Looks like it is time to remove Macromedia Flash player plugins from your computers.

http://story.news.yahoo.com/news?tmp..._cmp/160400719

In short, they can put back cookies, and malware after you have deleted it
if you have the Flash player installed in your favorite browser. Just what
will they think of next?

Richard Johnson

If you use SpywareBlaster (a free prog- very useful), it gives the option of
disabling existing versions of Flash on your computer, and preventing
websites from installing it. I don't know about Flash installing malware-
SpywareBlaster offers the option to protect you against unwanted advertising
stuff, and does not suggest that Flash has any evil intentions.
--
Benny
*******
"Richard Johnson" <> wrote in message
news:...
>
http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> In short, they can put back cookies, and malware after you have deleted it
> if you have the Flash player installed in your favorite browser. Just
what
> will they think of next?
>
>
>

Benny:

I don't think the folks that make flash player had this in mind, but now
that it is known how to do it by using the other company's product, malware,
spyware, as well as cookies will not be removable by the user. That to me
is a VERY large problem. I have deleted Flash Player on my machines based
upon this story. Until Macromedia allows me to modify it's security
settings to fully disable this feature I am not installing it again. I also
think that everyone should follow suit to prevent this type of security
breach. (If a user wants no or limited cookies, spyware, or malware on
their machine.) By the way, spyware removal tools won't get it off either.
Flash players security issue allows malware to simply puts it back upon
deletion as I understand the story.

Rich
"Benny" <> wrote in message
news:d2kveb$h8l$...
> If you use SpywareBlaster (a free prog- very useful), it gives the option
of
> disabling existing versions of Flash on your computer, and preventing
> websites from installing it. I don't know about Flash installing malware-
> SpywareBlaster offers the option to protect you against unwanted
advertising
> stuff, and does not suggest that Flash has any evil intentions.
> --
> Benny
> *******
> "Richard Johnson" <> wrote in message
> news:...
> >
>
http://story.news.yahoo.com/news?tmp..._cmp/160400719
> >
> > In short, they can put back cookies, and malware after you have deleted
it
> > if you have the Flash player installed in your favorite browser. Just
> what
> > will they think of next?
> >
> >
> >
>
>

See the following to block/remove shared objects.

http://www.macromedia.com/support/fl..._object02.html

--
http://www.standards.com/; See Howard Kaikow's web site.
"Richard Johnson" <> wrote in message
news:...
>
http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> In short, they can put back cookies, and malware after you have deleted it
> if you have the Flash player installed in your favorite browser. Just
what
> will they think of next?
>
>
>

"Richard Johnson" <> wrote in message
news:...
> http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> In short, they can put back cookies, and malware after you have
> deleted it
> if you have the Flash player installed in your favorite browser. Just
> what
> will they think of next?
>
>
>


Visit http://www.macromedia.com/ or any site that shows Flash content.
Right-click on the Flash content and select Settings. Click on the
Folder icon button. Set their cache to zero and check the box to
remember your setting. Flash uses its own cookie files which have the
..sol filetype.

If the web page you visit with Flash content has disabled user
configuration of some settings, visit Macromedia's online settings
manager at
http://www.macromedia.com/support/do...manager02.html
(they have yet to deliver a seperate utility that you can run locally).
Unlike UI applications that open their own window, the mouse cursor will
not change when you hover over clickable objects in that web page; i.e.,
you click on the tab buttons to change between panels but you won't see
the mouse cursor change to indicate they are clickable. If you use the
Website Privacy Settings panel (5th tab) to clear the Flash cookies
(.sol files), not all are deleted as a file search will shows some still
around, one of which retains the settings you configured.

I use PopUpCop as my popup blocker (works better than the rest that I've
trialed) but haven't yet managed to convince its author to include .sol
files in its cookie whitelist feature (the author isn't familiar with
Flash cookies enough to want to touch them yet).

And what is with the deliberate scare tactic by the OP claiming the
article says that Flash is going to be used to install malware? All it
mentions is using a shared object to rebuild Flash cookies, but if you
set the Flash caches to zero than you have no locally saved shared
objects.

