SoylentNews is people
SoylentNews
A ComputerWorld story explains that Mozilla has taken the unusual step of blocking all Flash after the announcement of the third 'zero-day' vulnerability in the last few days. It is possible to override the block by user selection for a single flash link or for all links. The block is in force even if Flash player has been updated since the first vulnerability was announced.
Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
After reading the block warning, Firefox users can still run Flash content by authorizing the plug-in's operation. Since then a third Flash zero-day has cropped up.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
(Score: 3, Interesting) by hash14 on Tuesday July 14 2015, @11:22PM
I can't see a single benefit that Adobe gets from keeping the wraps on this product. Hackers are running in circles around them, exploiting one vulnerability after another. These exploits are made known after one small-time hacking organization has been exposed - how many zero-days do you think other organizations have, including those of oppressive (and well-funded) governments? And this is for a platform that's dying, so there's absolutely no chance that they intend to expand on it, so it's not like they would be losing any future investment opportunity.
Adobe keeping this product closed source and under their abysmally poor stewardship is harmful for the entire internet community and everyone who uses it. Understood that open sourcing Flash would breathe more life into it as people would actually work on it to improve it and fix its issues, and also that open source doesn't automatically provide 100% security. But the alternative is to leave everyone on the internet at a much greater risk. Of course, knowing Adobe, that's probably of very little consequence to them.
And the best part is that this whole circus is going to start all over with the Web DRM module that they're supposed to provide. It will be a major shitstorm, but it's primarily going to affect censorship promoters, so I won't be all that upset to watch it happen.
(Score: 4, Insightful) by jmorris on Wednesday July 15 2015, @12:40AM
If they dumped the source out, how many zero day exploits do you think would be found in the first week? The code is obviously a roach motel and has been for years. Sure, a year later it would probably be fairly safe but who would get the hit to their reputation? Adobe. No, better to just bury their mistake and hope everyone eventually just forgets.
And probably better for the net too, an open sourced Flash Player would run the risk of extend the life of Adobe's content creation tools and all of those are closed and none run on Linux. So everyone who likes Free Software should want to see the day Flash dies.
(Score: 4, Insightful) by Grishnakh on Wednesday July 15 2015, @01:41AM
Why would open sourcing it fix anything at all? You seem to be assuming a bunch of top-notch programmers are going to take it upon themselves to do security audits of Adobe's code, for free. Why would they do that? Anyone who was really interested in volunteering for such a project would already be working on Gnash, but look how dead that project is.
It's simple: FOSS programmers don't want to waste their time with a dying technology, which is what Flash is. This doesn't mean that people aren't willing to work on projects for free, but Flash just isn't one of them.
The only fix for this problem is for the browsers to all block Flash, so that stupid website operators who still use it are forced to fix their sites. In this age of HTML5, there is simply no reason at all to use Flash.
(Score: 1) by Pino P on Wednesday July 15 2015, @02:25AM
The only fix for this problem is for the browsers to all block Flash, so that stupid website operators who still use it are forced to fix their sites.
How would (say) Newgrounds go about fixing its site?
In this age of HTML5, there is simply no reason at all to use Flash.
With one exception: to play legacy SWFs that don't work well in Shumway, Mozilla's Flash Player clone written in JavaScript.
(Score: 2) by Grishnakh on Thursday July 16 2015, @01:44AM
I'm not sure what to tell your about Newsgrounds, other than that they need to fix their site (assuming you're talking about "newsgrounds.com"). I just went there and got a blank page.
Of course, if their page is powered by Flash, I'm using the latest Firefox which blocks it, so that would explain it. But again, that's their problem. Basing your whole web business on some bloated, bug-filled, proprietary POS instead of regular HTML is a recipe for disaster.
(Score: 1) by Pino P on Thursday July 16 2015, @07:40PM
That's Newgrounds [newgrounds.com] (one S), not Newsgrounds (two S's). It's like YouTube, except for SWF vector animations and games instead of pixel-based video.
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @03:24AM
Isn't that "strength" basically the sole reason for using anything open source? Are you saying that "many eyes" line people always use to explain how open source is infinitely superior to everything is a li?
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @10:10AM
No. Richard M. Stallman uses a GNU/Linux operating system, [stallman.org] but I'm pretty sure the reason that he does is not that so many people look for bugs in the Linux kernel.
(Score: 0) by Anonymous Coward on Wednesday July 15 2015, @03:43AM
Many years ago I had to deal with a developer from Adobe. He was pretty obnoxious and was convinced that Adobe was better at programming than any other company. I got the distinct impression that he wasn't the only one at Adobe that felt that way. I doubt they could imagine that things could be better with someone else helping out.
(Score: 3, Insightful) by twistedcubic on Wednesday July 15 2015, @04:18AM
I'd rather see Flash die. Is it good for anything?