comments Written By: Scott Jangro
May 29, 2008

Adobe Flash Player Pwned. Secure your Firefox.

I learned yesterday from a friend that the Adobe Flash Player has been compromised.

Essentially, the current version of the flash player is vulnerable to a buffer overrun exploit, allowing bad people to run software (presumably malicious) on your computer through your browser. According to Symantec, this is being actively exploited in the wild, and being spread through hacking with SQL injection attacks. A server exploit coupled with a browser exploit means trouble.

This led me to look for something to lock down my browser and prevent flash applications from being run, at least temporarily. I found noscript.net.

NoScript is a Firefox plugin that let’s you see and control any Java, Javscript, Flash, and other technologies running on websites that may introduce security issues. When running, it looks like this…

ReveNews | Discussion of Online Advertising, CPA, SEO, Affiliate and Next Generation Marketing.jpg

I tend not to be a paranoid guy when it comes to what’s going on behind the scenes at websites I visit, but while my security has been improved (*yawn*) this tool has a really great side effect. I get to see all the third party tools, trackers, widgets, etc. that are running on the sites I visit. And to an online marketer who likes to keep up on all things web 2.0, this is really, really nice.

In the above example, while browsing revenews.com (when it isn’t redirecting infinitely), I see that they’re running scripts and widgets from ShowYourAdHere.com, ScratchBack.com, and MyBlogLog.

Now all those are services that I know and trust, so I’d probably whitelist them. And while I knew about these services, just in the past day, I’ve come across a few services that I wasn’t aware of.

All these services are blocked by default, and I can whitelist them and allow them to work if I so choose.

It also has the effect of blocking the really annoying flash ads. Bonus.

Viewing 13 Comments

Trackbacks

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus