Adobe Releases Emergency Update to Fix Flash Ransomware Exploits

Adobe’s flash plugin has rapidly become extremely unpopular with web users due to its buggy nature and propensity to make browsers hang. As a result, HTML5 is the modern standard for viewing video content or animations which has made Adobe’s flash superfluous. Despite this, Flash can still be used to display adverts or video streams via certain services. The plugin’s reputation is abysmal and various companies including Google have snubbed Flash in recent months. On Thursday, Adobe released an emergency update after researchers discovered an exploit could deliver ransomware to PCs.

The company implored users to install this update as a matter of urgency because ‘drive-by’ attacks were causing havoc. Respected security software maker, Trend Micro warned Adobe about this phenomenon known as ‘Cerber’ in March. This particularly nasty form of ransomware employs a ‘voice tactic’ which reads a ransom note to create a sense of panic. Unfortunately, Adobe’s response wasn’t that swift if the reports regarding Trend Micro’s warnings are correct. This isn’t going to do Flash’s reputation any favours and I can’t see it being used for much longer in consumer applications. The majority of users required Flash to watch YouTube content. Thankfully, this isn’t the case any more and Google automatically sets to plugin to HTML5.

The most important thing to remember from this story is to either uninstall Flash altogether or update to the latest version. Ransomware can be extremely worrying for users who aren’t familiar with how PCs operate and it’s imperative for company’s to stamp out any exploits. I do feel the future of Adobe Flash looks very bleak and I can’t imagine many people are going to miss using it. HTML5 is better for consumers in every possible way and an evolution of better software.

What kind of experience have you encountered using Adobe Flash?

Adobe Issues Patch For Code-Execution Bug

Flash has long been at the heart of a debate over usability and security. The media player has long been used for everything from Youtube to online games, but it has often by problems with even the fixes containing problems. As a result, people are being told to avoid using the tool and instead using HTML 5, seems like we have yet another reason to listen given the latest patch to try to fix a code-execution bug.

By code-execution bug, we mean that it would be possible to execute code remotely, meaning they could quickly perform actions without your knowledge or say. This exploit is a rather large one, enabling a whole host of problems from the get go rather than others with specific purposes or problems.

The zero-day vulnerability was found by Anton Ivanov, a member of Kaspersky Lab, and was credit as such. Kaspersky Lab researchers have been observing the vulnerability and had seen it used in “a very limited number of targeted attacks”.

With so many vulnerabilities, it comes as no surprise that people are trying to steer away from using Flash. We recommend that if you don’t actively use the tool you remove it from your system, something that could only improve your security given flash’s checkered past. If you do use Flash, then we recommend that you update it now and make sure that you keep checking for security patches.

Adobe Creative Cloud Bug Deletes User Data on Mac

A recently published update for the Adobe Creative Cloud graphics service has been pulled by Adobe following reports that the Mac version of the software may delete important user data with no warning.

Backblaze, a data backup service, has been hit hardest by the bug, with their official providing some insight into the issue. Whenever a user signs into the Adobe Creative Cloud service after the update, a script is run that automatically deletes the first folder found in the root directory of the Mac. Due to Backblaze’s reliance on a hidden folder named .bzvol, it has been hit harder than many other software or services, as this required folder is likely to be the first directory in the root.

In an email, Backblaze Marketing Manager Yev Pusin wrote “This caused a lot of our customers to freak out. The reason we saw a huge uptick from our customers is because Backblaze’s .bzvol is higher up the alphabet. We tested it again by creating a hidden file with an ‘.a’ name, and the files inside were removed as well.” A number of Backblaze officials have posted videos of the bug in action online. The only version that seems to be causing the unwanted deletions is 3.5.0.206.

Even those who don’t use the Backblaze service are suffering effects potentially dangerous to their system with the.DocumentRevisions-V100, which is required for Mac autosave and version history to function, being high up alphabetically. Folders with spaces are also at risk, and as a result, the data of users who store important files in them, with OSX sorting said folders to the top entry on the hard drive.

Adobe has already addressed the issue, with an Adobe spokesperson stating “We are aware that some customers have experienced this issue and we are investigating in order to resolve the matter as quickly as possible. We are stopping the distribution of the update until the issue has been resolved.” Anyone who is yet to install the update should refrain from doing so, and those who have should avoid logging in to the service until a fix is published. For those who already have the update have a workaround available, by creating a folder sorted higher alphabetically than any other on the drive. An obvious example would be “.aaaaaa”, but Backblaze has suggested the more amusing “.adobedontdeletemybzvol.”

