dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1017

OldNavyGuy
join:2018-07-24
Newberg, OR

5 recommendations

OldNavyGuy

Member

Top ten security vulnerabilities most exploited by hackers

»www.zdnet.com/article/th ··· attacks/

therube
join:2004-11-11
Randallstown, MD

3 recommendations

therube

Member

Flash?
Is Flash still enabled, by default, in browsers? Is it even used anymore, anywhere?

Exploits against Windows?
Get real! Everyone uses Windows 10 which is impervious, impervious I say. And that's no fake news!
And even if IE were exploitable, it's not even used anymore. Everyone from Win7 & up uses Edge.
(What do you mean that Edge isn't available in Win7? Yet .)

In a Mozilla browser, older Flash are regularly blacklisted, so even if one were to have an ancient version installed... (Not to mention that Flash updates itself, by default. And Win10 "updates" itself too - even if you don't want it :evilgrin:.)

Aren't IE updates included in MS's monthly "security updates"? So why are old versions of IE still about? Unless they're talking about IE6.
Kiwi88
Premium Member
join:2003-05-26
Bryant, AR

1 recommendation

Kiwi88 to OldNavyGuy

Premium Member

to OldNavyGuy
Developers still have an issue getting over Flash & Java, if the updated format was used (HTML5) nobody would still be raising the dino code.

OldNavyGuy
join:2018-07-24
Newberg, OR

OldNavyGuy

Member

Commercial websites aren't going to retool unless they have to.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

5 recommendations

cramer to therube

Premium Member

to therube
said by therube:

Flash?
Is Flash still enabled, by default, in browsers? Is it even used anymore, anywhere?

Hate to break it to you, but, yes, flash is still everywhere. And absolutely necessary to get certain things done. (don't let vmware fool you, their HTML5 UI is not "feature complete" -- or "good" for that matter.)
Kiwi88
Premium Member
join:2003-05-26
Bryant, AR

Kiwi88 to OldNavyGuy

Premium Member

to OldNavyGuy
You are right, economics. However, that's exactly how these problems continue into perpetuity. I spent years getting blasted around here from Java & Flash lovers, certainly both coding methods do what was intended, sloppy code though is still an acceptable standard and practice after a good decade of knowing why they are pitfalls. in a work environment, people are stuck, but this continues because both coding methods are largely aimed at non techie types, who just want [//cc] there children's educational game to work.

Adopting updated software is a real problem, proprietary based systems that require them, very old hardware, still runs them and the cost factor typically implodes well thought out advances in problem solving these two "Flash & Java" perpetual problems. Nobody is in a hurry to hold failure to the fire.

ashrc4
Premium Member
join:2009-02-06
australia

ashrc4

Premium Member

I wouldn't use java and flash together in a comparison when talking exploitation.

Java had multiple times large amounts of code altered in order to stem off exploits and has a different environment/dynamic/exploit vectors to that of flash.
Kiwi88
Premium Member
join:2003-05-26
Bryant, AR

1 recommendation

Kiwi88

Premium Member

They are both rudimentary code, utilized by lazy programmers. The years of issues prove it. Not to say they are alone, but both have had a substantial impact, more so than other software that's developed, in a negative working environment. I'm not picking one over the other, comparatively they both fail.
defcon_1
join:2013-10-19

3 recommendations

defcon_1

Member

Wonder if these exploits are performed when users are running under an Admin or Standard User account?
Kiwi88
Premium Member
join:2003-05-26
Bryant, AR

Kiwi88

Premium Member

Don't think it matters.

mackey
Premium Member
join:2007-08-20

mackey to cramer

Premium Member

to cramer
said by cramer:

Hate to break it to you, but, yes, flash is still everywhere.

No, it's not. Perhaps some niche applications which couldn't be bothered to keep their stuff up-to-date still use it, but for the average user it is completely unnecessary. Personally I've been completely 100% Flash free and haven't noticed anything not working.

