Why Do So Many Hit The Flash Modules/Calls?

So over the past few months, Iv been monitoring the frequency of apps/software/engines that are commonly exploited. It seems that MOST of those that mean us no good love exploiting FLASH. Its even the backbone of the first large sets of Mac virus’ :-*

Why does this seem to be the most chosen common thing to gain access thru attack?

Is it the number of people that use FLASH for YouTube, Hulu, etc. :-\ ?

Is it like in the ole days when alot of us were unwrapping MS software due to the exxcessive prices they forced on the market 8) , but then again FLASH is free so how could that be :stuck_out_tongue: ?

Is it because the FLASH module is inherently unsecure :-X , and can elevate calls to admin permissions (or is set to this by default for proper functionality) without prompts?

Yes Flash seems at the root of browser insecurity, so best not to install Flash,

polonus

NoScript blocks swfs by default. Thus, infection is prevented.

Do some research on it… its a fact… to bad companies cant get with the times of HTML5 or even the newer WebM codecs.

In a perfect world.

Hi UserA789,

Well there are a lot of sites that do not use Flash and Flash cookies. Do you know there is a lot of ignorance with webmasters to clean up their sites? Well I would not say ignorance only also not being aware of what the dangers are for users that come and visit their infected sites. Flash has been around since 1996 !, and open source Flashplayers somehow never gained some momentum. A lax security policy is not helping Adobe Flash either to overcome the inherent insecurity issues. User education is important in this realm, but there seems not much room for that in recent times. At least here in the forums we try to educate users,

polonus

Platforms are oonstantly being developed,i see no reason to unistall Flash.Don’t forget that viruses will ALWAYS be a step ahead of AV’s :slight_smile: .

Also in the real world…!!

So if this is the case, how did my flash control panel settings get changed to “Allow sites to save information on this computer”? This is what made me think the problem in my other post was fixed. Only after researching changes to my PC did I discover the flash settings had been illictly modified.

Maybe a flash exploit isnt to blame for that… then how could it have been changed without my doing it?

My own theory is that, right after my intial post on “WHATS WRONG WITH THIS PICTURE”; my settings got changed to make it look all good. I dont think they counted on someone so aware of their own system settings… but thats just theory.

I will update said thread and have it closed so no fanning or flaming can be invoved on it any longer.

Why you are again coming back to that issue here then, I say, far fetched speculation and I would not go into theories as I were you , when I cannot make it stick. You always should respond to the question and why should they want to do such a thing in the first place - my grandfather’s what is in for them???. If they had put a flash cookie or a hidden pixel large webbug you could suspect you could have been tracked. Tracking is mostly done for commercial profiling. The results land on the desk of many a business CEO that earns from selling your online profiles to the highest bidder. I block most or opt out with Abine, Do not Track and check on hidden webbugs with a specific user javascript, Blocker or ABP. But a pop up with an overview of your personal scanning statistics used to profile you coming as a hidden threat? Your Kung-fu here is too strong for me, as is your imagination… UserA789 ;D

polonus