It is amazing how a bug this major can be allowed to go live without being spotted and there is always the possibility of sabotage with an unscrupulous employee or hacker hiding the script in the code. Until Adobe releases more news on the issue and a fix, we don’t know, but it should certainly make many users a lot more wary of the service.

Oracle is Killing Off Java

Outdated browser plugin Java is finally being pulled, Oracle has announced. Java will be slowly phased out, beginning with a deprecation of the plugin starting with JDK 9. The advent of HTML5 means that buggy and insecure browser plugins, such as Flash and Java, are no longer required, with Google Chrome already suspending use of Java last year. Adobe has made a similar move, rebranding Flash and shifting toward HTML5.

“By late 2015, many browser vendors have either removed or announced timelines for the removal of standards based plugin support, eliminating the ability to embed Flash, Silverlight, Java and other plugin based technologies,” Oracle’s announcement on its blog reads. “With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology.”

“Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release,” the post continues. “Early Access releases of JDK 9 are available for download and testing at http://jdk9.java.net. More background and information about different migration options can be found in this short whitepaper from Oracle.”

Futuremark Releases Major Update for PCMark 8

Futuremark released a new major update to the popular benchmarking application PCMark 8 that accommodates the latest changes in Adobe After Effects and provides better support for NVMe SSDs. This is a major update that will affect scores, which also means that results from this version shouldn’t be compared to older versions of the software. The new version is PCMark 8 v2.6.512 and it is ready now.

While the changes to Adobe After Effects and NVMe support provides better scores thanks to optimizations, the Home, Creative, and Work benchmark scores are not affected and can be compared to previous versions without trouble. Changing the scores dramatically, like it happened in this case, is never something good. But it is something that can be necessary to do at times, seeing how our technology evolves.

“Whenever possible, we avoid making workload changes that affect scores. But occasionally there are post-launch changes in 3rd party applications that affect our tests. Or new technologies appear that we could not have predicted when developing the benchmark.”

The latest version of Adobe After Effects CC no longer supports output to compressed Windows Media Video, which was the format that previously was used for the tests. As a result, Futuremark had to change the test to output to uncompressed AVI format instead. The better NVMe support will provide better scores on those drives in most cases, but the change won’t affect other types of drives.

Change Log

Adobe Applications benchmark

  • Adobe Applications benchmark has been updated to version 2.0. Scores should not be compared with earlier versions.
  • The After Effects test output has been changed to uncompressed AVI format as the latest version of Adobe After Effects CC no longer supports output to compressed Windows Media Video format.
  • Use Compatibility mode to compare scores with historical result data. This also requires an older version of After Effects that supports Windows Media Video.

Storage benchmark

  • The Storage and Expanded Storage benchmarks have been updated to version 2.0. Scores should not be compared with earlier versions.
  • The tests now provide better support for NVMe drives. Scores from NVMe drives will improve in some cases. The faster the drive, the bigger the difference. Other types of drive are unaffected.

Improved

  • General stability and error handling have been improved.
  • SystemInfo module updated to 4.41 for improved hardware compatibility.

Fixed

  • Video Chat test now works even when there is no audio device in the system.
  • Fixed a bug that could cause PCMark 8 to crash when the SystemInfo module failed.
  • Fixed several issues found on non-English language Windows installations.

Professional Edition only

  • Command line now offers temp path selection.
  • XML output now shows battery life in minutes not seconds for more intuitive results.

As always you can find the full information about the entire benchmark application on the official website or download your own version. If you already have the app installed, then it should prompt you with an update notification next time that you run it.

Which Companies Had The Most Security Vulnerabilities In 2015?

Cyber security is a hot topic and the rise of attacks which looks to exploit security flaws within a company’s software is becoming increasingly commonplace within the tech world. CVE Details have thus released its rundown of the most security vulnerabilities in a variety of software products for 2015 and it contains a top five that includes Mac OS X, iOS, Flash, Adobe Air and Air SDK.

Below is an image which details the number of vulnerabilities per software product, as you can see, the reports suggest that Mac OSX had a reported total of 384 vulnerabilities with IOS just slightly behind on 375, Adobe Flash player makes up the top 3 with 314 that have been officially disclosed. There is, however, one or two caveats behind these stats, for example, CVE Details Lists every version of Mac OSX as one entry, while the many multiple editions of Windows are listed separately, this means that while OSX is at the top, if you look down you will see Windows has a higher count of vulnerabilities when you take into account versions from Windows 8.1 all the way back to Vista etc.

The second image of the bar graph also conveys the vulnerabilities of the top 50 products by vendor, as you can see, Microsoft edges out Adobe while Apple is third.

In 2014 the list of the top five were IE browser, Mac OS X, Linux Kernel, Chrome and iOS, it is also worth noting that not every software company has the same policy when it comes to disclosing security vulnerabilities within their software. 

Image courtesy of businesscomputingworld

How Bad Are Adobe Flash Bug Repair Stats?

It’s safe to say Adobe flash did not have the best of years, from crashes, hacks, crashes, vulnerabilities and, yes more crashes, many in the industry doubt whether this will be the year Adobe finally pulls the plug. It seems the ill-fated Flash player is constantly being fixed, but, how often does it need to be patched from the many bugs?

Well, it turns out it’s quite a lot if you take into account official data on the subject, according to the information, “Adobe have repaired Flash Player 2015 a total of 316 Bugs”. This works out at almost 1 bug a day, or to be more precise; Adobe has fixed 1 bug every 1.15 days. Prominent industry figures have been somewhat sarcastic to the point whereby they have suggested Adobe is able to only rest on a “Sunday” before continuing to fix Flash again and again.

To place this into perspective, Adobe fixed 12 bugs in Flash on average per month in 2014, worse still, “the fourth quarter of 2015 saw the repair scale reach up to 113 bugs” Oh, there is more, recently Microsoft found that Flash crashed almost any browser on Windows 10 after conflicting security patches were pushed to users.

The implementation of Flash on many websites is also declining, once it used to be the standard, but stats have shown that in 2010, 28.5% of websites used Flash, today it is less than 10%.

Will Flash make it through 2016?  Not on this evidence.

Add to Anti-Banner

Adobe Renames Flash and Shifts Emphasis to HTML5

Adobe has unveiled its new 2016 Creative Cloud package, bringing with it the end of Flash, but in name only. From now on, Flash – now notorious for its regular security holes and exploits – will be known as Adobe Animate CC, with Adobe making a noticeable shift toward HTLM5.

“For nearly two decades, Flash Professional has been the standard for producing rich animations on the web,” Adobe writes on its announcement blog post. “Because of the emergence of HTML5 and demand for animations that leverage web standards, we completely rewrote the tool over the past few years to incorporate native HTML5 Canvas and WebGL support. To more accurately represent its position as the premier animation tool for the web and beyond, Flash Professional will be renamed Adobe Animate CC, starting with the next release in early 2016.”

While Adobe insists that the newly-branded Animate CC will remain a “first-class citizen” as a content platform, along with Adobe Air, the company is pushing the HTML5 capabilities of its latest iteration.

“Today, over a third of all content created in Flash Professional today uses HTML5,” Adobe adds, “reaching over one billion devices worldwide. It has also been recognized as an HTML5 ad solution that complies with the latest Interactive Advertising Bureau (IAB) standards, and is widely used in the cartoon industry by powerhouse studios like Nickelodeon and Titmouse Inc.”

YouTube has already abandoned Flash in favour of HTLM5 as its default video format, while sites such as Amazon have banned Flash adverts on its sites.

Fully Patched Adobe Flash Hit by New Zero-Day Update

Just as day follows night, and just as UbiSoft thinks up new and amazing game elements to strip away and charge microtransactions for, another zero-day exploit has been discovered for Adobe Flash. But this isn’t any old zero-day exploit, it’s an exploit found in the fully patched version of Flash.

The vulnerability, discovered by Trend Micro yesterday, allows attackers to secretly install malware on computers that carry Flash versions 19.0.0.185 and 19.0.0.207, and possibly earlier versions, too. Attacks exploiting the vulnerability have so far only targeted government agencies, undertaken as part of cyber-espionage initiative Operation Pawn Storm. The researchers from Trend Micro wrote:

In this most recent campaign of Pawn Storm, several Ministries of Foreign Affairs received spear phishing e-mails. These contain links to sites that supposedly contain information about current events, but in reality, these URLs hosted the exploit. In this wave of attacks, the emails were about the following topics:

“Suicide car bomb targets NATO troop convoy Kabul”

“Syrian troops make gains as Putin defends air strikes”

“Israel launches airstrikes on targets in Gaza”

“Russia warns of response to reported US nuke buildup in Turkey, Europe”

“US military reports 75 US-trained rebels return Syria”

It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.

Operation Pawn Storm has hit a number of foreign agencies over the last few months, including politicians and journalists in Russia and iOS devices used by Western governments and news outlets.

Oh, and don’t use Flash.

Thank you Ars Technica for providing us with this information.

Image courtesy of Wikimedia.

The BBC Implements HTML5 to iPlayer

I think we can all say that Adobe Flash Player is very much being knocked to its knees in recent months, from endless, and I do mean endless, vulnerabilities which put countless users at risk to the annoying aspect of running a plug-in which enjoys crashing and breaking functionality on a regular basis. Well, now the BBC has also seen the light and are implementing the HTML 5 web standard language within its BBC iPlayer service.

The move is seen as progress and an update which modernizes the service and security aspect of the site. The BBC state that it is “now confident [it could] achieve the playback quality you’d expect from the BBC without using a third-party plug-in such as Flash player”. Users have also been invited to visit a BBC site where they can set a cookie in their browsers that will allow them to access the HTML5 player when they visit iPlayer in future. However, the Flash version will remain available.

Security analysts have responded positivity to the news but have also confirmed that Adobe Flash still has a role; this has been echoed by security expert Chris Green, who says “The industry has moved on from trying to shoehorn one thing in, whether that is Flash or Microsoft’s Silverlight. It continues to be very effective in delivering rich content into web pages.”  

The BBC is testing the new more improved player on a range of browsers, these include Firefox 41, Safari on iOS 5 and above, Opera 32, Internet Explorer 11 (Good luck with that piece of, let’s say junk, as this is a family site) and Microsoft Edge on Windows 10 (Good luck with that piece of, to be fair I have not as yet tried edge but anything with the words browser and Microsoft in the title concerns me) and Blackberry OS 10.3.1 The BBC added that it was also going to “move away from the BBC Media Player app on Android devices” with users invited to join a limited beta test

HTML 5 is considered the standard in content delivery and the BBC are implementing this with the aim of modernizing the service, it will be interesting to see how it works and also how rapid the decline of Flash will be in the coming months and years. It is worth noting that Flash is used by Amazon and Hulu among others, which is positive for them, it’s just frustrating for consumers who have to put up with a range of exploits which make services insecure.

Thank you bbc for providing us with this information.

Image courtesy of plus.google

Amazon Bans Flash Adverts on Its Own Domains

Amazon has updated the terms of its Technical Guidelines to prohibit any advert on Amazon-branded sites using Adobe’s Flash protocol. The change will commence on the 1st September and Amazon explained their reasoning in an introductory post:

“Beginning September 1, 2015, Amazon no longer accepts Flash ads on Amazon.com, AAP, and various IAB standard placements across owned and operated domains.”

“This is driven by recent browser setting updates from Google Chrome, and existing browser settings from Mozilla Firefox and Apple Safari, that limits Flash content displayed on web pages.”

“This change ensures customers continue to have a positive, consistent experience across Amazon and its affiliates, and that ads displayed across the site function properly for optimal performance.”

This is a clear message from one of the leading online giants to universally drop Flash support across web pages, browsers and other applications. Flash can cause a myriad of stability issues and HTML5 has proven to be a far superior replacement. Amazon clearly feels the conflict between browser settings and Flash content is creating a sub-par shopping experience and could deter users from purchasing on the Amazon store. Frustratingly, Chrome embeds Flash by default but you can download Chromium or Firefox as an alternative.

Thankfully, it seems the Flash is now on the target radar of influential web companies and could become obsolete in the near future.

Have you ever experienced any issues with Adobe Flash?

Google Changes how Flash Ads Work in Chrome

Despite helping pay for web content, auto-playing Flash ads have become the bane of internet users. While third party plugins have long offered the ability to control Flash elements, Google is now baking in the ability to pause auto-playing Flash ads right into Chrome. Starting with the latest Chrome Beta build, pausing non-central plugin elements will become the default setting. Pausing auto-play ads is one thing but Chrome being able to determine which Flash elements are ads and which ones are the content makes the feature so much more useful.

