Educause Security Discussion mailing list archives

Re: Adobe Flash

From: "Tevlin, Dave" <dtevlin () VISI ORG>
Date: Thu, 23 Jul 2015 10:20:40 -0400

Greg, the vSphere webclient that VMware is pushing more and more features
into, while stripping them out of the vSphere Dektop Client, is Flash based
and that is what I am referring to .

Under 5.0 you could still do most things in the desktop client, with 5.5 a
bit less, and under 6.0 the desktop client is used primarily for Update
Manager and you are forced to use the web client. From reading the
tea-leaves on why this occurred it seems like they wanted to distance
themselves from MS including using .NET which the desktop client is built
on. This was more a political decision than a practical one in my opinion.

Count me as not a fan of this decision, more so when you consider they
build the interface for the new product EVORails in HTML5 according to
Duncan Epping's blog.

Dave

On Thu, Jul 23, 2015 at 10:09 AM, Greg Williams <gwillia5 () uccs edu> wrote:

 Dave, are you sure about Flash and VMWare?  I have vSphere installed on
my system and use it almost every day, but do not have Flash installed.



Greg Williams, M.E.

Director of Networks and Infrastructure
University of Colorado Colorado Springs

Department of Information Technology



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Tevlin, Dave
*Sent:* Thursday, July 23, 2015 7:24 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Adobe Flash



Deploy Microsoft Enhanced Mitigation Experience Toolkit (EMET) along side
Flash and Java deployments where there is a need for Flash or Java. If you
are a VMware shop you can't get away from Flash as it is part of vSphere
administration.



EMET is one of only three tools that I know of that block the attack
methods instead of relying on heuristic or signature based detection which
always require someone else to find it first.



One of the last Flash 0 day attacks used a Heap-Spay method for the
attack, which EMET is built to counter. I have no information if it would
have worked on this specific attack through.



EMET is free, and controllable through GPO. It is Windows only though.



The list of tools in the market that work on mitigating the method of
attack, that I know of are:

Microsoft EMET (Free)

https://technet.microsoft.com/en-us/security/jj653751



Malwarebytes Anti-Exploit ($)

https://www.malwarebytes.org/antiexploit/premium/



Palo Alto Traps Endpoint Security ($$$)

https://www.paloaltonetworks.com/products/endpoint-security.html



Dave Tevlin, MS

Network/ Systems Administrator

Georgetown Visitation Prep School

dtevlin () visi org





On Wed, Jul 22, 2015 at 12:53 PM, Kevin Reedy <KReedy () excelsior edu>
wrote:

Flash is a tough one for us, since most of our online offerings utilize it
we can't simply disable it.  I am keeping an eye on all the Cryptolocker
type IDS alerts, as well as 'emergency' patching as soon as is reasonable
after the fix is released.

I am putting quite a bit of faith in our URL classification subscription as
well as the Palo Alto 'wild fire' detections, but obviously if the content
is on a compromised but otherwise good page it will be a problem.

Long term solution is to move away from Flash in our offerings, and while
we had already been doing that, this will hasten the timeline.

-Kevin

Kevin Reedy
Executive Director, Information Security
Excelsior College
(518) 464-8720



From:   Chris Green <CGreen () UTTYLER EDU>
To:     SECURITY () LISTSERV EDUCAUSE EDU,
Date:   07/22/2015 12:17 PM
Subject:        [SECURITY] Adobe Flash
Sent by:        The EDUCAUSE Security Constituent Group Listserv
            <SECURITY () LISTSERV EDUCAUSE EDU>




All,

I just wanted to reach out and see if anyone might be willing to share if
and what has been done at your respective institutions in response to the
multiple zero day vulnerabilities that have been exposed within Adobe
Flash.

Thank you for your feedback!

-C.

Chris Green
Information Security Officer
University of Texas at Tyler
cgreen () uttyler edu



  This message and any attachments contain confidential  Excelsior
College information intended for the specific individual and purpose. If
you are not the intended recipient, you should notify the College and
delete this message. Any disclosure, copying, distribution or inappropriate
use of this message is strictly prohibited.

Current thread:

Adobe Flash Chris Green (Jul 22)
- Re: Adobe Flash Greg Williams (Jul 22)
- Re: Adobe Flash Kevin Reedy (Jul 22)
  - Re: Adobe Flash Tevlin, Dave (Jul 23)
    - Re: Adobe Flash James Farr (Jul 23)
    - Re: Adobe Flash H Morrow Long (Jul 23)
    - Re: Adobe Flash Brad Judy (Jul 23)
    - Re: Adobe Flash Shalla, Kevin (Jul 23)
    - Re: Adobe Flash Greg Williams (Jul 23)
    - Re: Adobe Flash Tevlin, Dave (Jul 23)
  - Re: Adobe Flash Livio Ricciulli (Jul 27)