July 23, 2015
If some of the world’s worst online security flaws are held by one company, and that company’s secrets are stolen, what could be worse? This is what happened this month to the ironically named, controversial company, Hacking Team.
Hacking Team specialises in discovering (and buying from hackers) information on security flaws, keeping them secret, then selling intrusion and surveillance capable software to governments and law enforcement agencies built upon these secrets. Sound scary? Well things just got scarier as recently 400GB worth of those secrets have been stolen and published online by hackers, the bad kind of hackers.
Within the data, it’s been discovered that at least three major security flaws relating to Adobe Flash are present, even the latest version. To make things worse, these flaws have been labelled as ‘Zero Day Vulnerabilities’, meaning they’re so severe it should be considered impossible to find a solution in time for a hacker to exploit it. This was confirmed when hacking kits that were available online included techniques designed to exploit those flaws, hours after they were leaked.
At least two major tech giants, Facebook and Mozilla (Firefox) have since come out swinging to defend their users against this intrusion. ‘Security flaws’ and ‘Flash’ have been used in the same sentence since the 90s, but this month it’s reached boiling point as Firefox have blocked every version of Flash and now requires the user to opt in for the ability to view Flash content by accepting the risk they are putting themselves in.
Firefox’s security measure has a widespread crippling effect on Flash based websites, advertisement banners, online games throughout Facebook, a wide range of video players online to name few. Facebook has also come to Firefox’s defence as their head of security, Alex Stamos, tweeted last week.
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
— Alex Stamos (@alexstamos) July 12, 2015
What does this mean for everyone’s Flash based content online? It means you really do need to replace your Flash content for real this time. Luckily, this is only speeding up a much welcomed (and previously established) movement in the web development world as developers replace Flash with the much safer and modern HTML5 alternative. The momentum of this movement has gathered a lot of ground since Steve Jobs famously banned Flash from Apple devices, stating it’s performance and battery requirements were unacceptable for use on the iPhone or the iPad. Now there is another major reason to finally set a kill date for Flash support and look towards more modern technology.
– Kyle Wetton, Senior Web Designer
Looks like you're viewing this website on an outdated browser, this website does not support this browser. Consider updating your Internet Explorer or better yet, using a fancy modern browser like Firefox, or Chrome.