In their blog post announcing the new feature, Google states that the main purpose of adding this ability into Chome is to help improve battery life. By reducing the number of flash elements being played, the processor has a lower workload, reducing power consumption and improving battery life. Flash has long been notorious for consuming processor cycles and being a performance hog so disabling unnecessary elements is sure to help not only battery life but those on older machines.

It’s important to note that it’s not clear how Chrome will determine which elements need to be paused. The feature also isn’t meant to block ads necessarily as a Flash ad that plays in the main video frame before the real video likely won’t be blocked. HTML 5 playable ads and other ads also won’t be blocked so this feature won’t be a replacement for ad-blockers. Nethertheless it’s interesting to see an advertising firm pushing out features that could reduce their ad revenue.

Firefox Users Can Now Stream Netflix Without a Plugin

Firefox users will no longer be required to download the Microsoft Silverlight plugin if they are wanting to watch Netflix through their browsers. The newest version of Firefox integrates Adobe Content Decryption Module (CDM), which is needed to stream from Netflix on HTML 5.

For a long time now Mozilla has been anti-DRM due to their open-source philosophy, but it seems now they are bending to the demand of users by including the Adobe Content Decryption Module. They haven’t forgotten their roots though as they also have a non-CDM version of Firefox that users can download if they don’t want any additional DRM in their browsers. This may help Firefox gain some users since there are so many who currently stream Netflix through their browsers. It seems like they are wanting to capitalize on part of that user base that wants to move away from Chrome or another browser. There are millions of Netflix users around the world with more customers joining every day so even gaining a small percentage would help grow the Firefox user base.

Now the only problem for users with Netflix is what to watch and how long they will have to wait for the second season of Daredevil to drop so they can binge watch it in one sitting.

Thank you Engadget for providing us with this information.

Adobe Revealed Some of its Features Coming in the Next Premiere Pro Update

Adobe has announced a few of its upcoming product updates ahead of NAB video conference, which include an animation tool, a new mobile app and some updates to Premiere Pro.

There seems to be a new colour correction panel in Premiere, called Lumetri Color, that looks and works exactly like the correction tools in Lightroom, giving users the ability to save highlights and shadows, tint and saturate colours, sharpen and brighten photos and much more.

The new Lumetri Color is said not to replace the dedicated colouring tools or other addons such as Magic Bullet Looks. Instead, it aims to make a more user-friendly approach towards new users and have it more accessible and user-intuitive compared to the current colouring tools.

Adobe is said to also be working on an iPhone app named Project Candy, with which a user can take a photo and analyse its colour make-up and apply that to a photo or video just like a filter. The app’s filters are also said to work in After Effects and the mobile app Premiere Clip.

Another feature that is said to increase or decrease the length of a project by 10% is named Time Tuner, a feature that helps automate what some TV networks have been doing with reruns.

In addition to the latter, the preview release of Character Animator is said to be present in the new Premiere Pro, a tool used to easily animate cartoon characters by quickly analysing character art imported from various sources and then animate it based on what the app sees an actor doing over a webcam.

Adobe also announced some updates for After Effects, Audition, SpeedGrade and many others which will come with the latest update. The company is said to release the new update in late spring or early summer.

Thank you The Verge for providing us with this informaiton

Google to Automatically Convert Flash Ads in HTML5

Flash is dead. Long live HTML5. Adobe’s Flash player is notoriously buggy and vulnerable to malware attacks, a fact that is slowly scaring off websites, developers, and users in equal measure. YouTube has already ditched the software in favour of the new standard language HTML5, and now Google will be converting flash adverts in to HTML5 automatically.

Commercials uploaded through AdWords, AdWords Editor, and some other third-party tools will be automatically ported to HTML5. Not all ads can be converted, though most new advertising campaigns should be affected.

The move is designed to help deliver ad content to mobile systems, especially devices running Google’s Android operating system, which has not supported Flash since its Ice Cream Sandwich iteration.

Source: The Next Web

Adobe Celebrates 25 Years of Photoshop With Spectacular Ad

It’s been 25 years since a little Mac application was first released that allowed you to edit photos. Yes, 25 years since Adobe Photoshop was born as a slightly more advanced version of your standard Paint application. However, across that 25 years, the word Photoshop has become a synonym for editing images on a computer and enabled millions of creative minds to come up with some of the most spectacular pieces of digital art we’ve ever seen. That and it has allowed countless photographers to make models look thinner.

