Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Security Experts are Recommending you Uninstall Adobe Flash
Old 07-13-2015, 04:15 PM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,467
Security Experts are Recommending you Uninstall Adobe Flash

We've gotten rid of Adobe Flash on all our computers at home. Adobe has released security fix after fix after fix in the past few weeks. Enough already!

I'd been running with it disabled for a over a week, so I know my main sites work no problem.

It's time to uninstall Adobe's Flash from your Mac - here's how
Quote:
Adobe has patched more than twenty Flash vulnerabilities in the last week — some of them days after active exploits were discovered in the wild — and issued over a dozen Flash Player security advisories since the beginning of this year. Flash has become such an information security nightmare that Facebook's Chief Security Officer called on Adobe to sunset the platform as soon as possible and ask browser vendors to forcibly kill it off.
Third Hacking Team Flash Zero-Day Found: Krebs on Security
Quote:
For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world.
__________________

__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 07-13-2015, 05:14 PM   #2
Thinks s/he gets paid by the post
walkinwood's Avatar
 
Join Date: Jul 2006
Location: Denver
Posts: 2,676
Thanks for the post. I hate Adobe flash and have just removed it. Now to see what breaks.
__________________

__________________
walkinwood is offline   Reply With Quote
Old 07-13-2015, 05:21 PM   #3
Moderator
MBAustin's Avatar
 
Join Date: Jul 2010
Posts: 4,152
Quote:
Originally Posted by walkinwood View Post
Thanks for the post. I hate Adobe flash and have just removed it. Now to see what breaks.
+1

Interestingly, for the past several days, Safari has been running "hot" on my Macbook. I didn't track it specifically, but it started around the time I did the last Flash update. Now that I have uninstalled Flash, it's back to normal again. I tried identifying the process that was running up the CPU in Activity Monitor, but it was always just generic "Safari".

Edit: First thing that is broken is the feature here on ER.org that lets you watch a YouTube video within a post. But I just clicked the link at the top of the window and it went to YouTube directly which worked fine. Minor hassle.
__________________
"One of the funny things about the stock market is that every time one person buys, another sells, and both think they are astute." William Feather
----------------------------------
ER'd Oct. 2010 at 53. Life is good.
MBAustin is offline   Reply With Quote
Old 07-13-2015, 05:33 PM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,467
Quote:
Originally Posted by MBAustin View Post
+1

Interestingly, for the past several days, Safari has been running "hot" on my Macbook. I didn't track it specifically, but it started around the time I did the last Flash update. Now that I have uninstalled Flash, it's back to normal again. I tried identifying the process that was running up the CPU in Activity Monitor, but it was always just generic "Safari".

Edit: First thing that is broken is the feature here on ER.org that lets you watch a YouTube video within a post. But I just clicked the link at the top of the window and it went to YouTube directly which worked fine. Minor hassle.
Embedded YouTube works on my iPad, and under the "Develop" menu for Safari you can tell it to mimic iPad instead of desktop. I think you have to go somewhere in Safari preferences to turn on the Develop menu.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 07-13-2015, 05:36 PM   #5
Full time employment: Posting here.
 
Join Date: Feb 2014
Posts: 731
Is the vulnerability just for Flash or also Adobe Shockwave?

And, what about Flash internal to Chrome? Is that vulnerable as well?
__________________
BBQ-Nut is offline   Reply With Quote
Old 07-13-2015, 05:37 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,677
I decided maybe the OP is right about this. So using the Firefox browser on my PC, I found that one can choose an Ask-to-activate option. This will allow me to check out my usage of the Adobe Flash player which I suspect is very rare. Eventually I may uninstall it.

To do this just click on the 3 horizontal bar symbol (far right on my browser) and select:
Add-ons -> Plugins -> Shockwave Flash
and then set the button to Ask-to-activate

From my web search, Adobe Flash player and Shockwave Flash are the same. See: https://support.mozilla.org/en-US/questions/1037000
__________________
Lsbcal is offline   Reply With Quote
Old 07-13-2015, 05:43 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,467
Quote:
Originally Posted by BBQ-Nut View Post
Is the vulnerability just for Flash or also Adobe Shockwave?

And, what about Flash internal to Chrome? Is that vulnerable as well?
There are some answers in the linked articles - Chrome is discussed.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 07-13-2015, 05:46 PM   #8
Moderator
MBAustin's Avatar
 
Join Date: Jul 2010
Posts: 4,152
Quote:
Originally Posted by audreyh1 View Post
Embedded YouTube works on my iPad, and under the "Develop" menu for Safari you can tell it to mimic iPad instead of desktop. I think you have to go somewhere in Safari preferences to turn on the Develop menu.
I have the Develop menu active already, so I tried this (neat feature - didn't know it existed before!) but the embedded video still isn't working. Will tinker a bit when I have some time to experiment. Thanks for the tip.
__________________
"One of the funny things about the stock market is that every time one person buys, another sells, and both think they are astute." William Feather
----------------------------------
ER'd Oct. 2010 at 53. Life is good.
MBAustin is offline   Reply With Quote
Old 07-13-2015, 06:10 PM   #9
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Various attack vectors are present in both "Flash" and the "Shockwave" broswer plug-in.

We've disabled these and deleted all the relevant files from our systems.

