Adobe Issues Emergency Update To Flash After Ransomware Attacks

Alpha1

Alpha1

Well-known member
John007 said:
this is 2016 xenforo should be using a html5 uploader not flash
Click to expand...

It's only 2016 which means were still dealing with 2006 browser capabilities lol. Which would be IE7 but the current target is IE 8. Real shame 9 wasn't closer to 10. You have to realize Xenforo targets their customer base. People build forums for government, business and library users who are not on Windows 7+ etc.

Mean while many of us don't. My personal support policy is 10 years or 3 Windows versions and then the FF/Chrome etc equivalents. So at this point my baseline support is Windows 7 / IE 11 and i think my chrome support falls somewhere back in the 20's. Which is a decent place.

SSL is potentially a driving factory in killing off old browser support. Except these idiots are making their sites exploit friendly by supporting TLS 1.0 still. No one seems to have heard of a downgrade attack.
 
Screen Shot 2016-04-09 at 4.13.17 PM.webp

all said.
 
I've said it before, I'll say it again.

The decision to use Flash is entirely yours. There is a preference to disable it for yourself, a preference to disable it for your entire site, a personal preference to even install Flash in the first place (or keep it enabled if built in).

There's even a middle ground where you keep it disabled until there's such a time where you might need to upload multiple files.

Personally I have Flash disabled now and even doing multiple uploads without Flash is not too arduous.

It's not a solution but a perfectly sensible workaround for the time being.
 
Chris D said:
I've said it before, I'll say it again.

The decision to use Flash is entirely yours. There is a preference to disable it for yourself, a preference to disable it for your entire site, a personal preference to even install Flash in the first place (or keep it enabled if built in).

There's even a middle ground where you keep it disabled until there's such a time where you might need to upload multiple files.

Personally I have Flash disabled now and even doing multiple uploads without Flash is not too arduous.

It's not a solution but a perfectly sensible workaround for the time being.
Click to expand...

where is the option in ACP to use HTML5-uploader instead of Flash-uploader ?
 
Options > Attachments > Use Flash Uploader

We don't ship a HTML5 uploader, but the non Flash Uploader works fine for one file at a time.
 
Chris D said:
The decision to use Flash is entirely yours.
Click to expand...
You are completely right. And the way it is going with flash the admins aware of this problem will turn off the Flash uploader which relies upon software that is in essence an ongoing security vulnerability. No problem there.
But what about the admins that are not aware?

Have you considered to disable or remove the flash uploader in XF1.x ? Or maybe add an admin notice somehow or send out an email warning to xenforo webmasters?

Xenforo webmasters should be aware about the risk that they are putting their members in by activating the xenforo flash uploader.
 
You seem to be under the assumption that we're putting our users at risk. We aren't. If you install Flash Player or use a browser that has it built in, you are putting yourself at risk. Using a XenForo website while you have Flash Player enabled does not put you at any additional risk than you would be if you had Flash Player disabled. What puts you at risk is using untrusted websites that contain Flash components which have been specifically developed to exploit these security vulnerabilities.

There's nothing we can or should do about it.
 
Top Bottom