David Kirkpatrick

April 2, 2010

Google’s Chrome will auto-update Flash

Filed under: Business, Technology — Tags: , , , , — David Kirkpatrick @ 6:57 pm

I’ve never really been a fan of auto-updates of any sort, but the majority of computer users really need the convenience and out-of-sight/out-of-mind safety of auto-updates. Chrome is the first browser to automatically push updates for Adobe Flash to users. Probably a good thing in the long run, and doesn’t change my thought that Chrome is the best browser by a long shot. If you haven’t tried it, you owe it to yourself to give it a shot — even if you’re a dedicated Firefox user.

From the link:

Adobe’s (ADBE) new partnership with Google will keep Internet users safer because Chrome will automatically update Flash Player without asking users, an Adobe director of engineering said.

On Tuesday, the two companies announced that Google would include Adobe’s Flash Player in downloads of Chrome starting with the rough-around-the-edges builds of the browser’s “dev” channel. Google will also employ Chrome’s auto-updater to push Flash fixes to users without notifying them or asking them to approve the download.

The integration, particularly the automatic updating of Adobe’s plug-in, is a first for a browser maker.

“If you want to have a safe experience, updates should just happen in the background,” said Peter Betlem, senior director of Flash Player engineering.

Unlike other browsers, Chrome updates itself automatically in the background without asking for permission or prompting users that security fixes or new features are available. The practice, which Google (GOOG) debuted alongside Chrome in September 2008 , riled some users initially, but the criticism soon faded.

August 28, 2009

Google Chrome mini-review

Filed under: Media, Technology — Tags: , , , — David Kirkpatrick @ 4:30 pm

Finally broke down and actually tried out Chrome.

The quick reaction? I like it.

It’s pretty spare and not totally user friendly for this particular user, but it feels agile, websites look good, no Flash problems (hint go the Chrome features page and get the auto-download for the plug-in there) and feels a little quicker than my current IE install.

Update 8/29/09 — It’s definitely more quick and might end up my default browser. All in all I’m very impressed with Mountain View’s entry into the browser wars.

July 24, 2009

Online security issues — Twitter and Adobe Reader

Online security should always be at least a tiny voice in your head whenever connected to the web — and with mobile devices, Wi-Fi, et.al., being connected is becoming 24/7 for a lot of people.

Here’s two articles on security issues with popular online tools.

First up is Twitter:

In April, a Twitter wormknown as “Mikeyy” or “StalkDaily” reared its head. Similar to the 2005 Samy worm on MySpace, the Mikeyy worm was authored by a 17-year-old who took advantage of a code quirk to gain notoriety for his Web site, StalkDaily.com. Twitter shut it down–plus a few follow-up viruses (“How TO remove new Mikeyy worm!”)–fairly quickly. Following the worm attacks, cofounder Biz Stone wrote on the company blog, “Twitter takes security very seriously and we will be following up on all fronts.”

Shortened-URL Dangers

Parallel to the growth of Twitter is the expansion of URL-shortening services. Fitting your thoughts into 140 characters takes practice; including full URLs is almost impossible. Usually URLs have to be truncated through services such as Bit.ly and TinyURL.com, which also mask the true destination URL and can present their own security problems as a result.

The first signs of shortened-URL trouble came with a pair of Twitter worms that promised to help users remove the Mikeyy worm. In June, a wave of hidden poisoned URLs swept Twitter, using Bit.ly links to low.cc and myworlds.mp domains where users were asked to download a file called free-stream-player-v_125.exe to view a video. The file held malware. Bit.ly and TinyURL have been responsive to reports of abuse; Bit.ly, for one, now blocks those low.cc and myworlds.mp domains.

And second is a troubling issue combing two Adobe applications — Flash and Reader:

Adobe Systems Inc. late Wednesday admitted its Flash and Reader software have a critical vulnerability and promised it would patch both next week.One security researcher, however, said Adobe’s own bug-tracking database shows that the company has known of the vulnerability for nearly seven months.

In a security advisory posted around 10 p.m. Eastern time Wednesday, Adobe acknowledged that earlier reports were on target. “A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” the company said.

Click here to find out more!The “authplay.dll” mentioned in the advisory is the interpreter that handles Flash content embedded within PDF files, and is present on any machine equipped with Reader and Acrobat.Adobe said it would patch all versions of Flash by July 30, and Reader and Acrobat for Windows and Mac no later than July 31. Until a patch is available, Adobe said users could delete or rename authplay.dll, or disable Flash rendering to stymie attacks within malformed PDF files. Adobe did not offer any similar workaround for Flash and could only recommend that “users should exercise caution in browsing untrusted websites.”

The U.S. Computer Emergency Response Team (US-CERT), part of the Department of Homeland Security, included instructions on how to delete the Flash interpreter from Windows, Mac and Linux machines in a Wednesday advisory of its own.