<a href="http://www.zdnet.com/blog/bott/how-secure-is-flash-heres-what-adobe-wont-tell-you/2152">www.zdnet.com/blog/bott/how-secure-is-flash-heres-what-adobe-wont-tell-you/2152</a><br><br>There are other web sites such as Symantec's site. Symantec's advice corporate advice:<br>
<br>"In order to reduce the threat of successful exploitation of Web
browsers, administrators should maintain a restrictive policy regarding
which applications are allowed within the organization. […] Browser
security features and add-ons should be employed wherever possible to <strong>disable
JavaScript™, Adobe Flash Player, and other content that may present a
risk to the user</strong> when visiting untrusted sites"<br><br>Simply going to a web site these days is the most common way to get infected, once infected then you lose your credit card details, and Flash is a very weak link no matter which web browser it is run from.<br>
<br>Cheerio John<br><br><br><div class="gmail_quote">On 14 May 2010 18:51, Richard Fairhurst <span dir="ltr"><<a href="mailto:richard@systemed.net">richard@systemed.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
john whelan wrote:<br>
> Yes but a problem with Flash is it is a major security hole.<br>
<br>
My considered opinion on that theory is "bollocks".<br>
<br>
It's a frickin' browser plugin, if the browser is letting it access your<br>
l337 credit card details then the browser probably ought to address its<br>
plugin architecture. Badly written Flash may crash my browser but it has<br>
not yet sent my credit card details to Tajikistan. And even Potlatch<br>
doesn't crash it, so it must have to be _really_ badly written to cause<br>
a problem. ;)<br>
<br>
> It's probably the major source of Malware in Windows<br>
<br>
Yeah. The major source of drowning in the Atlantic Ocean is water. BAN<br>
WATER!!11!11one?@wtflolccbysa<br>
<br>
<br>
Aevar Arnfjorth Bjarmason wrote:<br>
> Making their player open source would be nice. But what's mainly<br>
> stopping players like Gnash is that their protocols are closed<br>
<br>
The SWF and RTMP formats are published. The codecs aren't, but that's<br>
the whole Ogg Theora/H264 argument for HTML5 and Firefox so not at all<br>
exclusive to Flash. And unless your translation code is cleverer than I<br>
thought, they're irrelevant to Potlatch (which is kinda the reason I<br>
posted here).<br>
<br>
The main thing stopping Gnash from supporting AVM2 (and strk can correct<br>
me if I'm wrong) is that it's a whole big lot of work and there's<br>
largely only one developer working on it - even though he's basically a<br>
genius and Potlatch 1 would never have happened without his work on<br>
Ming. If you threw 100 programmers at Gnash for three months then you'd<br>
have an open source (non-audio/video) AVM2 player.<br>
<br>
strk shouldn't have to spend his time rewriting code that Adobe has<br>
already written. Sun made Java open-source. Flash is a direct parallel.<br>
I would encourage people not to get hung up on codecs (because Flash has<br>
already lost the video battle, all video will be HTML5 in two years) and<br>
encourage Adobe to Do The Right Thing, for the benefit of apps like<br>
Potlatch and a million others.<br>
<br>
cheers<br>
Richard<br>
<br>
_______________________________________________<br>
talk mailing list<br>
<a href="mailto:talk@openstreetmap.org">talk@openstreetmap.org</a><br>
<a href="http://lists.openstreetmap.org/listinfo/talk" target="_blank">http://lists.openstreetmap.org/listinfo/talk</a><br>
</blockquote></div><br>