Sign in / up

back to article Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters

When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Adobe Flash and PDF

    Are utter shit. Remove.

    9 0 Reply
    1. asdf
      Reply Icon

      Re: Adobe Flash and PDF

      Java too for the vast majority while you are at it.

      7 1 Reply
      1. asdf
        Reply Icon

        Re: Adobe Flash and PDF

        Just removing those three pieces of software alone probably makes you nearly immune to a large majority of the malware on the web.

        4 0 Reply
        1. dan1980
          Reply Icon

          Re: Adobe Flash and PDF (& Java)

          "Just removing those three pieces of software alone probably makes you nearly immune to a large majority of the malware on the web."

          It also makes you nearly unable to use many government websites - at least in Australia. Are you an accountant or business owner and need to connect to the ATO? Good luck doing that without Java.

          The unfortunate truth is that there are HEAPS of websites, including 'cloud' services that use these technologies and we won't be rid of these menaces until those sites decide that client security must be their top priority and so rewrite their sites and applications.

          1 0 Reply
    2. P. Lee
      Reply Icon

      Re: Adobe Flash and PDF

      The PDF idea wasn't that bad.

      But then they had to go and try to turn it into a "platform."

      5 0 Reply
  2. Pliny the Whiner

    Eternal vigilance is the price of Adobe Flash

    Is what you're saying. I think. Shirley.

    0 0 Reply
  3. Captain DaFt

    Another scenario:

    The vulnerability was already known to the bad guys, and the software already developed, waiting for a prime time to use it.

    Then when everyone and his dog learned of it via the dump, the attack was speedily deployed or auctioned to someone eager to use it, to get some value out of it before the hole was patched.

    What? You don't think the smarter ones keep a warchest of exploits to use for special cases? We already know the spooks do.

    3 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    We desperately tried to dump it

    That lasted for all of two days when word came down that too much business stuff was broken and we had to put it back. And they were right, too much business stuff was broken.

    You've got website operators playing Captain Kirk on YOUR Enterprise: "Lower the shields Sulu. They'll think we're friendly and won't fire."

    3 0 Reply
    1. JCitizen
      Reply Icon
      Coffee/keyboard

      Re: We desperately tried to dump it

      Yep! Not only did some of our critical websites absolutely require it ( we did try to make and end run - unsuccessfully), but there was always some application some client needed badly that absolutely would not run without it!

      So just having a browser capable of emulating flash, is not enough - this despicable rubbish has to be on the machine for things to work!

      1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like