To celebrate this, Adobe has come up with a spectacular TV ad to be shown during The Oscars this weekend, that goes someway to show what can be done with Photoshop. It covers many famous pieces of graphic design that were made possible by Adobe’s app, including famous ads, artworks and animated films including Shrek.

Watch it below, and I think you’ll agree that it’s probably the best way to celebrate the past 25 years.

Source: The Verge

Apple Forcing Users to Upgrade Flash

In Apple’s latest hit against Adobe Flash, the most recent update to OS X is now forcing users to upgrade to new versions of Flash by blocking any web content that uses it.

Now when a user of OS X Yosemite with an out of date Flash plugin tries to run any Flash content, they receive this message –

Apple has had a tirade against Adobe Flash for many years, first with its decision to not include Flash on the iPhone and later and perhaps more importantly, the iPad – a decision that initially proved somewhat unpopular. Steve Jobs himself had a personal hatred towards the plugin, writing an angry open letter in 2010 titled ‘Thoughts on Flash’.

“Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash. We have been working with Adobe to fix these problems, but they have persisted for several years now. We don’t want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash.” – Steve Jobs

Source: MacRumors

Yet Another Zero-Day Vulnerability Found In Adobe Flash

Adobe Flash is quickly becoming a liability.

Another zero-day vulnerability (CVE-2015-0313) has been found in Adobe Flash Player, the third such problem this year. This time, Adobe itself has drawn attention to the issue, warning that the CVE-2015-0313 security flaw can be taken advantage of using the Angler Exploit kit, a favourite amongst hackers.

The Adobe website post reads:

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. 

Adobe expects to release an update for Flash Player during the week of February 2.  For more information on updating Flash Player please refer to this post

Adobe considers the risk of this issue as critical. It is advisable for anyone concerned about the vulnerability to disable Flash Player within their chosen browser, at least until Adobe releases a patch for it.

Source: GreatSoftLine

Adobe is Suing Clothing Chain Forever 21 for Pirating Software

That’s not a headline you see everyday – Adobe is leading a suit against US clothing chain Forever 21, in which they allege that the chain repeatedly pirated a number of Adobe software applications, including Photoshop and Illustrator. The company is joined in the suit by AutoDesk and Corel, who claim that the company also pirated its software too.

The suit says that the company pirated 63 different instances of Adobe software and that they “continued their infringing activities even after being contacted by Adobe regarding the infringement.” Although we don’t know exactly how much money they want, the suit wants an injunction to be issued as well as the issue of compensation for any profits missed out on as a result of the piracy, as well as court costs and any additional damages that can be justified.

While individuals often get away with piracy, it seems that Adobe and others want to make it clear to corporations that piracy is indeed serious and that such a large business should know better.

Source: The Verge

YouTube Now Uses HTML5 by Default in-Browser

Five years after starting support for the HTML5 standard, YouTube has dropped Flash Player to use the HTML5 <video> format as its default player in-browser. According to YouTube, the five-year wait was to allow once-experimental HTML5 time to mature. The HTML5 standard is now widely adopted by the best of the web – even Smart TVs are using it – and it allows live broadcast support an improved widescreen aspect view and more.

This could summon the death knell for Adobe’s Flash Player. With the notoriously buggy Flash still reporting vulnerabilities, how long does the player have left?

Source: Engadget

Zero-Day Vulnerability in Adobe Flash Player Reported

An independent security researcher, known as Kafeine, has discovered a zero-day vulnerability in Flash Player, a week after Adobe issued a patch to fix nine vulnerabilities within the multimedia software.

Kafeine warns that the zero-day flaw has already been incorporated into the Angler EK exploit, a notorious malware attack kit.

Disabling Flash player for some days might be a good idea,”Kafeine then advises in a blog post.

Angler EK can give hackers access to your PC, allowing them to install Trojans, keystroke loggers, and other malware on to your system.

Security software provider Malwarebytes considers Angler EK to be one of the most widely-used malware packages, and acknowledges that Flash’s history of vulnerabilities makes it a popular target. “Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin,” Jérôme Segura, senior security researcher at Malwarebytes, said.

Until this latest vulnerability is patched by Adobe, it might be prudent to follow Kafeine’s advice and disable Flash for the time being.

