On July 28, popular website Yahoo! became the one of the latest websites targeted by malicious ads that redirect to the Angler Exploit Kit, which attempts to take advantages of security holes in Adobe Flash. Yahoo! has an estimated 6.9 billion visitors per month.
From The New York Times:
The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.
Malwarebytes and Business Insider provide more information about this specific incident.
Yahoo! became aware of the attack on August 3 and has released a statement indicating their team has "taken action" (shortened):
"Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.... We'll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group...."
(Score: 4, Interesting) by mendax on Wednesday August 05 2015, @05:38AM
A few days ago I sent a message to the folks at NPR (that's National Public Radio for you non-American folks) complaining that in order for me to stream their audio content I have to have the Flash player installed and enabled in my browser. I have the more recent version of Flash installed on my Macs and Linux (yes, I know the Linux one is no longer supported) but I've disabled it in the browser because some web sites, including the New York Times and the Dice-owned and devastated one which we do not mention here, run video ads that just play after an auto-refresh of the page, driving me crazy. I told them it's crazy to require Flash because modern web browsers of the last several years don't require plug-ins to play audio or video. (Even the ancient version of Safari on my Snow Leopard-based MacBook has HTML5 support for MP3 and video streams.) Here's what they said to me:
And it's been hacked to death and is a security nightmare. Helloooooooo! Flash is obsolete for good reason! Google supports HTML5 features with YouTube, and even makes it easy to determine if your browser is compliant through its https://youtube.com/html5 [youtube.com] page.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by c0lo on Wednesday August 05 2015, @07:03AM
Yes, but it is not YouTube that makes Flash popular.
If you wonder what it is, I'll direct your attention to video format wars [wikipedia.org].
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by massa on Wednesday August 05 2015, @12:31PM
I always enable click-to-flash on Chrome. That way, I only run what I really want...