Flash Player Security
As of Friday 11/6/2010 Adobe have released an emergency fix for a flaw in Adobe Flash - This is the tool that a web browser uses to display sound and video.
The release addresses what is known is a zero day security flaw. In other words, unlike most security flaws this was discovered roaming the Internet before any opportunity was given to fix the problem.
It is rather nasty as it permits a computer running old versions of Flash to become part of a botnet.
Upgrade your version of Adobe Flash to 10.1
There are some things not commonly known about the Flash Player that exists on virtually every PC in the world.
Firstly, Flash runs inside a Browser as a plugin which means that although Flash content appears inside the browser (if its not run in full screen mode) it is executing as a program in its own right.
This means that Flash has access to a computer's hardware, disk drives, camera, microphone etc.
Secondly, Flash stores cookies and uses disk caches independently of the Browser in which it runs. Current versions of Flash do not respect Private Browsing sessions, any information stored by Flash during private browsing sessions is not deleted when the private browsing session is completed.
Update 12/6/10 - release 10.1 of Flash claims to recognize private browsing sessions for most modern major browsers - Firefox, IE8, Safari etc.
Worse, these Flash cookies may be massively larger than normal browser cookies and they are never deleted.
More information about Private Browsing in Flash Player
It is possible to turn on a computers camera and microphone from Flash. This isn't a bug or a security exploit its a deliberate feature built into Flash.
It is possible to change Flash's settings either by right clicking on a playing Flash item or by visiting the Settings Manager.
Its well worth a look - it is rather suprising what Flash can get up to on a computer without the users knowlege.
For the Firefox user there is the Better Privacy addon that cleans up Flash Cookies - Flash calls these cookies Local Shared Objects (LSOs).
Also see the Wasted Bandwidth page.
Update 27/06/1010
The latest release of the
Flash Player
fixes some security holes.
Forthcoming Events
Open Door Friday Lunchtimes
Sermons and Talks
Christianity Explored
Christian Youth Fellowship Association
Net Cafe
The Lion Club Parent and Toddler Group
Saturday Footie Group
Vine and Branches Youth Bar and Cafe
Youth Link
Relaxed Art
Useful Contact Points
Dudley Council
Local MP and Councillors
Lye Action Plan
Neighbourhood Policing
Youth Partners and Communities Together (PACT)
Lye and Wollescote Partnership
Dudley South Community Action Group
Stourbridge Food Bank
Weekly Church Services
Contact Us
How to find us
Public Transport
Special Needs and Access
Baptisms Weddings and Funerals
Image Gallery
Church Bells Restoration Project
Past Events - Pictures and Notes
Wasted Bandwidth
Flash Player Security
Odds'n Ends
Genealogy
Church of England
Worcester Diocese
Worcester Diocese Links Page
Bishop of Worcester
RSS Feed
09:35 08/08/2010