Source: Computing

Apple and Google in $415 Million Lawsuit Settlement

After 60,000 employees of Google, Apple, Intel, and Adobe filed a class action lawsuit against the companies – alleging that they had agreed a no-poaching agreement between them, blocking potential employment opportunities –years ago, the four tech giants have offered to settle for $415 million.

Last year, the companies offered a lower settlement of £324.5 million which was rejected by Judge Lucy Koh, as she believed the plaintiffs we deserving of a higher figure. The original suit was seeking $3 billion.

Despite offering a new settlement, at least one of the accused businesses pleads innocence. In an interview with Cnet, and Intel spokesperson said, “We deny the allegations contained in the suit and we deny that we violated any laws or that we have any obligation to the plaintiff. We elected to settle the matter in order to avoid the risk, burdens and uncertainty of ongoing litigation.”

Source: KitGuru

Photoshop Now Works in Chrome – Not Available Yet

Adobe has revealed the results of its efforts with Google to get Adobe Photoshop working in the Chrome browser.

They say that the version they have now is effectively a full-fledged version of Photoshop being streamed remotely to the browser. Javascript sends the user’s commands back to the virtual machine running the software.

According to The Verge, you can do everything you would practically be able to do in a local copy of Photoshop, only with one omission – Photoshop’s 3D features which require a GPU.

The obvious obstacles Adobe has to circumvent are to do with latency, something that is dependent on both Adobe’s server infrastructure and individual user’s internet connections.

Subsequently there’s no word on a public release date yet, but Adobe is launching a limited trial for educational institutions that wish to take part, in an attempt to solve any issues people may encounter.

Source: The Verge

Adobe Collecting Mass Amounts of User Data from eBook Software!

In a digital world that is (rightly) obsessed with online security and privacy, Adobe seem have have taken the risky and rather silly move of spying on users of their Adobe Digital Editions (V.4) software. Reports have been surfacing that Adobe are tracking vast amounts of detailed information on user habits that seems to go above general user statistics or analytics.

According to Nate Hoffelder of The Digital Reader, Adobe’s DRM for their latest Epub app is tracking information and uploading it to the Adobe servers, a suspicion that was later confirmed by Benjamin Daniel Mussler, the same security researcher who found the security hole on Amazon.com.

Abode are tracking data on which eBooks have been opened, which pages you’ve been reading, the order of those pages, the title, publisher and metadata, all of which is all being sent to Adobe’s server; to make matters even worse, this data is being sent in clear text, meaning that anyone running a server in between could also easily access the data.

It’s also reported that the software is collecting information on eBooks used in Calibre and any other eBooks that are stored on user hard drives, which tells us that the software is scanning hard drives and other user files. The Digital Reader provided two examples of the data that is being tracked, which you can view here and here. The data was collected by an app called Wireshark and was sending it to 192.150.16.235, one of Adobe’s IP addresses.

This is a stupid mistake on Adobe’s part and one that users should be more informed of; Adobe have failed to respond to these claims so far, but we expect we’ll be hearing an official statement very soon to reflect some kind of update to stop the monitoring or give a very good reason for it (unlikely).

Thank you Digital Reader for providing us with this information.

Image courtesy of WavingCat.

Is Your Potato Chips Bag Spying on You?

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analysing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminium foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.

“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.”

Joining Davis on the Siggraph paper are Frédo Durand and Bill Freeman, both MIT professors of computer science and engineering; Neal Wadhwa, a graduate student in Freeman’s group; Michael Rubinstein of Microsoft Research, who did his PhD with Freeman; and Gautham Mysore of Adobe Research.

[youtube]http://youtu.be/FKXOucXB4a8[/youtube]

Reconstructing audio from video requires that the frequency of the video samples, the number of frames of video captured per second, be higher than the frequency of the audio signal. In some of their experiments, the researchers used a high-speed camera that captured 2,000 to 6,000 frames per second. That’s much faster than the 60 frames per second possible with some smartphones, but well below the frame rates of the best commercial high-speed cameras, which can top 100,000 frames per second.

In other experiments, however, they used an ordinary digital camera. Because of a quirk in the design of most cameras’ sensors, the researchers were able to infer information about high-frequency vibrations even from video recorded at a standard 60 frames per second. While this audio reconstruction wasn’t as faithful as that with the high-speed camera, it may still be good enough to identify the gender of a speaker in a room; the number of speakers; and even, given accurate enough information about the acoustic properties of speakers’ voices, their identities.

