New Firefox Plug-In Will Defeat Flash Attacks

Hi,

Some good news. 8)

For years now, Adobe Flash files have been a very useful attack vector for hackers and a serious security problem for end users and IT departments. Now, a German researcher is planning to unveil a new browser plug-in designed to prevent many common types of Flash attacks.

http://threatpost.com/en_us/blogs/new-firefox-plug-will-defeat-flash-attacks-070710

http://blitzableiter.recurity.com/projects/show/blitzableiter

nmb

NoScript will block Flash, though it doesn’t parse the .swf file and try to sanitize the code, create a new swf file before it is run on the user system. Excuse me if I find this unwieldy and likely to slow browsing even further whilst all this extra processing goes on.

For me I find blocking all flash content easier (being on dial-up) and makes page loading faster and I only selectively run certain swf content.

So I think I will pass on this ad-on.

A standalone plugin doesn’t actually exist yet, but NoScript already (optionally) supports blitzableiter sanitizing. Support was added last April 29. From http://noscript.net/

Experimental external filters for plugin content (e.g. Blitzableiter to sanitize Flash applets). It requires Firefox 3.5 and above, and it can be configured from the new NoScript Options|Advanced|External Filters panel. To activate the built-in Blitzableiter support you need to enable filters, download Blitzableiter binaries and tell NoScript where the executable is. Please notice that Blitzableiter is in its early development stages, and it breaks a lot of Flash content.

Like David, I haven’t wanted to use this feature, but it is available for testing already.

this blitzableiter thing can be implemented through NS for many weeks now, and I don’t use it because it breaks a big number of sites with flash and/or slows down the browsing, so that’s a no thanks for me.

Glad to see you noticed it too, Logos. I guess you missed my post 2 1/2 hours before yours, eh? ;D

probably did yeah ::slight_smile: