Justin Guitar Community

Tools of the Trade => Computer & OS => Topic started by: Dan Graves on July 26, 2012, 06:51:49 pm

Title: Flash finally fixed
Post by: Dan Graves on July 26, 2012, 06:51:49 pm
Adobe flash has been updated today, i suggest y'all get to updating yours, they finally fixed most bugs that have been terrorizing users all over, especially the media-related bugs seem to have been ironed out.
Title: Re: Flash finally fixed
Post by: irishalkies on July 28, 2012, 12:52:20 am
About bloody time..... The things been a nightmare for the best part of a month....

Title: Re: Flash finally fixed
Post by: old-and-in-the-way on August 06, 2012, 09:45:21 pm
Adobe flash has been updated today, i suggest y'all get to updating yours, they finally fixed most bugs that have been terrorizing users all over, especially the media-related bugs seem to have been ironed out.

Damn.  I was hoping you meant Adobe had announced Flash's EOL and issued an uninstaller for the world  :-(
Title: Re: Flash finally fixed
Post by: Dan Graves on August 13, 2012, 12:46:04 am
Damn.  I was hoping you meant Adobe had announced Flash's EOL and issued an uninstaller for the world  :-(

Oy vey...
Without flash, i'd have to actually work hard to find security holes in websites.
Then where would i get all that extra cash from ?
(if you answer anything that even remotely resembles Java i'll have to feed you X10's 'till you burst, so think carefully about your answer)
Title: Re: Flash finally fixed
Post by: old-and-in-the-way on August 22, 2012, 11:02:11 pm
Oy vey...
Without flash, i'd have to actually work hard to find security holes in websites.
Then where would i get all that extra cash from ?
(if you answer anything that even remotely resembles Java i'll have to feed you X10's 'till you burst, so think carefully about your answer)

Not java.  Javascript.  The only people who can write secure javascript have more important things to do than make websites.

Perl / Python / Ruby / PHP.  Web developers look at these languages, decide that they are a bit like English, only with more white space and harsher rules about punctuation, and write code that allows you to perform cross site request forgeries by not distinguishing between GET and POST requests for potentially harmful actions.  Then they add a database to the mix, and the closest they get to a prepared statement is when they write:

Code: [Select]
my $sth = $cbh->prepare("select * from $user_supplied_table where $user_supplied_column = '$user_supplied_string'");
$sth->execute;

Misconfigured servers.  Someone wants to have their big business serve pages from multiple sources from what appears to be a single host, so they whack apache with mod_proxy in there.  The trouble is, they do that on all of the servers, so you can proxy hop.  Often they'll want to proxy HTTPS sessions, so the CONNECT verb will be active too, which means you can even proxy SMTP and turn their webserver into an email spam proxy network (this is particularly trivial when there is a corporate www cache that is the same as the inbound proxy, so an attacker can trivially mae outbound connections by directing exactly the right proxy request to some misconfigured server inside the target network).

If you rely on flash being present you will grow fat, lazy and unimaginative in no time at all.  :-P