The researchers’ technique has obvious applications in law enforcement and forensics, but Davis is more enthusiastic about the possibility of what he describes as a “new kind of imaging.”

“We’re recovering sounds from objects,” he says. “That gives us a lot of information about the sound that’s going on around the object, but it also gives us a lot of information about the object itself, because different objects are going to respond to sound in different ways.”

In ongoing work, the researchers have begun trying to determine material and structural properties of objects from their visible response to short bursts of sound. In the experiments reported in the Siggraph paper, the researchers also measured the mechanical properties of the objects they were filming and determined that the motions they were measuring were about a tenth of micrometer. That corresponds to five thousandths of a pixel in a close-up image, but from the change of a single pixel’s colour value over time, it’s possible to infer motions smaller than a pixel.

“This is new and refreshing. It’s the kind of stuff that no other group would do right now,” says Alexei Efros, an associate professor of electrical engineering and computer science at the University of California at Berkeley. “We’re scientists, and sometimes we watch these movies, like James Bond, and we think, ‘This is Hollywood theatrics. It’s not possible to do that. This is ridiculous.’ And suddenly, there you have it. This is totally out of some Hollywood thriller. You know that the killer has admitted his guilt because there’s surveillance footage of his potato chip bag vibrating.”

The results are certainly impressive and a little scary. In one example shown in a compilation video, a bag of chips is filmed from 15 feet away, through sound-proof glass. The reconstructed audio of someone reciting “Mary Had a Little Lamb” in the same room as the chips isn’t crystal clear. But the words being said are possible to decipher.

Thank you NakedSecurity for providing us with this information.

Image and video courtesy of MIT.

Adobe Released Critical Flash Update for Windows and Mac

On Tuesday, Adobe released a critical update for their Flash player. This patch is designed to mend a security flaw which may enable hackers to gain access to your computer through popular websites such as eBay, Tumblr, Twitter and Instagram.

This update (Version 14.0.0.145) has been pushed to Windows, Mac and Linux operating systems and as according to the security blogger Michele Spagnuolo, the patched flaw may have let hackers steal cookies that authenticate users on thousands of websites.

Adobe’s security bulletin read:

“These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.”

Spagnuolo also commented that many of the targeted websites have worked to fix the error from their side of the fence, alongside Adobe fixing their issues.

For those of you with Google Chrome or Microsoft Internet Explorer on Windows 8, you will receive this update automatically. If you wish to update your version manually, you can do so by the Adobe Flash Player Download Centre. Adobe has also issued the highest level of threat rating to this flaw and advised all users to promptly update their versions.

Microsoft are working on security issues of their own, as cnet has pointed out:

“Microsoft also issued several critical security updates on Tuesday, which patch 29 vulnerabilities in Windows and Internet Explorer.”

We haven’t seen any reports of this security flaw being used to full effect yet, but I’m sure we will report when or if it happens.

Image courtesy of Tech Audible

Spotify Database Attacked – Users Are Being Urged To Change Passwords

Over the last week or so we’ve been inundated with news stories regarding cyber attacks, where users personal data has been accessed in an unauthorised manner, the most significant of these being the eBay attack which was only announced two months after the attack happened. It seems though that not everyone is getting the message to ensure that their security barriers are in place as Spotify are urging some of their 40 million strong user base to change their passwords following an attack on their databases which was discovered last week.

In addition to changing their passwords, users of the Spotify app on Google’s Android platform are being asked to upgrade their app, where a new and updated version of the app is downloaded and installed separately to the existing installation, which is then to be deleted afterwards.

To date there is only evidence of a single user being affected – of whom has been contacted directly by Spotify to notify them, although they are keen to express that no payment or password information from this users account was compromised.

Spotify’s Chief Technology Officer, Oskar Stal spoke in a blog post about the attack “”We have taken steps to strengthen our security systems in general and help protect you and your data – and we will continue to do so. We will be taking further actions in the coming days to increase security for our users.”

With this being the third attack of similar nature to the eBay and Adobe attacks which have also been discovered recently, hopefully a number of other high-profile sites will get the idea that security is a serious issue and any flaws need to be discovered in-house and repaired before the attackers find them. Since the announcement of Sony’s PSN attacks last year, the security of user’s personal information across the internet has been in the spotlight and we are no asking not when, but who will be next?

Source: Sunday Morning Herald