Monday, April 28, 2014

Flash Fry

So, as happens every few months, another major vulnerability has been discovered in Adobe Flash:
New Flash flaw could let attackers control Macs, Adobe urges users to update
Adobe on Monday disclosed a new vulnerability in its Flash platform that may allow attackers to remotely take over and control Macs, PCs, and Linux machines and advised users to update their system as quickly as possible. 
This problem was previously thought just to impact IE on Windows, but was proven yesterday to impact all common platforms and browsers.

The most important thing to do, is update your flash right now (and for Chrome users, update your browser as well... it should auto update, but some Mac and Linux users are having problems with autoupdate right now).

If you are unable to update Flash, you need to block or disable it (uninstall it, block it in your browser settings, block it with a plugin or security software etc...). This WILL break a lot of web sites, so be prepared.

Updating though, isn't enough.

Flash... or really any active web content for that matter... has so many major security issues, which you expose to the world every time you visit any web page, or access any open network... that you absolutely must take additional precautions.

Don't just update your flash, use less stupid browsers (chrome and firefox both do just fine for the most part). Never use internet explorer for anything unless you are absolutely required to; and then only use it for the absolute minimum required.

If you are required to use I.E. for work, or a specific site or application, ONLY use it for those things. Use another browser for everything else. Heck, that can be a good security or organization practice anyway, just to avoid mixing data accidentally (like saved passwords or form fill data).

That's step one... or I guess step one and two, counting a browser switch (though I would hope that after the last few years, and the number of times I've warned about it, very few of my readers are using I.E.).

Step three, once you are using a decent browser, you need to use a script blocker, an ad blocker, and a flash blocker. These stop active web content from running on your computer without your permission.

All are available as free plugins, and they only take one button push to install from the builtin plugin search in your browser.

The great thing is, in addition to improving security, they just reduce the general annoyance, stupidity, and irritation of the internet.

For example, they prevent auto-loading auto playing flash video and music, prevent most pop-up and banner ads, prevent some useless and stupid social media overlays... Hell, they even make your computer faster, because all that crap takes up bandwidth, CPU, and memory.

Browsing with ads, scripts, and flash blocked, makes living with the internet better in every way.

For those few sites where blocking tools breaks stuff, all the tools have a little button to pause themselves. If you're going to go to that site a lot, they all have an option to not run whenever you visit that site... Just remember if you manually paused the tool, to manually unpause it before you move on to another site.

It doesn't take a tech wiz to do it... it's no harder than clicking a link in a browser.