPhone. It's just been a very slow death. The last Google update 'mobilegedden' was pretty much the end of it but a lot of people still haven't gotten the memo.

there is a lot going on beneath the hood thats fueling the google/apple vs flash friction. remember that in the mid/late 90s, flash's whole raison d'etre was that it was going to be the heir apparent for all mobile device UIs.

and around the time adobe needed to do a total teardown of the code and start proactively addressing security patches, two things happened:

1) they fired all their competent managers and outsourced everything they possibly could to india.

2) they got compromised and source code to pdf got exfiltrated (ostensibly to china), and within like days we started to see pdf zero days making the rounds.

so it was basically a perfect storm of internal chaos that permanently back burnered a secure flash redux.

steve jobs, for all his faults, was not an idiot and walked away from flash at that point.

google has very serious beef with adobe/flash because google's upper tier security team ran a massive flash audit program that slid adobe exploitable issues, really asking nothing but public recognition, and adobe managed to fuck that all up because they absolutely 100% dont get how the security community thinks/works/acts, so adobe burned that bridge too.

but none of that is whats really going to kill flash. HTML5 is going to kill flash, in the fucking head, with a tire iron, in front of its wife and children.

Moreover, Google can't read, parse and therefore rank anything in a flash container. Google hates flash, and every Indian restaurant in existence uses flash for their insanely non-mobile websites. Between HTML5, CSS3 and AJAX, flash has slowly been replaced, buy people like me, for the past few years.

[sonatine]

totally hadnt even considered that.

you know whats funny tho... once upon a time, adobe pitched pdf as the next generation solution to html. so in adobe-mind-land, all those flash data parsing issues would have been dealt with in some sort of rich media meta solution embedded in a pdf-generated www.