Pages

Sunday, January 28, 2018

Flash's end of life: How should security teams prepare?

Whether you're a fan of Adobe Flash or not, it has been a building block for interactive content on the web, and we must acknowledge what it has accomplished before talking about its eventual removal from the internet. These plug-ins helped usher in a new age of web browsing and, at the same time, were targets for vulnerabilities and exploits within browsers.

As HTML5 becomes more popular, even now becoming close to a standard, use of the once-popular Flash is diminishing. Using HTML5 enables a more secure and efficient browsing experience that works across both mobile and desktop platforms.

Adobe is aware that, even though Flash is steadily declining, there are still many sites that rely on their technology to function; therefore, Adobe has given a timeframe of 2020 before Flash's end of life. The company knew it needed to give clients who are currently using its software the proper lead time to migrate toward other software to run their applications before pulling the plug.

Adobe itself has encouraged those using Flash to migrate any existing Flash content to new open formats. During this time, Adobe has mentioned that it will stop updating and distributing Flash, but will continue to support it through regular security patches, features and capabilities. Hearing this, I get the feeling that they'll be keeping Flash on life support for a while, before they completely pull the plug on the project altogether.

In order to not be caught off guard when Flash's end of life is official, security teams should be aware of which applications in their organization are currently using Flash, and then create migration paths to have them updated to HTML5 or other open standards. Even if there might be small portions of support after 2020, you never want to be running end-of-life code, especially code that has historically had security vulnerabilities.

Also, security teams should take notice of which desktops are currently using the Flash plug-in and attempt to have it removed around this time. Since Flash acceptance has declined, and will continue to take a nose-dive after this news, there should be less need for the Flash plug-in moving forward.

You should prepare for Flash's end of life by taking stock of your systems; remove the plug-in for systems that may connect to sites that haven't migrated away from Flash yet. By following the school of thought of least privilege and having only software that's needed installed, the attack surface becomes limited.

Eventually, Flash won't be supported, and if bugs are found within the software, then attackers could utilize them for phishing attacks by supporting sites that are designed to use Flash and haven't migrated away. If you don't need it, don't install it.

Read the rest of my article here: http://searchsecurity.techtarget.com/answer/Flashs-end-of-life-How-should-security-teams-prepare

13 comments:

  1. The information security landscape has changed dramatically in recent years. While the network hacker continues to pose a threat, regulatory compliance has shifted the focus to internal threats. 토토사이트

    ReplyDelete
  2. Security for these semi-rural areas is a growing concern. Trespassing, theft and burglary are major concerns for rural property owners and residents as sometimes crooks view these rural isolated areas as easy marks security companies

    ReplyDelete
  3. Nice post. I learn something more challenging on different blogs everyday. It will always be stimulating to read content from other writers and practice a little something from their store just like Earth day Poems for the kids . I'd prefer to use some with the content on my blog whether you don't mind. Thanks for sharing.

    ReplyDelete
  4. Functions of such agency are unlimited and depend upon the field of security deployment. While choosing a security services in Thiruvanmiyur agency.

    ReplyDelete
  5. By looking after one 'store' rather than a few, copy stock expenses are dispensed with. privacidadenlared.es

    ReplyDelete
  6. The article was up to the point and described the information very effectively. Thanks to blog author for wonderful and informative post.
    Security Solution firm

    ReplyDelete
  7. You are a very persuasive writer. I can see this in your article. Nice Post. You have a way of writing compelling information that sparks much interest.

    ReplyDelete
  8. This is a informative post. Post that is trustworthy, informative, and local will be, The good news is that once you stop posting such clickbait stories. My social platforms are given below. Please follow us.
    creativemarket
    riverdavesplace
    inprnt

    ReplyDelete
  9. Thank you for give us great and informative post. That is very useful for us i think that post Read lots of people so brand your self that click that link

    ReplyDelete

  10. شركة غسيل خزانات بالمدينة المنورة شركة غسيل خزانات بالمدينة المنورة
    افضل شركة تنظيف منازل بالمدينة المنورة شركة تنظيف منازل بالمدينة المنورة

    ReplyDelete
  11. Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. buy facebook 5 star reviews

    ReplyDelete