Tuesday, July 14, 2015

All against flash

Mozilla has announced that all Adobe Flash Player versions  are blocked by default in Firefox browser. The reason is a wave of exploits which attack various 0days discovered in Flash and with no known patches yet. 0days, certainly, discovered in files stolen to Hacking Team company. We will talk about it, as well as about the compensation of a bank to its customers for not been able to protect their data and we´ll talk about encryption Wars too.

Speed Force courtesy
Yesterday the new Facebook security chief declared Flash Player should be eradicated from the face of the Internet. His words were in tune with an increasingly widespread opinion among cybersecurity experts: Flash Player is a nest hole and must be removed from the moment that there are alternatives to it use, such as HTML5, which is already used by YouTube. Following the wave, Mozilla has blocked Flash in Firefox until Adobe does not make public patches for the latest  vulnerabilities.

Wave of exploits against Flash

Everything comes from the leak of the Italian company Hacking Team, where  three Flash and one Java 0days have been discovered. Within hours of its discovery, various exploit kits like Angler, Magnitude, Neutrino, Rig and HanJuan had integrated the 0days. This means that any computer which does not have Flash off is at the mercy of these exploits. It is recommended to disable or even, as stated by the head of security of Facebook, remove it.

250 pounds compensation

Moving on to other issues, today we highlight the initiative of Barclays which will offset 500,000 pounds to 2,000 customers whose personal data was stolen and found on a USB in an apartment on the south coast of England. Barclays has sent a letter to those affected explaining them that the data was encrypted and the bank had them because these customers gave them to an adviser from Barclays Financial Plan in 2008. Each user will get 250 pounds.

The whole truth about the CriptoWar

We end just as always, with a text to read quietly, when the stress of the day comes to an end. In the United States the government has awakened an old debate we thought extinct: the need to include back doors on encryption software. Following the use of encryption by apps like Whatsapp, the the law enforcement agencies require access to some iPhones and Androids that are increasingly using stronger encryption. Excellent article, well written and documented on Criptowars.

Hopefully our bi will serve to make our readers consider disabling Flash in their systems. A search on Google will show you how to do it very easily.


Post a Comment