Jump to content

Please get rid of Adobe Flash


Recommended Posts

well the topic says it all.  :)

 

please get rid of adobe flash.

 

i recently had enough with all the security problems flash introduces and removed flash from all my systems.

 

alamy is one of 4 websites i use that still NEED flash.

 

please think about using HTML5 it´s better than flash anyway and more browser support it.

Edited by Lightboxx
  • Upvote 3
Link to post
Share on other sites

 

No problems here, usually

 

 

i had no problem with the functionality of flash either.. it works.

 

but it´s an open door for all kind of malware. it´s a security risk. 

only thing that´s worse is java...

 

many ransomware trojans use flash exploits.

Edited by Lightboxx
  • Upvote 1
Link to post
Share on other sites

Please eliminate Flash. I have it turned off.

 

However every time I use “manage images”, I am asked if I trust the Alamy website to use Flash. I check the URL, answer “not really”, and then do a voodoo dance around the office naked.

 

The frequent updates for security reasons freak me out. Every time I update Flash, Adobe changes my Flash preferences to “we want permission to spy on you”.

  • Upvote 4
Link to post
Share on other sites
  • 2 weeks later...

for now im using a portable google chrome with alamy but it would be nice to have a HTML5 version.

 

chrome has flash included so i don´t need to install flash on my system.

 

but chrome is not my prefered browser and so i have to use two browsers.

  • Upvote 1
Link to post
Share on other sites
  • 3 weeks later...

. . . and then do a voodoo dance around the office naked.

 

A strong case perhaps for NOT always having a camera handy . . .

 

dd

Link to post
Share on other sites

Having just lost use of my desktop (terminal failure)I now have no access to 'Manage Images' as my tablet and smartphones won't / don't support flash...you've been promising non flash for ages......

Link to post
Share on other sites
  • 1 month later...

time to act....

 

 

"Google's Chrome web browser could be disabling all Flash content by default before the year's out.

 

El Reg has learned that developers with the Chromium Project are working on a new feature known as 'HTML5 by Default'.

 

The move could help to keep users safe by locking off a favorite target for web-based malware exploits."

 

http://www.theregister.co.uk/2016/05/13/kill_flash_now_chrome_may_be_about_to_do_just_that/

  • Upvote 1
Link to post
Share on other sites

I had to reinstall my PC, because I bought a bunch of new hard drives. 

On that new install I have left Flash off altogether and also do not plan to install it either. 

Currently I edit my keywords from an old laptop, that still has flash on it. 

Needless to say, the laptop does not contain any valuable data :)

 

It a little bit of a pain and I really hope the new member tools come soon.

Edited by hdh
Link to post
Share on other sites

Myself also cant not wait..... I am often on the road and am often in situation of "waiting". This time could be used for keywording on my smartphone.

 

Next to that the "Available to Alamy only" thick box is practical since I work only for Alamy now.

 

Mirco

  • Upvote 1
Link to post
Share on other sites

Mirco,

 

I was in that same situation, with some free time now and then, away from my desktop computer. I got the free browser Puffin for my iPad and can now keyword from it. Puffin allows for copy, cut and paste which I use since I enter the data on my desktop prior to uploading.

  • Upvote 1
Link to post
Share on other sites
  • 4 weeks later...

https://www.fireeye.com/blog/threat-research/2016/06/angler_exploit_kite.html


We recently encountered some exploits from Angler Exploit Kit (EK) that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7.
Angler EK uses complex multi-layered code obfuscation and leverages multiple exploits, as seen in Figure 1 and Figure 2. These capabilities make Angler EK one of the more sophisticated exploit kits in use at this time.
......
Within the deobfuscated JavaScript, which an attacker might inject into a webpage, we found that objects were being created for Flash (Figure 3) and Silverlight (Figure 4) to exploit vulnerabilities in those plugins.
....
The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion. These exploits do not utilize the usual return oriented programming to evade DEP. Data Execution Prevention (DEP) is a mitigation developed to prevent the execution of code in certain parts of memory. The Angler EK uses exploits that do not utilize common return oriented programming (ROP) techniques to evade DEP. Instead, they use Flash.ocx and Coreclr.dll’s inbuilt routines to call VirtualProtect and VirtualAlloc, respectively, with PAGE_EXECUTE_READWRITE, thus evading DEP and evading return address validation-based heuristics.

......

