And…. There has been another breach of a “cloud” service. Well, sort of. Adobe’s connectusers.com forum was broken into on Monday. The hack was allegedly performed by Egyptian hacker ViruS_HimA. The Forum was shut down on Tuesday night in response to the attack. Although at this time Adobe is still claiming that nothing beyond the customer forum was breached there is always the potential that other services were affected by the attack. The culprit in this case turns out to be bad password protection.
If it's we are to believe the chiefs of Conde Nast International, publishers have little to fear from the future provided they embrace tablets as the medium for the issue of their magazines. In the last few years, mainly thanks to the Web and the Internet in general, circulation of newspapers and magazines, especially those non-specialized and designed for the general population, is decreasing.
On Friday Microsoft released an update for Flash on Windows 8 to protect their users from hacker attacks that could’ve started long ago since the bugs were here for quite some time. As it was stated about a week ago, Microsoft decided to take care of this bug and provided a patch for it Firday. Even though Flash Player is a product of Adobe, the whole work had to be done by Microsoft because they copied Google's Chrome and implemented Flash Player into their browser, Internet Explorer 10. They announced the implementation in May, saying “By updating Flash through Windows Update, like IE, we make security more convenient for customers.”
In only a few weeks Microsoft could find themselves in something of a bind as they appear to have forgotten quite a bit about security while trying to make sure that their new OS can work with their cloud services. Since the release of the “build” version of Windows 8 we have been picking through the way that it operates and how its system function. We have found more than a few items of concern; some of which have finally been fixed, others have not. One of our primary concerns is the semi-walled garden that Microsoft is putting Merto/Modern apps into in order to prevent the side loading of apps that are not from the Microsoft Store, but which also prevents proper malware protection from working.
As of today, Adobe's Flash is officially removed from Google Play. They announced last November “we are focusing our work with Flash on PC browsing and mobile apps packaged with Adobe AIR, and will be discontinuing our development of the Flash Player for mobile browsers.“ Android 4.1 wont have any certified implementations of Flash Player. Adobe will use configuration settings in the Google Play Store to limit continued access to Flash Player updates to only those devices that already have Flash Player installed.
It looks like there is another security flaw in Flash. The often beleaguered web animation/video player has been the vector of attack for more than one piece of malware in the last few years. Adobe has been working hard to keep up with all of the reported security issued with the browser plug-in as well as to find ones that have not been reported.
A report from ZDNet appears to be showing that Adobe might be dropping future efforts for their Flash Player in the mobile world. While there are probably more reasons for this than we will ever find out, the one that seems to be getting pushed is that Adobe is giving up on a losing battle. One site that offered this news to its readers even stated that Adobe Flash for mobile had only reached a fraction of the market. Well this is true as ½ is a fraction.
The original push to bring Flash to the mobile market was something of a pride thing between Adobe and Steve Jobs. At the same time we also saw Adobe working on hardware acceleration for some of their other plug-ins like Air and Edge. The thing is that as browsers both mobile and desktop move forward they are discovering (well they really always knew) that plug-ins are gigantic security holes, this is true for ANY plug-in not just Flash. If you follow security in the PC and mobile world at all you will find that this is very true and you will also see that browsers like IE, FireFox, Chrome and Safari are becoming les plug-in friendly. In fact FireFox 8 and the mobile FireFox have kicked out even more plug-ins than before.
This is Adobe’s motivation; they know that in the very near future they are going to have a very hard time getting their Flash plug-in to work at all. So they are kicking their work into CSS and HTML5 into high gear (something they should have done before). You will hear from multiple sites that this is Apple “winning out” or that Steve Jobs was right. Neither of these is completely true. Apple has yet to realize HTML5 for most of their sites and continues to use their proprietary QuickTime plug in for their movie trailer site and for much of the code on Apple.com (although the mobile is moving to HTML5). As for Steve Jobs being right; well the Adobe/Apple feud was about more than Flash on the iPhone. There was a time when Adobe optimized everything for Apple. If you wanted to run Photoshop with blazing speed, you bought a Mac. After Apple dumped the Power PC processor and forced Adobe to dump years of effort into optimizing for RISC (reduced instruction set) processors Adobe did an about face and began to optimize for Windows. To make matters worse after Apple jumped on the OpenCL bandwagon Adobe partnered up with nVidia to accelerate their applications with the closed source CUDA platform instead of the open standards found in OpenCL.
So you see this Flash Vs Apple war has been a long time in coming and it was the pride of two very large Egos that brought it out into the open. I am happy to see the plug-in go IF the replacement is more efficient and allows a better cross platform experience.
