Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In this episode, they were talking about viruses and malware and how all platforms including linux is not immune to it. They also discuss how our systems get can get infected.
They also discuss how flash and java can have exploits or holes to execute malicious code.
This concerns me because I visit websites with flash and since adobe stopped supporting linux, we are using flash 11.2.x which is dated.
I have a question and it may be dumb as I don't nothing about flash exploits or java programming.
Can a bad website's flash/java execute malicious code on our systems or they only affect browsers? Thanks
Personally I no longer install flash or java on any of my computers for this exact reason. Living without flash has been a pain in the neck at the beginning, but I've learned to endure it. It's still troublesome because certain websites are being dickheads and refuse to play their video content without flash plugin installed i.e. twitch.tv (I learned to bypass it by using livestreamer).
Anyhow, if you absolutely must have these plugins installed you can use a firefox browser addon like NoScript that will block them by default. You will have to click on a placeholder to activate the plugin on a given website - this will prevent some hidden parts from automatically executing and possibly running malicious code, but can also break some websites. It still doesn't protect you 100% because an attacker can simply replace the flash container on a trusted website with his own malicious one (mitm).
I believe websites should stray away from flash and use html5 video tags and play mp4/mp3/ogg/ogv media as to flash. At least, youtube includes html5 and other media formats.
I once was tempted to try gnash instead, but I read and heard it isn't compatible with some sites and it can be buggy and/or unstable.
As for java we can only hope that something better would replace it.
I don't use java or flash because they are insecure. However, if I do have to use flash in some rare cases, I make sure to use NoScript to disable flash on all sites but the one that I have to use it on. It is usually not installed or disabled.
Firefox 26/27 can disable plugins without NoScript or other addons. NoScript is still useful for controlling JavaScript and other potentially dangerous stuff but it may be tedious to configure as far as I remember.
You configure it once and forget about it. Helps a lot with online security from what I've seen. No more browser hijacking by malicious sites using javascript. The sites that break are either malicious or badly coded, from what I've seen.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.