May 29, 2008
Adobe Flash Player Pwned. Secure your Firefox.
If you're new here, please subscribe to my RSS feed. And follow me on twitter. Thanks for visiting!
I learned yesterday from a friend that the Adobe Flash Player has been compromised.
Essentially, the current version of the flash player is vulnerable to a buffer overrun exploit, allowing bad people to run software (presumably malicious) on your computer through your browser. According to Symantec, this is being actively exploited in the wild, and being spread through hacking with SQL injection attacks. A server exploit coupled with a browser exploit means trouble.
This led me to look for something to lock down my browser and prevent flash applications from being run, at least temporarily. I found noscript.net.
NoScript is a Firefox plugin that let’s you see and control any Java, Javscript, Flash, and other technologies running on websites that may introduce security issues. When running, it looks like this…
I tend not to be a paranoid guy when it comes to what’s going on behind the scenes at websites I visit, but while my security has been improved (*yawn*) this tool has a really great side effect. I get to see all the third party tools, trackers, widgets, etc. that are running on the sites I visit. And to an online marketer who likes to keep up on all things web 2.0, this is really, really nice.
In the above example, while browsing revenews.com (when it isn’t redirecting infinitely), I see that they’re running scripts and widgets from ShowYourAdHere.com, ScratchBack.com, and MyBlogLog.
Now all those are services that I know and trust, so I’d probably whitelist them. And while I knew about these services, just in the past day, I’ve come across a few services that I wasn’t aware of.
All these services are blocked by default, and I can whitelist them and allow them to work if I so choose.
It also has the effect of blocking the really annoying flash ads. Bonus.
Scary stuff considering almost everyone has Flash installed?
Just got a word from a friend that the next version will be out soon, probably on next monday.
<a href=”ttp://www.techtalkz.com”>Computer Forum
I heard a fix was coming soon.
This instructions are really helpful for do follow used in blog, website.
This is very good content on online marketer. thanks for share important data.
get to see all the third party tools, trackers, widgets, etc
Thats good
Has this been fixed yet or Firefox 3 is still vulnerable to it?
Hackers always find security flaws (most sql injection) in Flash Player…Unfortunatelly we have to use this software to surf web properly…
When will Flash be available for iPhone?
Is Noscript really worth the trouble of having to select sites to block. Seems every site tries to run a script and I have to accept or deny it.
No script is great but it seems to mess up flashplayer on websites and crashes firefox(vista pre sp1)
By disabling it i found that was the problem since flash player upgrade
It is surprising but true. Your life is expensive. At least, at its auction it could sell for good money.
Thanks for all the answers. Actually learned a lot. This is only until the end and not ?????????? that and from where.
At one site I have read almost the same selection of information, but thanks anyway.