Discuss in our Forum
There is a long standing myth that PCs are susceptible to viruses and malware while Macs and Linux are not. Unfortunately for anyone that believes this myth there are consequences. One of these is a feeling of invulnerability when browsing. This false sense of security can lead to many things, including having your computer hijacked or being silently rolled into a giant Mac only botnet … I am sure you get my point. This phenomenon is not limited to Mac owners. PC owners that have “Full” Virus and Malware protection also get this false sense of security.
Now, the interesting thing is that while there are literally thousands of viruses and malware for Windows based systems in the wild there are actually more security loop holes in OSX that can be exploited by something as simple as a drive-by or other malformed code on a web page. One that caught our attention was an Adobe based Exploit (yes I know Steve Jobs wanted to ban Adobe). This little exploit allows someone to run a .swf file in a hidden iFrame. The .swf in question here has code to authorize turning on the end users webcam and broadcasting it to the source server.
Now this is nothing new and I have witnessed this kind of thing done at different security conventions. The thing that really is concerning is that this is being run on a version of Flash that is supposed to have code (called frame busting) to prevent this. What happened is that Adobe only patched part of the hole. They covered the whole page being loaded in an iFrame, but forgot to prevent the malformed .swf from being loaded into that same space. This little exploit was found by a computer science student at Stanford University named Feross Aboukhadjeh.
Now I know you are wondering what my rant at the beginning of this article about Macs has to do with this exploit… Well the kicker is that Aboukhadjeh has only been able to get this exploit to work on Macs and running either Firefox or Safari. The reason that he has been so successful is that with these browsers and OSX it is easier to make the iFrame transparent to the end user. Aboukhadjeh says that he does believe that this will work on other operating systems, but that it will take significantly more effort and would require layering the frame to avoid detection.
Adobe has been notified of the exploit
Source The Inquirer
Discuss in our Forum
The day before Apple holds its three ring circus for the next generation of iPhone Adobe shows off a few choice apps for Android’s Honeycomb Tablet Operating system. One of these is their top end Photoshop app with a completely new touch interface. Now, Adobe does have these out for both the iOS and for Android (both free and paid versions), but these new flavors appear to much more specifically designed for the larger screened Android based tablets. It is also worth mentioning Adobe’s partnership with nVidia here as there are a number of tablets based on the Green Teams dual core Tegra 2 SoC.
Of the six Apps shown off (Photoshop Touch, the other apps are Collage, Debut, Ideas, Kuler, and Proto) one already exists for Apple’s iOS as it is now and one has existing versions (although not as complete as the new Photoshop Touch) for both Android and iOS. The other four are new and from the look of them are aimed squarely at the Android platform.
The releases are interestingly timed. All of them appear to be developed using Adobe’s AIR platform, which technically is capable of developing across multiple platforms. However, our guess is that this is a subtle slap in the face of Apple for their former CEO’s obnoxious rejection of Flash based applications and at one point an outright ban on any app that was developed in Flash (even if it was later packaged to operate without the need for Flash). What better way to pull some potential clients away than to announce a group of “professional” applications designed for the competition? The question is, with the launch of these apps slated for November will this make any difference at all? Our guess is no, after all people that want an iOS device will get one and the people that want an Android Tablet will get that. Each has its own strengths and weaknesses. In the long run, a few people may opt for Android over iOS if they are looking for a tablet in that time frame, but if someone already owns an iPad or iPad2 they are unlikely to make that bold of a shift just because of Adobe. Plus Adobe has already alluded to the fact that they plan on versions for the iOS later…
But all the posturing aside it is nice to see some serious productivity apps hit the non-Windows based tablets. Now if they could only come up with a decent office suite it really could pull the tablet out of the “cool toy” category and make them truly useful.
Discuss this in our Forum
Looks like Adobe has found a way to enable Flash content on iOS devices without needing the blessing of the JobsMob. Using a technology that is not really new, but has been upgraded to allow a more seamless streaming of content to devices with no support, Adobe hopes to allow millions of iPhone, iPad, and iPod Touch users to enjoy the virtues of its Flash Media Encoding. All that has to happen is for content developers to purchase an Adobe Flash Media Server (Version 4.5) and Adobe Flash Access 3.0. When combined these two take the rendering load off of the mobile device by pre-rendering the video on the server and then streaming the content to the device at the other end.
With the iPhone now reaching out to more and more carriers in the US this is something that was bound to happen. Of course, most of the carriers in the US are going to be capping their data plans which might make this complicated for some iPhone owners. There is also the $4,500 per system license fee that Adobe is asking just for the Media Server. Either way, although it is now perfectly possible to enjoy Flash content on an iOS device, we have a feeling that adoption of this technology will be very slow indeed.
Discuss in our Forum