Flash is Dying a Death by 1,000 Cuts, and That’s a Good
Thing
The end of Adobe’s video carrier is nigh
as Amazon marks the first of the big-name advertisers to block Flash ads, while
Google’s Chrome will ‘intelligently pause’ them
Samuel Gibbs
Monday 24 August 2015 10.24 EDT
Adobe’s Flash, hated the world over for slowing down computers, containing more holes in security than swiss cheese and stubbornly being the video carrier of choice until recently, is dying.
Video players are migrating to other systems, even if Microsoft’s Silverlight isn’t much better. HTML5-based video and animations are becoming mainstream, and uploaders and other more advanced web-based features can now be replaced with code that doesn’t rely on Flash.
And it’s happening for a good reason. As other components of a web browser and operating system have become more secure, Flash is one of the biggest sources of security vulnerabilities. Hackers love it.
Hacking Team’s commercially available government-supplied tools relied on holes in Flash to hack individuals and companies, for instance, just by users browsing sites unknowingly being digitally broken into.
Even Adobe, Flash’s developer, doesn’t seem to love the much maligned system. Like Microsoft with Windows XP, Adobe’s been trying to migrate companies away from using its own tools while putting out fires left, right and center.
The one major hold out for dumping Flash wholesale has been advertisers. In June, over 100m adverts were displayed to users globally with Flash, while 84% of banner ads are still Flash, according to Ad Age.
Google took the first step by announcing that come September its Chrome browser will not run Flash adverts by default, meaning that the user has to click to enable the advert. Something virtually no one is likely to do. Firefox also blocked Flash over security concerns.
Now Amazon has banned Flash ads from appearing on its ad platform across its sites. Amazon is not the biggest advertising platform, but it is one of the first big name ones to adopt such a policy.
It marks the beginning of the end for Flash (Occupy Flash will be happy). More advertising platforms are likely to follow. When Chrome and its 51% of global browsers, according to data from Statcounter, start to “intelligently pause” Flash ads in September advertisers will be forced to switch wholesale.
The reasons for Flash to exist will then, hopefully, peter out to embedded tools and systems built within Flash, such as administrative tools. Most home users will no longer be burdened with Flash, which will be good for your computer, your battery, your security and your sanity.
For those that want to experience a Flash-free world right now, it is possible to disable Flash entirely within your browser or set it to require a click to enable it each time something wants to use Flash.
Mobile devices such as iOS and Android smartphones and tablets have mostly been Flash-free for years and they work just fine for the most part. Soon everything will have that speedy, Flash-free existence and humanity will be all the better for it.
Warning Over Adobe Flash Vulnerability Revealed by Hacking
Team Leak
Tech
company promises patch within a day for major new flaw uncovered by leak of
400GB of documents from hacking firm
Alex Hern | @alexhern
Wednesday 8 July 2015 05.15 EDT
An
unpatched security flaw in Adobe Flash, discovered then kept secret by Italian
cyber-surveillance firm Hacking
Team, is now being used by malware developers to hack victims’ computers
following the leak of over 400GB of data from the company’s servers.
Adobe,
which
says it expects to publish a patch for the vulnerability at some point on
Wednesday, warns that “successful exploitation could cause a crash and
potentially allow an attacker to take control of the affected system”.
Symantec
warned on Tuesday that “it can be expected that groups of attackers will rush
to incorporate it into exploit kits before a patch is published by Adobe”. And,
sure enough, it
appears that virus writers are already using the security flaw to deliver
cryptolocker software, which encrypts a users’ data and demands payment to
unlock it, on to unsuspecting computers.
The
Hacking Team hack, which saw a BitTorrent file of the massive data dump posted
to the company’s public twitter feed, contained emails, presentations and
source code for its software.
The
initial effect of the leak was an embarrassing number of revelations about the
actions and clients of the firm, which largely provides software for law
enforcement and national security to hack into the computers and mobile devices
of targets.
But
the leak also included the code for much of the company’s hacking software, and
now virus writers are incorporating the code into their own malware. While many
of the security holes used in the company’s “remote control service” (the name
for its hacking software) were already publicly known and patched, there were a
few vulnerabilities the company had managed to keep secret.
Known
as “zero-day” vulnerabilities – because the affected companies have had zero
days to release a patch – they are now being used by the wider community of
malware authors, as well as Hacking Team itself. The new vulnerabilities were
even accompanied by readme files, intended for internal use at Hacking Team to
explain how to deploy them, which likely further reduced the time until the
virus authors were able to use them in their own software.
Until
the Adobe Flash patch is published, web users should be wary of visiting
untrusted websites, and may want to enable “click
to play” to prevent untrusted Flash files from activating.
Questions in Brussels
Meanwhile,
Dutch MEP Marietje Schaake has
asked pointed questions in the European parliament about the revelations
contained within the Hacking Team data dump. The documents suggest that two of
Hacking Team’s clients include Russia and Sudan, two countries covered by EU
sanctions.
Schaake
asked of the commission whether it believed that the company “has violated EU
sanctions regimes”.
She
also asked the commission whether it knew of “any prior authorization given by
the Italian authorities that would allow Hacking Team to export its products to
Sudan or Russia”, and whether or not the company asked the commission
explicitly about export controls to those two countries.
No comments:
Post a Comment