Tidbit: Disable Adobe Flash on your browser

This is some quick security information related to Adobe Flash browser’s security. The usual disclaimers apply. If you’re worried that this page has links that may lead you to some malware sites then please just go to DuckDuckGo (just type in https://duckduckgo.com in your browser) or Google and search on the items that I’m referring to.

The Analogy

You’re camping in the woods with your family and some friends and your prankster friend John gives you a bottle of suntan lotion telling you that it’s the best stuff he’s ever used (he hasn’t pulled a prank in a long time, so you’re lulled into a sense of trust). Unbeknownst to you – John substituted %75 of the sun tan lotion with pure honey.

You slather the stuff and lie back on the camping chair to absorb the sunshine. You fall asleep in a nice midday nap. An hour later, you wake up with a stinging sort of pain all over your arms and legs – the very places where you put that honey infested suntan lotion. Bees are stinging you, and all kinds of bugs are chewing on you and that wonderful smelling lotion. You run screaming into the questionably clean camp showers as you vow to give John some payback.

As you scrub off the lotion you discover….

Who

Adobe Flash and you.

What

Adobe Flash is that honey from the analogy and the stinging bees/bugs are all those hackers that want to get your data (personal information, log-in access to your online bank account, and anything else that might be of value). Adobe Flash is an old technology that at one point provided the ability to receive rich media when browsers didn’t good native capabilities to do so (whether web games, videos like YouTube or those graphical billboard like ads).

Technology has marched forward while Adobe Flash has become a sweet target for malicious entities on the Internet. All of the rich media that Adobe Flash provided at one point can now be done through standard non-proprietary technologies: HTML5, JavaScript, and CSS (in other words – the stuff that already comes built in with the browser).

Steve Jobs wrote a very scathing and clear letter about Flash’s problems. His criticisms of Adobe Flash are as relevant today as they were in 2010. Although he focused on its use on mobile devices, the problems he outlined apply to Adobe Flash and its ilk across the board.

Where

Your browser. Any browser that you are using regardless of operating system (whether it is on Mac, Windows or Linux).

When

Now. You are vulnerable right now.

While Adobe Flash has had a continuous string of security issue, recently it has had several zero day vulnerabilities that have come to light through the hacking of an Italian company called Hacking Team.

Why

You need to to deal with Adobe Flash because it is a HUGE attack vector in order to reduce your attack surface.

How

You need to learn to practice computer hygiene (just like flossing):

  1. Update your operating system with the latest patches
  2. Update your browser to the latest version (this page also seems to good procedures to update but be careful and wary of reading anything you read on this page including the page that you are currently reading πŸ™‚ )
  3. Enable ‘click to play’ on Flash. This will prevent Flash from running automatically and it will give you the ability to play if you have to though most times you won’t have to.
    • Note that the latest version of FireFox does this for you, but to be safe you should still make sure that Adobe is not enabled by default.
    • You can tell that Adobe Flash is running by going to Adobe’s site (). If you see a spinning cube that keeps bouncing around at the top of your screen, then Flash is enabled by default.
  4. Look at the plug-ins in your browsers and remove anything that isn’t necessary. Spring cleaning time on the web is every day. Adobe Flash is the current poster child for browser plug-in security problems but there are plenty of other browser plug-in parasites. To remove browser plug-ins check:

Conclusion

If you want perfect safety, then you need to shut off your wifi and disconnect any Ethernet cables from your computer (if applicable). Do what you can and let’s be careful out there

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s