Flash zero day means one more thing to watch out for

As browser vendors have tightened the loopholes used by criminal hackers to infect the computers of unsuspecting internet users, there has been an increase in third-party plug-ins being exploited to work around the measures that have been implemented.

First Java became the primary target. With a wide install base, Java provided a low-hanging fruit for exploits used to infect users with malware. In the last two years, there have been quite a few exploits in the wild that exploited Java to enable drive by downloads, thereby infecting computers silently, without any input from the user.

More recently, Flash has become a target. It has a few thing in common with Java, in that it has a widespread install base, which makes it a good target for exploits. Since Flash is also still the primary video player used for video streaming websites, a lot of people are unlikely to uninstall it.

With the discovery of the latest zero day bugs, Flash has become quite a dangerous liability to a lot of users. Of course one can always disable Flash now that YouTube uses HTML5 video player to deliver its content, but a lot of other video streaming websites still rely on the old trusty streaming workhorse.

Let’s evaluate the steps a user can take to stay safe:

  1. Use a plugin such as Flashblock to disable Flash for all websites but ones that you trust. This strategy can work well if the websites that you trust don’t run Flash advertisement banners from third party networks. However, in real life scenario, most websites run advertising banners from another network, which makes this strategy.
  2. Block all advertisements using Adblock or something similar. This will block a lot of advertising on every site you visit. However, this is not completely foolproof as evidenced by paid exceptions deals by some of the ad-blocking software and some of the biggest advertising networks on the web.
  3. Turn off Flash by default and enable it only for particular instances, eg the video player being watched. While this is a little safer, there is still a danger as many video streaming sites display Flash banners from other domains inside the video player. This could potentially be a problem as a nasty payload could potentially be delivered through the third party domains, even though the website you visit is safe.
  4. Combine step number 3 above with a browser that is safe. So far, the only browser that is not affected by the latest Flash bug is Google Chrome. This could be a good strategy to mitigate risk with the current bug.

It should be noted that as the arms race between browser makers and the hackers intensifies, one day you will wake up to the news that Flash on Chrome has been compromised. It may already be compromised right now, but it is still a good bet for safety. As is often said, security is not just software, but an attitude that everyone should always keep in mind. It is a stance to be vigilant in the face of new threats that keep growing.

Good luck and browse safe.


YouTube now streams HTML5 video

With YouTube now streaming HTML5 video, does it mean that Flash is dead? Well, whether or not Flash as a platform is dead, is debatable. One thing for sure, though, this move by YouTube, one of the biggest video content delivery system on the web will mean that it is now possible to disable or uninstall Flash player from one’s browser without experiencing a lot of inconvenience.

This move is definitely a positive one in light of all the security issues that Flash player has experienced. In the last year alone there have been multiple 0-day exploits being used by cyber criminals to install malware onto the computers of unwitting victims. From the computer security perspective, this means there is potentially one less vector for attack.

Hopefully this will mean that other video content providers on the web such as Facebook, Vimeo, Dailymotion and the others will follow suit and shift away from using proprietary technology to deliver their content. Without Flash, the web will have one less way of reaching into parts of your computer you don’t want it to.

It must be said, though, that the delivery of HTML5 video by YouTube is enabled by the use of the Widevine DRM plugin which is not in the spirit of the open source movement, but if I were to choose between Flash DRM and WideVine, I probably would choose Widevine as it is a compromise that Google had to make to appease content owners.

If you have been a long time Flash user, don’t be disheartened by the beginning of the demise of the platform that once had a claim of 95% install base. Flash is still a great tool for creating animations and it either will evolve new abilities (it partly has) to export to standards compliant open technologies or new tools will emerge. New Javascript animation tool anyone?


How to block private number calls on Android

One of the annoyances of having a mobile phone / cell phone is the fact that people sometimes call you but they block their number so you do not know the number that they are calling from. While this could be one of your friends, most of the time this technique is used by less than desired callers. Marketers, banks and other less desirable characters often use this technique to catch you unawares or to prevent you from calling them back.

Most Android handsets in the market are not equipped to block private number calls but there are things you can do to take control of this situation. Here are some of the things that you can do:

  1. Flash your phone with Cyanogenmod ROM (can be hard and time-consuming)
    If you are OK with rooting your Android handset and then installing a custom ROM, this is a  good solution. Not only you gain the blacklist feature, but you also gain a custom ROM that lets you customise a lot of aspects of your phone. The blacklist in Cyanogenmod allows you to block private number calls, SMS, or any number you add to the blacklist or numbers not on your address book. It also allows you to decide to drop the call or send it to voicemail.
  2. Install app such as Call Control or other similar apps (easy)
    If you are not comfortable with rooting your phone and installing a custom ROM, this is a quite effective way to block private numbers or any number you do not want to receive. Call Control offers similar features to the Cyanogenmod blacklist by simple installation of an app. This app also offers in-app purchases (not sure what they are, so you had better read their description carefully).

Choose your options wisely.

How to make Chrome faster in OS X Mavericks

Ever since I upgraded to OS X Mavericks, Chrome has been running a little slow. It seems to struggle in opening and closing tabs, as well as populating auto-fill lists when I am typing a URL or a search query. I could not quite put my finger on it. At first I thought it was to do with the new updates and other enhancements. Then I started to think about getting a new laptop.

Just recently, while I was optimising a few aspects of my old Macbook Pro (circa 2010), I discovered that one could speed things up by turning off the Dashboard (does anyone use this anymore?). The Dashboard is one of those features that I hardly ever use on OS X.

During my search on how to turn off the Dashboard, I discovered another tip, that allows you to disable the “App Nap” setting of apps on an individual basis. Curious, I tried this on Chrome. I went to open Finder and then open the “Applications” directory. I right-clicked on Google Chrome and selected “Get Info”. In the Get Info window, I ticked “prevent App Nap”.

This has resulted in Chrome working as fluidly as it did before I upgraded to Mavericks. Although this worked for me, your milage may vary. Good luck.

Hamburger Icons

I have recently been reading quite a bit on the use of the “hamburger icon” in UI design and navigation patterns and I though I would contribute to the discussion by making a few of my own. These are free to use under CC Attribution Licence. You can download the SVG icons here svg-icons and the PNG icons here png-icons.

The full burger


Traditional burger
Traditional rounded
Ham sandwich
Cheese burger
Burger with lettuce
Steak sandwich



Creative Commons License
burger icons by j muljana is licensed under a Creative Commons Attribution 4.0 International License.