TiVo Community Forum banner
  • TiVoCommunity.com Ambassador Program Now Open! >>> Click Here

Flash No More...

4K views 28 replies 15 participants last post by  rainwater 
#1 ·
So no more Adobe Flash. Ahem.

On the upside, maybe we could snag a Flash expert or two from the 750+ Adobe employees who are being laid off.
 
#27 ·
Nothing changes. Other than not having to worry if the TiVo community flash ads would load up some malware onto my machine. Flash being a stupidly popular method of getting viruses and trojans on your machine via compromised ad networks. (Yes, even big sites like New York Times got hit serving malware).
Actually, html5 enables video and low level execution of things like svg so the threat of getting a virus isn't going away. Since no one is using html5 for ads yet, there is no need for anyone to exploit it. But once that changes, it will be a different story.
 
#28 ·
Ah, but video part can be disabled, as well as SVG rendering. You see, the browser can choose not to render any part of a page. (If it was flash, it would render all parts). Heck, right now I can block the video tag. Just because the page says that it has a video element, doesn't mean the browser is even obligated to obey it (e.g., an old browser). Or an SVG element. etc.

Also, since it's rendered by the browser, the exploits have to target specific browsers, on specific OSes. If it affects Firefox, Safari, Chrome and IE are probably unaffected. But for Flash malware, every platform with Flash is vulnerable. And an exploit that works on Windows, will be unlikely to succeed on MacOS X or Linux. Unlike a Flash vulnerability, which has affected ALL flash platforms. Including Android.

Heck, the Flash plugin only earlier this year started offering easy options to the flash cookie issue - something any browser the past 5 years or more has had. And browsers already have HTML5 local storage control as well (it controls how and which web sites can store data localling - a large cookie, if you will - to which the user can easily clear out or deny access to). And HTML5 local storage is quite new. Flash has had local storage way longer (many years now) and already the browsers have caught onto the need to limit access to local storage. Blocking third party local storage being the default in most cases (Flash default - allow all).
 
#29 ·
Also, since it's rendered by the browser, the exploits have to target specific browsers, on specific OSes. If it affects Firefox, Safari, Chrome and IE are probably unaffected. But for Flash malware, every platform with Flash is vulnerable. And an exploit that works on Windows, will be unlikely to succeed on MacOS X or Linux. Unlike a Flash vulnerability, which has affected ALL flash platforms. Including Android.
Huh? Almost all flash exploits are platform specific so I don't see your argument. Of course you can disable video/svg/etc just like you can flash so it's no different. Again, removing flash doesn't remove the ability to exploit content in browsers.

Either way all of this is pointless as it has nothing to do with TiVo's use of flash.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top