--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________

Richard Johnson wrote:

>
http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> In short, they can put back cookies, and malware after you have deleted it
> if you have the Flash player installed in your favorite browser. Just
> what will they think of next?

I don't know about you guys but if someone is going to use me (and my pc)
for marketing research, which they SELL, aren't we entitled to the money
also? I am being serious, this should be a class action lawsuit...

The **** gets installed on your PC, companies SELL the info taken from your
pc and make millions. Basically, they view the PC users as nothing more
than a resource to exploit...

I SAY CLASS ACTION LAWSUIT! THINK ABOUT IT!!!!!!!!!!!!!!!


Michael

--

"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald

Richard Johnson wrote:
> http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> In short, they can put back cookies, and malware after you have deleted it
> if you have the Flash player installed in your favorite browser. Just what
> will they think of next?
>
>
>
Thanks for the article. I no longer use flash due as I noted that sites
could bypass my cookie rules some time ago. This sounds even worse.


I have also noted that Quick Time plug-ins can also plant cookies
irrespective of contrary browser settings. While I may miss some sites
who have chosen to flash enable their site, I will live without visiting
those sites. I have quit using q-time as well, however of the 2 the
Macromedia plug-in behavior has several issues and I consider it more of
a threat.

I am not against legitimate advertising, however those who believe I
give up my right to control my asset because I happened to visit a site
that had their banner is ludicrous. There are some vendors who have
lost any possible future business with me due to their choice of
behaviors when advertising on the net, or the behavior of their website.
There are several car companies that when i tried researching their
vehicles on the net for consideration, lost a potential customer.

In the business setting, one should review the Macromedia license
agreement very carefully. There is some very slippery language on both
their network deployable as well as with the "free" plug-in. You may
find that "free" plug-in very expensive if/when they decide to uphold
that agreement. Our legal group has been negotiating with Macromedia
for months trying to come up with an acceptable agreement, without
resolution.

One should be very careful as to what plug-ins they allow, the more you
allow, typically opens up more avenues for compromise.

Winged

On Fri, 1 Apr 2005 16:14:10 -0800, "Richard Johnson"
<> wrote:

>http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
>In short, they can put back cookies, and malware after you have deleted it
>if you have the Flash player installed in your favorite browser. Just what
>will they think of next?
>
>
##########################
I block all cookies. Do I still need to get rid of Flash?
donnie

"donnie" <> wrote in message
news:...
> On Fri, 1 Apr 2005 16:14:10 -0800, "Richard Johnson"
> <> wrote:
>
>
>http://story.news.yahoo.com/news?tmp...5&u=/cmp/20050
401/tc_cmp/160400719
> >
> >In short, they can put back cookies, and malware after you have deleted
it
> >if you have the Flash player installed in your favorite browser. Just
what
> >will they think of next?
> >
> >
> ##########################
> I block all cookies. Do I still need to get rid of Flash?

No, see my post in this thread on how to block the shared objects.

bonnie wrote:
> On Fri, 1 Apr 2005 16:14:10 -0800, "Richard Johnson"
> <> wrote:
>
>
>>http://story.news.yahoo.com/news?tmp..._cmp/160400719
>>
>>In short, they can put back cookies, and malware after you have deleted it
>>if you have the Flash player installed in your favorite browser. Just what
>>will they think of next?
>>
>>
>
> ##########################
> I block all cookies. Do I still need to get rid of Flash?
> donnie
Donnie,
You don't mention how you block cookies however I have found cookies
placed on a machine with Macromedia Flash irrespective of any browser
cookie block. I have tested this with IE, Firefox and Avant. I have not
tested the workaround that was mentioned was on the Macromedia site as I
no longer run the product and no longer authorize it on work networks,
though this is more related to the license involved on the plug-in.

My users hate me...

But I am retentive about products that expose me then reveal how to
fix/configure things after it is publicized as an issue. This is not
their first exploit. I suppose it depends on how much you feel you need
the product (value added versus the potential exploit). All software
opens the exploit window. Security is a balance of usability versus
security and the risks you are willing to accept.

Winged