OldNavyGuy
join:2018-07-24
Newberg, OR

3 recommendations

OldNavyGuy to cramer

Member

to cramer
said by cramer:

Hate to break it to you, but, yes, flash is still everywhere

Not exactly...a couple of studies below.

One year ago - 5% of all sites.

»www.bleepingcomputer.com ··· ars-ago/

As of this month - 3.6% of all sites.

»w3techs.com/technologies ··· /all/all
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

2 recommendations

cramer

Premium Member

I'm not talking about random internet websites. I'm talking about commercial / business applications. Have VMware? There will be parts requiring the old flash interface -- and others are significantly faster in the flash ui. (their own engineers used the C# client right up to the day it stopped working -- v6.5) Have some old-ish Sun/Oracle, Dell, HP, IBM, etc. gear? Flash, and java, exist in many of those apps.

OldNavyGuy
join:2018-07-24
Newberg, OR

OldNavyGuy

Member

When Adobe drops support completely for Flash (Shockwave Flash support ends in 2020), they will be vulnerable.

I doubt that will be tolerated by customers who purchased those commercial/business applications.

MacGyver

join:2001-10-14
Vancouver, BC

2 recommendations

MacGyver to OldNavyGuy

to OldNavyGuy
The number one entry should be "boneheaded users gullibily giving away their personal info"

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

2 recommendations

Phoenix22 to OldNavyGuy

Premium Member

to OldNavyGuy
»helpx.adobe.com//shockwa ··· faq.html
End of Life for Adobe Shockwave
Applies to: Shockwave Player
Frequently Asked Questions (FAQ) for End of Life of Adobe Shockwave

Effective April 9, 2019, Adobe Shockwave will be discontinued and the Shockwave player for Windows will no longer be available for download.

OldNavyGuy
join:2018-07-24
Newberg, OR

4 recommendations

OldNavyGuy

Member

said by Phoenix22:

Effective April 9, 2019, Adobe Shockwave will be discontinued and the Shockwave player for Windows will no longer be available for download

Today is the day for Shockwave Flash. Enterprise customers get a little more time.

I meant to say support ends for Adobe Flash at the end of 2020.

Thanks for the correction.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

2 recommendations

antdude

Premium Member

said by OldNavyGuy:

said by Phoenix22:

Effective April 9, 2019, Adobe Shockwave will be discontinued and the Shockwave player for Windows will no longer be available for download

Today is the day for Shockwave Flash. Enterprise customers get a little more time.

I meant to say support ends for Adobe Flash at the end of 2020.

Thanks for the correction.

Flash should end earlier. :P

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

Phoenix22

Premium Member

imho.................that would be just ducky!!

intr0
join:2019-04-10
Reading, PA

4 recommendations

intr0 to OldNavyGuy

Member

to OldNavyGuy
Flash definitely should’ve pulled the plug a decade or so ago. At least actors like Mozilla stopped packaging it with those other icky plugins. The new secure ://web-ext protocol will see creative talent flourishing from individual devs and small teams instead of Adobe, Microsoft, Google, etc.

therube
join:2004-11-11
Randallstown, MD

therube

Member

(Mozilla never packed Flash.
Don't really recall it "packaging" any Plugins.

Though these days, while it doesn't package, it does shortly after first run, download (& install) GMPs.)

intr0
join:2019-04-10
Reading, PA

intr0

Member

Up until 2015. I can find the CVE if you’d like. Firefox uses (on Linux versions) an open media codec from Cisco. Don’t recall the name - H264 I believe.Firefox/ Mozilla installs GIMP? Firefox? Huh.

OldNavyGuy
join:2018-07-24
Newberg, OR

2 recommendations

OldNavyGuy

Member

On my Windows 10 system, it's the OpenH264 Video Codec.

This plugin is automatically installed by Mozilla to comply with the WebRTC specification and to enable WebRTC calls with devices that require the H.264 video codec. Visit »www.openh264.org/ to view the codec source code and learn more about the implementation.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

2 recommendations

Anav to OldNavyGuy

Premium Member

to OldNavyGuy
#1 - Click on a phishing thread entitled top ten security vulnerabilities most..............