Several new versions of flash every week

Impetus

Adobe is publishing new versions of flash on an extremely regular basis to remove security vulnerabilities. The latest version for Win is 16.0.0.305.

This link will tell you what version(s) of flash you have installed and what is needed.

http://www.adobe.com/software/flash/about/

If you are running internet expolorer, it has to be updated with its own version of flash.

There is no link on the above page to do a simple install if you find you are out of date. Instead you need to go to http://get.adobe.com/flashplayer

If you use the memory hogging, buggy, computer slowing down Chrome browser, no worries on this front - it auto-updates flash.

Be sure to uncheck the boxes to install additional software, unless you really need them

Blowfish

Yeah, at this point I've long given up on Flash and Java and don't have either installed.

TOMP

Blowfish wrote: »

Yeah, at this point I've long given up on Flash and Java and don't have either installed.

What alternatives to Flash and Java are you using?

Blowfish

TOMP wrote: »

What alternatives to Flash and Java are you using?

The majority of larger sites support HTML5 so losing Flash hasn't affected me all that much.

As for Java, I really just don't find I need it for home use.

TOMP

I use Revenue's ROS system and Java is required

Impetus

us

Blowfish wrote: »

Yeah, at this point I've long given up on Flash and Java and don't have either installed.

In my work I have to deal with multiple client online systems over the web, all over the planet. A client decided to use RBS (a British bank), and their corporate online banking system requires Java to be installed. It is a really crappy system from a client interface perspective. But I use the Chrome browser, which allows one to select which sites you visit with Java="on".

I'd expect a bank and similar entities not to use Java or Flash, and to use multi-factor authentication - eg insert a card (eg debit card) into keyboard, log in to keyboard, log into website and enter a (say) 8 a/n character output from the calculator to the website. Any payments to new payees should require similar MFA. And so it goes on.

The Financial Times had an article today had an article from a Lloyds underwriter saying that cyber risk was becoming un-insurable - bigger than their balance sheet. High time people woke up to the risks - be they consumers or businesses.

From ft.com

Cyber risks too big to cover, says Lloyd’s insurer

Alistair Gray, Insurance Correspondent
The Lloyd's Building (also known as The Inside-Out Building) closeup by night

Cyber attacks now present such a danger to global business that governments should step in to cover the risks, the head of the largest Lloyd’s of London insurer has warned.

Speaking a day after yet another large company — Anthem, the US health insurer — disclosed that hackers had breached its systems, Stephen Catlin said cyber security presented the “biggest, most systemic risk” he had come across in his 42-year career in insurance.


“Our balance sheets are not large enough to pay for that,” the founder of Catlin told the Insurance Insider London conference on Thursday, arguing that managing such liabilities was a job for governments.

His comments underscore the reservations that insurers harbour about underwriting cyber security risks, even though some executives say a growing number of electronic incursions presents a big opportunity for the industry to sell more cover.

Several insurers offer cyber policies, which are designed to help companies meet costs including mounting forensic investigations and defending lawsuits if they are attacked. However, the industry puts big restrictions on the cover provided and tends to charge high premiums.

Insurers have been worried about their exposure because cyber risks are hard to model and, as Mr Catlin warned on Thursday, unusually systemic. A vulnerability in widely-used software or internet architecture can bring down systems globally, putting the industry on the hook for simultaneous, multibillion-dollar payouts.

“It’s possible that you can have the same loss happening around the globe,” Mr Catlin explained.

Traditional risks, such as natural catastrophes, are more contained, insurers have pointed out — as earthquakes in Japan do not cause hurricanes in Florida.

Governments have already had to establish state-backed schemes to provide terrorism cover — such as Pool Re in the UK and the Terrorism Risk Insurance programme in the US — because the insurance market was unwilling to do so. But Mr Catlin claimed cyber security presented an even bigger threat than terrorism.

Catlin, which has agreed to be taken over by New York-listed rival XL for £2.5bn, is less active in cyber insurance than other companies. But even those groups that underwrite more cyber cover have expressed their growing anxiety.

“He’s got a valid point,” said Andrew Horton, chief executive of Beazley, a rival Lloyd’s insurer, of Mr Catlin’s comments. “We’re very mindful of the potential aggregation impact. It’s something governments should be putting a lot of thought into.”

Anthem, which provides health cover for almost 40m people, said cyber criminals had stolen personal information about customers and employees, including social security numbers and income details, in a “very sophisticated” attack. It added there was no evidence credit card or medical information had been targeted.

On Thursday, Catlin’s founder also provided more background to the company’s cash-and-stock deal with XL, which ends a three-decade independent run for the UK-listed insurer.

He said his opposite number at XL, Mike McGavick, “nearly fell of a chair” at a cocktail party in Brussels 18 months ago when Mr Catlin indicated he might be willing to do a deal.

Vangel

Flash is possibly the most vulnerability laced piece of ancient software I've seen in long time. Every week there are new exploits. For example a week ago CVE-2015-0313 was found, CVE-2015-0310 not long ago, CVE-2014-0515 too.

Loading a flash website nowadays is asking to be infected with whatever ransomware/banking trojan/RAT you can think of.

Java is not far behind unfortunately.

I'd recommend staying updated with both but disable them for everything until you really need to use them for something such as workplace interfaces etc and never allow them to be ran during your normal day-to-day browsing.