Afterwards, the exploit shellcode launches the TeslaCrypt process under normal exploitation context. In the case of fileless infections, the shellcode does not launch anything, but changes the protection constant of kernel32!ExitProcess to RWX for 5 bytes, then overwrites it with an inline jump to ntdll!RtlExitUserThread. This ensures the process stays alive even after closing the tab or closing the Internet Explorer window. In either of above cases, the attacker has full control over shellcode and it can pretty much execute anything it wants without EMET doing anything.


you see flash is an open door in any system.

protect your users alamy!!

 

many exploit kits like ANGLER use FLASH or SILVERLIGHT to do their dirty jobs.


that means every script kid can write malware that even circumvents EMET, DEP.

Edited by Lightboxx
Link to post
Share on other sites

https://www.fireeye.com/blog/threat-research/2016/06/angler_exploit_kite.html

We recently encountered some exploits from Angler Exploit Kit (EK) that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7.

Angler EK uses complex multi-layered code obfuscation and leverages multiple exploits, as seen in Figure 1 and Figure 2. These capabilities make Angler EK one of the more sophisticated exploit kits in use at this time.

......

Within the deobfuscated JavaScript, which an attacker might inject into a webpage, we found that objects were being created for Flash (Figure 3) and Silverlight (Figure 4) to exploit vulnerabilities in those plugins.

....

The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion. These exploits do not utilize the usual return oriented programming to evade DEP. Data Execution Prevention (DEP) is a mitigation developed to prevent the execution of code in certain parts of memory. The Angler EK uses exploits that do not utilize common return oriented programming (ROP) techniques to evade DEP. Instead, they use Flash.ocx and Coreclr.dll’s inbuilt routines to call VirtualProtect and VirtualAlloc, respectively, with PAGE_EXECUTE_READWRITE, thus evading DEP and evading return address validation-based heuristics.

......

Afterwards, the exploit shellcode launches the TeslaCrypt process under normal exploitation context. In the case of fileless infections, the shellcode does not launch anything, but changes the protection constant of kernel32!ExitProcess to RWX for 5 bytes, then overwrites it with an inline jump to ntdll!RtlExitUserThread. This ensures the process stays alive even after closing the tab or closing the Internet Explorer window. In either of above cases, the attacker has full control over shellcode and it can pretty much execute anything it wants without EMET doing anything.

you see flash is an open door in any system.

protect your users alamy!!

 

many exploit kits like ANGLER use FLASH or SILVERLIGHT to do their dirty jobs.

 

 

that means every script kid can write malware that even circumvents EMET, DEP.

This is starting to sound like a campaign.

Alamy has said it will have an alternative soon. Meanwhile I don't see scores of posts in the forum about security problems caused by Alamy's use of Flash.

Let Alamy get on with it.

  • Upvote 1
Link to post
Share on other sites

 

Meanwhile I don't see scores of posts in the forum about security problems caused by Alamy's use of Flash.

 

 

it´s important to me that this is adressed quickly.. not in another 3 years. yes. :)

 

alamy is the reason some people (who don´t want flash) still must have the flash plugin on their systems.

there is no alternative when you want to use alamy.

ok there is chrome but that is not always an alternative and we don´t know for how much longer..

 

and i doubt users who have been attacked by flash malware write in this forum about it.

the security issue is the flash plugin you have installed on your system, not so much the alamy website (it could be any other website that uses flash).

 

 

 

I've never had any problems with any sort of attacks on my PC after using the Internet since most people didn't know what it was, and I use the Internet a lot on lots of devices,

 

that some people don´t have issues means nothing.

it´s like saying smoking is no health issue because you smoke and did not experience any bad effects yet,

statistically, you alone are unimportant.

 

i was not affected by malware in over 14 years (knock on wood).

but only because i am using a firewall and antivirus software that i keep up to date.

and as i started with a ZX81 when i was 8.... i have some "common sense" when it comes to computer and security, :)

 

but i know people (because i cleaned their systems) who had their systems locked down by ransomeware that was distributed via flash exploits.

believe me you don´t want that....

 

 

 

I know there are threats, but it isn't only with Flash, although it does get talked about more than anything else

 

no it´s not only flash. but flash is used by the majority of exploits.

 

 

apple safari blocking FLASH:

 

https://webkit.org/blog/6589/next-steps-for-legacy-plug-ins/

Edited by Lightboxx
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.