Mozilla blocks Flash as Facebook security chief calls for its death

14 Jul 2015 | Author: | No comments yet »

Facebook chief security officer calls for Adobe Flash kill date.

The Mozilla Firefox web browser now blocks Flash by default. The legacy websites that are still using Flash, entangled with newer types of coding, are causing security issues for the Web at large, Facebook’s Alex Stamos said.Alex Stamos, the recently appointed chief security officer at Facebook, has called on software company Adobe to announce an “end-of-life date for Flash.” In a pair of tweets sent over the weekend, Stamos echoed a number of recent complaints from the security community that the software has become the vector for just too many hacking vulnerabilities.Mozilla has blocked all versions of Adobe Flash in its Firefox browser by default, following the discovery of numerous critical security flaws in the platform. Last week, a 400GB cache of files stolen from spyware company Hacking Team revealed a major vulnerability in Flash that allowed hackers to execute malicious code on a target’s machine via a website.

Although Adobe quickly issued a patch to fix the problem, Hacking Team’s internal memos describe the flaw as “the most beautiful Flash bug for the last four years,” suggesting it had been known about — and used — for some time previously. Three major Flash vulnerabilities were discovered when 400GB of security firm Hacking Team’s internal documents and product source code were leaked online. Adobe said last week that it fixed some vulnerabilities with its video player that, if exploited, “could cause a crash and potentially allow an attacker to take control.” In January, Google Inc.’s YouTube started defaulting to HTML5 for videos instead of Flash. This is far from an isolated incident: two additional vulnerabilities for Flash were found in the same 400GB trove in the following days, and earlier this year, Adobe was forced to release emergency security updates in both February and January.

Adobe has scrambled to fix problems as they have become public, but the web’s biggest companies have slowly withdrawn support from the software over the past few years. This seemingly unending list of vulnerabilities is why individuals like Stamos have turned against Flash, but the industry’s ire against the software is nothing new. YouTube dropped Flash as its default player in favor of HTML5 in January, and Chrome now intelligently pauses instances of Flash video on its pages — even Adobe stopped active development of Flash Player for mobile in 2011, recognizing it as inferior to HTML5.

In 2010, Apple CEO Steve Jobs famously penned an open letter called “Thoughts on Flash,” explaining why the company would not allow Adobe’s software on its devices. He cited issues with performance, battery life, and security as major problems, noting that Flash had “one of the worst security records in 2009.” So far, 2015 isn’t shaping up to be a good year for the software either. Maybe because there’s finally enough popular support to stomp the battery draining, ad-spewing, vulnerability prone, practically irrelevant exploit-filled software. http://gizmodo.com/disable-flash-…

Here you can write a commentary on the recording "Mozilla blocks Flash as Facebook security chief calls for its death".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site