Home > Blogs > 2011 April 11 - The Weak InSecurity

2011 April 11 - The Weak InSecurity

Flush your last Flash and get ready for a more SecurID

It's time to reset your watches, pack away your winter woolens, and do !something! about the latest Adobe Flash exploit.  Ya, another rob your system exploit has surfaced, in this, the latest and bestest Flash!  Flush it, and try your luck with the latest and greatest, something like 10.2.159.1.  This is bound to be the great release--they've had 158 tries to get 10.2 right...

I don't know what to think.  Is Flash still worth it?  Is HTML 5 where we all wanna be?  Fool me once, shame on you.  Fool me twice (or 158 times), and I gotta wonder...  Am I being fooled or just plain gullible?  I'm thinking of boycotting sites that claim they can't function without creating a security hole on my home system. 

How about it?  If I stop using Flash, what functionality am I foregoing?  Come on, Flash proponents, sound off below.  Flame me for suggesting that Flash is no longer a wise installation?

SecurID is rumored to be preparing an important update to their products, which suffered a very odd hack.  This is one attack for which few details are known.  Probably best.

I'm struggling with the recent outbreak of hacked security organizations.  I've been trapped in too many meetings, preached at by smug vendors who assure me that their tools, products, and services are the best and only option to keep hackers at bay. 

And then one day, Whammo!, I read that the security outfit itself suffered a hack.  No, SecurID, RSA, or others who own the product have never kept me in a room.  Just think security organizations need to step up their game.  They need to practice what they preach.

And the rest of us in the Security Biz?  We need to see these events as warnings.  If a solid vendor like RSA, with decades of security excellence built up, if top organizations like these get hacked, what about us?  RSA has, no doubt, prepared for a hack like this.  If you use SecurID, are you as prepared to apply the fixes quickly?

We are increasingly exposed to a wild assortment of security events and news, with the number of attacks growing in numbers so large, who can keep them all sorted out?

This week's Security Resolution:

This week, I know people will send me Flash videos or to URLs with these videos.  I won't view them until I reflash my Flash. 

jt, aka TtMB


Comments

comments powered by Disqus