Expert says Adobe Flash policy is risky

Found on CNet News on Wednesday, 11 November 2009

A lax security policy in Adobe Flash puts visitors to user-generated content sites at risk, says a researcher who has found a technique exploiting the way browsers handle Flash files.

For example, someone could upload what appears to be a picture to a social-networking site but which is actually a Flash file designed to execute malicious code in the browser when the file is opened.

Meanwhile, users should disable Flash completely or use NoScript, a browser plug-in that blocks Flash and Java from untrusted sites, he said.

Using the web without having Flash installed is not as bad as it sounds. Actually, it's pretty nice because that keeps all the annoying Flash ads away; nothing is more irritating than constantly moving ads, especially when they come with sound. In the rare cases where Flash is needed, starting a different browser where it is installed works fine. So no, I will not install Flash in my main browser (or keep Javascript unfiltered for that matter).

Browse all articles« Previous « » Next »