[LINK] RFI: Intrusive Internet Mechanisms

Rick Welykochy rick at praxis.com.au
Wed Dec 1 17:38:47 AEDT 2010


Thanks for the well thought out advice, Karl. I'm thinking about
"sandboxing" my browser.

Karl Auer wrote:

> If you use Flash, you should also set the permissions on the Macromedia
> home directory to forbid writing. I don't know how you would do that in
> Windows, but in Linux it's
>
>     sudo chown root:root /your/home/directory/.macromedia
>     sudo chmod go-rwx /your/home/directory/.macromedia

Flash is indeed a scary one. Heavens knows what it gets up to. The latest OS X
security update from Apple kinda says it all. Note that each CVE number below
is a different vulnerability, most likely discovered and fixed since the prior
Apple update some FIVE months ago (!)

http://support.apple.com/kb/HT4435

   "Flash Player plug-in

    CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297,
    CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
    CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
    CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
    CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180,
    CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,
    CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213,
    CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636,
    CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642,
    CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,
    CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654,
    CVE-2010-3976

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6
    through v10.6.4, Mac OS X Server v10.6 through v10.6.4

    Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

    Description: Multiple issues exist in the Adobe Flash Player plug-in, the most
    serious of which may lead to arbitrary code execution. The issues are addressed
    by updating the Flash Player plug-in to version 10.1.102.64. Further information
    is available via the Adobe web site at http://www.adobe.com/support/security/"


The need for Flash will lessen with the adoption of HTML5. Although
said adoption will give rise to other privacy issues, as discussed
on this list.


cheers
rickw


-- 
_________________________________
Rick Welykochy || Praxis Services

aibohphobia  -  the fear of palindromes



More information about the Link mailing list