Topic: A small WARNING - Flash player (Read 1663 times)

TheBoy · « **on:** 28 May 2008, 21:10:52 »

Sorry, I don't normally do such posts, but I know we have a lot of You Tubers here, and this one is making waves in the IT circles.... ....just be cautious until Adobe patch it.

http://blogs.zdnet.com/security/?p=1189

waspy · « **Reply #1 on:** 28 May 2008, 21:12:03 »

Thanx TB

Mr Skrunts · « **Reply #2 on:** 28 May 2008, 21:13:19 »

Cheers TB. Much appreciated.

rad cap · « **Reply #3 on:** 28 May 2008, 21:14:55 »

that went right over my :-Xhead. will stick to pen/paper

TheBoy · « **Reply #4 on:** 28 May 2008, 21:16:13 »

I should add yesterday's outage was related to this issue.

waspy · « **Reply #5 on:** 28 May 2008, 21:27:55 »

Quote

I should add yesterday's outage was related to this issue.

Should we refrain from posting links to YT for a while :-/ :question

TheBoy · « **Reply #6 on:** 28 May 2008, 21:32:20 »

Quote

Quote
I should add yesterday's outage was related to this issue.

Should we refrain from posting links to YT for a while :-/ :question

I would be inclined to stay away from any sites that use Flash. Trouble is, a massive number of websites have been compromised in last few weeks using a very clever SQL injection script, and many of these compromised websites are being used to host Flash files that can exploit this vulnerability. Thats why its so serious.

Jay w · « **Reply #7 on:** 28 May 2008, 22:10:39 »

<-------mac user.......don't get viruses

JiMbOb789 · « **Reply #8 on:** 28 May 2008, 22:15:32 »

thanks TB

Leomas · « **Reply #9 on:** 28 May 2008, 23:32:18 »

Love my LINUX

TheBoy · « **Reply #10 on:** 29 May 2008, 20:20:22 »

Quote

<-------mac user.......don't get viruses

The flaw exists in Mac versions, and Macs are vulnerable. You still need to run software to stop nasties - the Mac isn't any more inherently secure, its just not as popular.

TheBoy · « **Reply #11 on:** 29 May 2008, 20:21:05 »

Quote

Love my LINUX

LOL, same goes, Linux is equally vulnerable. Actually, probably more so, seeing as the kernel is rubbish

PaulW · « **Reply #12 on:** 29 May 2008, 20:52:16 »

Quote

Quote
Love my LINUX
LOL, same goes, Linux is equally vulnerable. Actually, probably more so, seeing as the kernel is rubbish

The kernel is only as rubbish as the way its compiled

One reason I stick with Gentoo and don't bother with genkernel, but go through it all myself, never had an issue!

Altho stuff like Ubu, Redhat and Fedora are built so modular (and bloated to cover many many architectures), they add to themselves in regards to problems and performance hits... Although out of those, Ubu does seem to be patched more often than the others.

The vulnerability though isn't down to kernel level, but purely down to the flash plugin itself. Windows will get patched earlier (as-is), Linux will get patched some other time, but this exploit has mainly taken off since it was used to hack Vista.

http://securitywatch.eweek.com/exploits_and_attacks/vista_hacked_with_adobe_flash_vulnerability.html

Even so, as long as people keep up with various patches and security fixes (regardless of OS), then they should have no issues.

Although I do like the way that it was an Ubu machine which was left standing after 3 days

But then again, Linux never runs its environment or shell as root (unless its a complete cock-jockey of a sysadmin or inexperienced user running it as root and not another user, or they can't configure sudo properly)

Albatross · « **Reply #13 on:** 29 May 2008, 21:15:00 »

Quote

Quote
Quote
Love my LINUX
LOL, same goes, Linux is equally vulnerable. Actually, probably more so, seeing as the kernel is rubbish

The kernel is only as rubbish as the way its compiled One reason I stick with Gentoo and don't bother with genkernel, but go through it all myself, never had an issue!

Altho stuff like Ubu, Redhat and Fedora are built so modular (and bloated to cover many many architectures), they add to themselves in regards to problems and performance hits... Although out of those, Ubu does seem to be patched more often than the others.

The vulnerability though isn't down to kernel level, but purely down to the flash plugin itself. Windows will get patched earlier (as-is), Linux will get patched some other time, but this exploit has mainly taken off since it was used to hack Vista.

http://securitywatch.eweek.com/exploits_and_attacks/vista_hacked_with_adobe_flash_vulnerability.html

Even so, as long as people keep up with various patches and security fixes (regardless of OS), then they should have no issues.

Although I do like the way that it was an Ubu machine which was left standing after 3 days But then again, Linux never runs its environment or shell as root (unless its a complete cock-jockey of a sysadmin or inexperienced user running it as root and not another user, or they can't configure sudo properly)

^^ TWW

TheBoy · « **Reply #14 on:** 29 May 2008, 21:35:44 »

Quote

Quote
Quote
Love my LINUX
LOL, same goes, Linux is equally vulnerable. Actually, probably more so, seeing as the kernel is rubbish

The kernel is only as rubbish as the way its compiled One reason I stick with Gentoo and don't bother with genkernel, but go through it all myself, never had an issue!

Altho stuff like Ubu, Redhat and Fedora are built so modular (and bloated to cover many many architectures), they add to themselves in regards to problems and performance hits... Although out of those, Ubu does seem to be patched more often than the others.

The vulnerability though isn't down to kernel level, but purely down to the flash plugin itself. Windows will get patched earlier (as-is), Linux will get patched some other time, but this exploit has mainly taken off since it was used to hack Vista.

http://securitywatch.eweek.com/exploits_and_attacks/vista_hacked_with_adobe_flash_vulnerability.html

Even so, as long as people keep up with various patches and security fixes (regardless of OS), then they should have no issues.

Although I do like the way that it was an Ubu machine which was left standing after 3 days But then again, Linux never runs its environment or shell as root (unless its a complete cock-jockey of a sysadmin or inexperienced user running it as root and not another user, or they can't configure sudo properly)

The design of Linux's kernel has issues, so compilation doesn't really make a difference to security, though does to performance and stability.

Its saving grace is it uses the Unix standard of nobody running as root (unless some dimwit does so as part of an ego trip), downside is *nix's way of all or nothing, so a number of common processes run with superuser rights, esp anyone daft enough to run X

Then added to the fact that Linux kernel tends to struggle at times to keep things running, and vital security processes stop running for no apparent reason, such as IPTABLES. Trust me, losing IPTABLES on a directly internet gigabit connected server results in a very useful zombie for somebody

News:

Author Topic: A small WARNING - Flash player (Read 1663 times)

TheBoy

A small WARNING - Flash player

waspy

Re: A small WARNING - Flash player

Mr Skrunts

Re: A small WARNING - Flash player

rad cap

Re: A small WARNING - Flash player

TheBoy

Re: A small WARNING - Flash player

waspy

Re: A small WARNING - Flash player

TheBoy

Re: A small WARNING - Flash player

Jay w

Re: A small WARNING - Flash player

JiMbOb789

Re: A small WARNING - Flash player

Leomas

Re: A small WARNING - Flash player

TheBoy

Re: A small WARNING - Flash player

TheBoy

Re: A small WARNING - Flash player

PaulW

Re: A small WARNING - Flash player

Albatross

Re: A small WARNING - Flash player

TheBoy

Re: A small WARNING - Flash player