Time to update Adobe Flash if you use it. So if you do, do it now.
Of course, it always feels like time to update Flash. As an internet user, it’s become all of our collective part-time job. It’s a reminded that while the software is free, your time isn’t.
This particular update was necessitated by an event you may have heard about.
“The flaw was disclosed publicly over the weekend after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups,” Brian Krebs explained.
The Hacking Team hack raised interesting questions about government surveillance and helped rattle nerves this week as computer systems kept planes out of the air and shut down the New York Stock Exchange — freak incidents that are completely unrelated, according to disclosures thus far. But it doesn’t take events like this remind us Flash exploits are so common that they’re part of the business model of criminal operations like the Angler exploit kit.
The key to security is always running the latest version of everything. So how do you get yourself out of the business of constantly mitigating Adobe Flash risks? Here are three ways.
1. Quit it.
This is Brian Krebs’ solution. He’s lived without it for more than a month as an experiment. “It is among the most widely used browser plugins, and it requires monthly patching (if not more frequently),” Krebs said. And did he notice life without it? “…not so much.” So instead of updating, you can just get rid of it.
If you’re going to keep it, this is the minimum precaution our Security Advisor Sean Sullivan recommends. This will make sure you’re getting all the updates and will prevent you, hopefully, from being tricked into downloading malware posing as an update. So turn those “background upgrades” on.
If you’re doing number 2, you probably want to do this too. Click-to-play means Flash elements run when you tell them to. Here’s how to do it in all your browsers. Not only does this expose you to fewer risks, it makes the internet less annoying and can make your browser quicker. So why not?
So what did you choose? Let us know in the comments.
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018
The email subject line says “Scanned from Lexmark” and the attached file is “image2017-11-23-9292134.7z". Seems…
November 29, 2017