• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Resources
  • Data Strategy Spotlight
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Resources
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • Data Strategy Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Flash on the rack as Mozilla and Facebook call for end to flawed tool

Mozilla and Facebook criticise software and suggest putting it out to pasture

Adobe Flash Player logo
The future of Flash is being called into question
  • Jason Murdock
  • Jason Murdock
  • @Jason_A_Murdock
  • 14 July 2015
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

The future of Flash appears to be in the balance as heavyweights in the technology world call for its demise.

The latest complaints follow a leak of 400GB of data from Italian security company Hacking Team which revealed that previously unknown flaws in Flash were being used by the firm to infiltrate machines and install its monitoring software.

Adobe has rushed to fix these flaws since they were revealed, issuing two patches in rapid succession.

However, while Adobe has acted promptly, Mozilla has blocked the use of Flash in Firefox, while Facebook chief security officer Alex Stamos has called for Adobe to put Flash out of its misery.

It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.

— Alex Stamos (@alexstamos) July 12, 2015

However, given the widespread use of Flash, how likely is this and what can businesses do to defend against the risks?

Security expert Graham Cluley said that Adobe is unlikely to put an end to Flash. "The problem is that perhaps Adobe doesn’t feel happy acknowledging that securing Flash is beyond them, so is unwilling to drop the product,” he said in a blog post.

However, Cluley added that Adobe should seriously consider ditching Flash.

“The truth is that the company would probably gain a lot more respect from the internet community if it worked towards this ultimate fix for the Flash problem, rather than clinging on to the belief that it might be able to one day make Flash secure,” he said.

“The only people who truly seem to love Adobe Flash these days are the criminals themselves.”

Tim Erlin, director of Security and Risk at Tripwire also noted that it is likely Adobe is probably beholden to contractual issues regarding its support of Flash.
 
“It’s easy for a vendor unencumbered by any of the business requirements of Adobe to call for a blanket end date for Flash, but it’s likely that the situation is more complicated for Adobe," he said.

"It’s entirely possible that they’re contractually obligated to continue supporting Flash for some period of time."

V3 contacted Adobe for its comments on the criticisms and whether it would consider killing off Flash, but had received no reply at the time of publication.

Take matters into your own hands
Adobe may not be willing to end Flash, but Mozilla has shown that it is possible for organisations to deal with the problem themselves.

Sean Sullivan, security advisor at F-Secure, told V3 that companies should consider ditching Flash wherever possible, something F-Secure has been doing for many years, underlining just how long Flash has proved problematic.

"Organisations should consider limiting Flash to browsers from which it can be limited - if they really need it at all. Fortunately, more and more sites are moving towards HTML5 content, reducing the need for Flash. It's something business users should be able to live without for the sake of security," he said.

"I uninstalled the Active X version of Flash about five years ago. I don’t use Internet Explorer all that often, and I don’t want Flash objects in my Excel spreadsheets.

"Chrome currently sandboxes Flash, which is a great feature, and I think Firefox is working towards that as well. The bigger problem out there is Internet Explorer."

Meanwhile, Trend Micro’s vice president of security research, Rik Ferguson, was strident in his criticism of Flash, urging people not to use the software unless absolutely necessary.

“For businesses and those responsible for website development, please consider avoiding Flash content wherever possible. Not only is it a security nightmare, it can be an incredible resource-hog for your users,” he told V3.

“Add to that the limited support for mobile browsers, and Flash looks less attractive than ever.”

Ferguson also said that individuals should remove Flash from any computer if feasible and enable it only when absolutely necessary.

“If you can I would recommend using Google Chrome or Mozilla Firefox as your ‘Flash browser’, as both of these include a ‘click to run’ mode for Flash which will also help to keep you safe from exploits,” he added.

Not just a Flash in the pan
The criticisms of Flash are strong, but Adobe has survived similar assaults on the software. Those with a long memory will recall Steve Jobs voicing his disdain with Flash, labelling it buggy and a resource hog.

"We know from painful experience that letting a third-party layer of software come between the platform and the developer ultimately results in sub-standard apps, and hinders the enhancement and progress of the platform," said Jobs in 2010.

Five years on and Flash still remains a problematic piece of software and one that the security community and technology industry is lining up to bury. Adobe will do well to keep it alive for another five years.

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Operating Systems
  • Adobe
  • Adobe Flash
  • Mozilla
  • Firefox
  • Facebook

V3 Latest

Nintendo sales double and profits balloon by 500 per cent as Shuntaro Furukawa is appointed president
Nintendo sales double and profits balloon by 500 per cent as Shuntaro Furukawa is appointed president

Switch console sold more than 15 million units, while SNES Classic sold more than five million

  • Gadgets
  • 26 April 2018
Gaia mission's second data batch offers "richest star map" of galaxy ever created
Gaia mission's second data batch offers "richest star map" of galaxy ever created

High-precision measurements of nearly 1.7 billion stars made by Gaia space observatory

  • Communications
  • 26 April 2018
Scientists edge closer to understanding how water arrived on planet Earth
Scientists edge closer to understanding how water arrived on planet Earth

Water trapped in asteroids could be the source of the Earth's seas

  • Communications
  • 26 April 2018
Microsoft releases Preview Build 17655 with emphasis on mobile broadband
Microsoft releases Preview Build 17655 with emphasis on mobile broadband

Latest Skip Ahead build focuses on mobile and a number of small fixes

  • Software
  • 26 April 2018
Back to Top

Most read

Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year
AMD Ryzen CPU release dates, specs and price: AMD revenues up 40 per cent on booming Ryzen sales
AMD Ryzen CPU release dates, specs and price: AMD revenues up 40 per cent on booming Ryzen sales
Europol coordinates close down of 'world's biggest' DDoS-for-hire service
Europol coordinates close down of 'world's biggest' DDoS-for-hire service
British security start-up launches lip-sync authentication technology
British security start-up launches lip-sync authentication technology
Dell unveils Precision 5530 2-in-1 mobile workstation with Radeon Pro WX Vega M GL graphics
Dell unveils Precision 5530 2-in-1 mobile workstation with Radeon Pro WX Vega M GL graphics
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017