Sadly, MIL insists that she has to have her Flash plugin, so she doesn't see the scary messages when some ads don't work on pages she frequents. I'm going to try to get her to document and set her various accounts up such that we can swap out payment mechanisms when the inevitable happens.
__________________
M Paquette is offline   Reply With Quote
Old 07-13-2015, 06:15 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,467
Quote:
Originally Posted by MBAustin View Post
I have the Develop menu active already, so I tried this (neat feature - didn't know it existed before!) but the embedded video still isn't working. Will tinker a bit when I have some time to experiment. Thanks for the tip.
Hmm - thought that would work. Usually embedded YouTube works on my iPad.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 07-13-2015, 06:19 PM   #11
Recycles dryer sheets
 
Join Date: Mar 2014
Location: Islands
Posts: 330
thanks for the heads up!
__________________
Travelwanted is offline   Reply With Quote
Old 07-13-2015, 08:34 PM   #12
Thinks s/he gets paid by the post
Free To Canoe's Avatar
 
Join Date: May 2008
Location: Cooksburg,PA
Posts: 1,738
I uninstalled adobe flash on my windows7 machine. Now YouTube does not work.


However, thanks for the heads up on the security issues. I might go without Youtube for a while.
__________________
Free to canoe
Free To Canoe is offline   Reply With Quote
Old 07-13-2015, 09:01 PM   #13
Thinks s/he gets paid by the post
Free To Canoe's Avatar
 
Join Date: May 2008
Location: Cooksburg,PA
Posts: 1,738
YouTube Working now.


Computers!
__________________
Free to canoe
Free To Canoe is offline   Reply With Quote
Old 07-13-2015, 09:32 PM   #14
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Quote:
Originally Posted by Lsbcal View Post
I decided maybe the OP is right about this. So using the Firefox browser on my PC, I found that one can choose an Ask-to-activate option. This will allow me to check out my usage of the Adobe Flash player which I suspect is very rare. Eventually I may uninstall it.

To do this just click on the 3 horizontal bar symbol (far right on my browser) and select:
Add-ons -> Plugins -> Shockwave Flash
and then set the button to Ask-to-activate

From my web search, Adobe Flash player and Shockwave Flash are the same. See: https://support.mozilla.org/en-US/questions/1037000
That is the way to go. Initially I turned on the Ask-to-activate feature so that I wouldn't have to look at the 100's of previews being pushed to my browser.

But, as some will find out when they uninstall or disable flash, there are certain web sites which use flash for interactive graphs, for instance. So you will not be able to get those features.

Ask-to-activate is a much better approach.
__________________
target2019 is offline   Reply With Quote
Old 07-14-2015, 04:54 AM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,467
There is some mention that "click to enable" which is perhaps the same as ask-to-activate, does not provide enough protection, and that just having the flash dlls on your windows machine makes it vulnerable. So I encourage you to research whether ask-to-activate is truly safe. If so, why aren't the warning articles promoting that approach?
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 07-14-2015, 07:12 AM   #16
Thinks s/he gets paid by the post
DFW_M5's Avatar
 
Join Date: Sep 2003
Posts: 4,982
Thanks Audrey, you are now appointed the official chief of keeping our Macs safe
__________________
Doing things today that others won't, to do things tomorrow that others can't. Of course I'm referring to workouts, not robbing banks.
DFW_M5 is offline   Reply With Quote
Old 07-14-2015, 08:18 AM   #17
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,712
Note that Firefox 39.0 has now labeled shockwave flash as hazardous and puts up a warning when any such features appear in a web site.
__________________
meierlde is online now   Reply With Quote
Old 07-14-2015, 09:06 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,467
Quote:
Originally Posted by DFW_M5 View Post
Thanks Audrey, you are now appointed the official chief of keeping our Macs safe
Don't know about that! LOL!
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 07-14-2015, 10:00 AM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,677
Quote:
Originally Posted by audreyh1 View Post
There is some mention that "click to enable" which is perhaps the same as ask-to-activate, does not provide enough protection, and that just having the flash dlls on your windows machine makes it vulnerable. So I encourage you to research whether ask-to-activate is truly safe. If so, why aren't the warning articles promoting that approach?
I really don't know if just disabling will be protective enough. This article implies that: Disable Flash In Chrome, Firefox, Safari, Other Web Browsers To Keep Your PC Safe From Vulnerabilities | Redmond Pie

Also this recently from Krebs seems to say that disabling is an OK way to go:
https://krebsonsecurity.com/2015/07/...ero-day-found/

I'm only disabling as a temporary test to see if I will miss Adobe Flash for some application. If no issues then I'll uninstall it.

This is what I now see on the BBC site (as an example):



I also noticed that tinyPic was not working right for me to get the "IMG" info for the above image. I had to allow adobe flash temporarily on that site to get this picture. So this is an example of something I need that would be broken if I uninstall Adobe Flash.
__________________
Lsbcal is offline   Reply With Quote
Old 07-14-2015, 10:21 AM   #20
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
As with any known security threat, install the update the publisher will provide. It's really that simple.

When Windows finds a zero-day, if you have automatic updates ON, it will be patched. Some goes for Adobe. If you go for the manual method as I do, wait for the notice, and then do the update or patch in a controlled way.
__________________

__________________
target2019 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vanguard recommending increase in International exposure from 30 to 40%. cbo111 FIRE and Money 31 04-21-2015 02:32 AM
Adobe Flash Security Problem redduck Other topics 6 11-17-2013 09:44 PM
Next they'll be recommending bed rest haha Health and Early Retirement 17 06-07-2012 08:26 AM
Calling Mortgage Experts (or non-experts, doesn't matter) 034runner Young Dreamers 6 10-10-2007 06:27 AM
Adobe Reader Help grumpy Other topics 0 01-12-2007 12:13 PM

 

 
All times are GMT -6. The time now is 12:23 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.