Mozilla yesterday said it will follow other browser markers by curtailing use of Flash in Firefox next month.
The open-source developer added that in 2017 it will dramatically expand the anti-Flash restrictions: Firefox will require users to explicitly approve the use of Flash for any reason by any website.
As have its rivals, Mozilla cast the limitations (this year) and elimination (next year) as victories for Firefox users, citing improved security, longer battery life on laptops and faster web page rendering.
"Starting in August, Firefox will block certain Flash content that is not essential to the user experience, while continuing to support legacy Flash content," wrote Benjamin Smedberg, the manager of Firefox quality engineering, in a post to a company blog.
Firefox 48 is slated to ship on Aug. 2.
[...]
Firefox is late to the dump-Flash party.
Original Source: http://www.computerworld.com/article/3098606/web-browsers/firefox-sets-kill-flash-schedule.html
-- submitted from IRC
(Score: 1) by fraxinus-tree on Monday July 25 2016, @11:07AM
... but we're not in Soviet Russia. If a browser gets in the way between the user and it's favorite porn/game/social website, the user just downloads and runs another browser and sticks with it until next annoyance. Most users don't care about security unless it's too late (and even then) so the security measures you suggest simply cannot work.
(Score: 2) by Runaway1956 on Monday July 25 2016, @11:15AM
But, I'm not speaking of Soviet style dictatorship. I'm merely talking about what should have been "best practices". Every browser development team in the world knew, or should have known, about flash vulnerabilities. I don't even suggest that they should have completely disabled flash. Simply make it known to users that flash was the worst thing possible to run on their machines, and block flash by default.
Give the user two or three screens to click through before he can get at his porn, or whatever.
Kinda like those bollards you see around buildings to prevent idiots from driving through the doors. A determined person can drive between most of them, but they stop most people from doing stupid shit by accident.
(Score: 2, Insightful) by fraxinus-tree on Monday July 25 2016, @11:41AM
> Give the user two or three screens to click through...
... and lose him to the other, default, less secure browser.
Security works only when it is not too invasive to the job done. Give them a complex, secure password and you will see it on a post-it note.
(Score: 4, Touché) by Thexalon on Monday July 25 2016, @01:32PM
A complicated password on a post-it note on a computer monitor is more secure than a simple password stored only in the users' brain. In order to read the post-it, an external bad guy first has to somehow physically get into the room with that computer monitor, and then somehow collect the contents of the post-it without anybody noticing, followed by guessing correctly what that is a password to. By contrast, in order to get the simple password, all they have to do is run an automated dictionary attack from the comfort of their own home or office.
What I'd actually tell an employee who is keeping their passwords taped to their monitor: "Please keep that in your wallet, not on your monitor."
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by frojack on Monday July 25 2016, @07:30PM
A longer easier to remember password is better than the punctuation explosion most password schemes require these days. No, I'm not suggesting "Correct Horse Battery Staple".
Anything you can't remember without yanking out your wallet (leather or digital) becomes a nuisance and just begs to be written down and posted everywhere.
Two Factor for the win. One on your phone, another on a usb key locked or hidden in your desk.(Yubico or similar).
No, you are mistaken. I've always had this sig.