How to Protect Yourself from Security Holes in Adobe Flash (and Other Plugins)

Did You Know? The formal name for the # symbol, commonly called the hashtag thanks to its widespread use in social media, is “octothorpe”. Geek Trivia Video Game Company Activision Was Sued By Which Of These Dictators? Saddam Hussein → Fidel Castro → Manuel Noriega → Kim Jong-Il → Advertisement Download Web Penetration Testing with Kali Linux (Free eBook Valued at $29.99) Plus 3 Bonus Resources! This is the book you need to be fully up-to-speed with this powerful open-source toolkit -- and you're getting 3 additional security resources to increase your knowledge as well. Click here to download Want to Change Your Email Preferences? At some point in the past you subscribed to the How-To Geek newsletter, but if you'd like to change the frequency or unsubscribe, you can do so by clicking the button. Change my Subscription (or unsubscribe) Today's How-To Geek Articles By popular request, we're including a quick list of the daily articles at the top of the daily email as well as the regular format near the bottom. How to Insert Page X of Y into a Header or Footer in Excel How to Use Google Now on Tap, Android 6.0’s Best New Feature Can Magnets Damage or Wipe a Laptop’s Hard-Drive? How to Use Offline Google Maps on Android or iPhone Tired of Getting Your Credit Card Stolen? Use Apple Pay or Android Pay Thoughts from the Geek This is a daily column written by Lowell Heddings, the founder and owner of How-To Geek. If you prefer, you can read this column in a web browser instead. How to Protect Yourself from Security Holes in Adobe Flash (and Other Plugins) Just a few days ago I was telling you that disabling browser plugins is the most important thing you can do to keep yourself safe, and today Trend Micro announced yet another zero-day, unpatched exploit for Adobe Flash. It’s seriously time to disable plugins, or at least set them to click-to-play mode. New Adobe Flash Zero-Day Used in Pawn Storm Campaign Trend Micro researchers have discovered that the attackers behind Pawn Storm, the long-running cyber-espionage campaign, are using an Adobe Flash zero-day exploit code for their attacks. The particular affected vulnerability is still unpatched, making Flash users vulnerable to attacks. In this most recent campaign of Pawn Storm, several Ministries of Foreign Affairs received spear phishing e-mails. These contain links to sites that supposedly contain information about current events, but in reality, these URLs hosted the exploit. What’s interesting about this attack is that it was a targeted attack involving faked emails (that probably looked like they came from a believable source) that then loaded a page that contained the exploit kit, which used a security hole in Flash that hasn’t been patched yet, because until this attack happened, nobody knew that the security hole even existed (which is why it’s called a zero-day, as in zero days of notice for the vendor to be able to patch the hole). It’s unclear from what we know so far whether Google Chrome’s sandbox protects you from this exploit, or if they found a way to get through it. Either way, it’s non-stop security holes in browser plugins that present one of the very biggest security risks right now — and much of this malware will take over and completely hijack your computer with ransomware, which encrypts all of your files and prevents you from using your PC until you pay them (or completely wipe the machine, losing all your data). If you want to protect yourself from this and the other 5,382 new security holes that will probably happen in the next few months, here are your options: Best Option: Disable Plugins, Enable Click-To-Play, Install Malwarebytes Anti-Exploit The safest option is to just disable plugins entirely in your browser. If you have a particular website that you visit that needs Flash, either create a new browser profile or use a separate browser just for that site. Enable Click-To-Play for plugins, and then install Malwarebytes Anti-Exploit — which is completely free for the basic version. On my computer, I use Safari as my main browser, and I have all plugins disabled. When I want to watch Netflix, I use Google Chrome with all plugins except Flash disabled, and plugins are set to Click-To-Play mode so they won’t activate automatically. If you’re a Chrome user you could install Firefox and use that as your Netflix browser, or even Internet Explorer if you choose. I’m using a MacBook, so there’s no Anti-Exploit tool for me to use. Next Best: Enable Click-To-Play, Install Malwarebytes Anti-Exploit If have too many sites that you visit that require Flash, enable Click-To-Play for plugins in every web browser. It’s a little bit of a pain, but it’s much better than having your computer hijacked by ransomware that encrypts all of your files and prevents you from accessing anything. Once you’ve done that, install the free Malwarebytes Anti-Exploit on your PC to help protect you from these types of things. You’ll also want to be careful what you click on, but that is something that everybody that has had a computer has heard at some point, and people still end up clicking on things, and still end up getting themselves infected. Because the scammers and malware creators are really good at tricking people into clicking things they shouldn’t. You might notice that we didn’t mention using anti-virus, and there’s a good reason for that. Anti-virus is still important, but it won’t protect you from zero-day attacks, and it won’t protect you when you actually download and run something bad. It’s time to stop thinking about anti-virus as the answer to all your security problems — it’s just one piece of a security solution. Previous Thoughts You Might Have Missed: Monday: Do You Buy Physical Media or Have You Gone Digital? Sunday: (Fast) Internet Access is Way Too Expensive in the US Saturday: The More You Know: Browser Plugins and Extensions Aren't the Same Thing Friday: Firefox is Killing Support for Browser Plugins, and That’s a Very Good Thing Thursday: Samsung Chips Might Murder Your iPhone Because That Totally Makes Sense Geek Comic Today's Tech Term RBL RBL (short for Realtime Blackhole List, a.k.a. DNS Black List [DNSBL]) is a dynamic list of IP addresses whose owners do nothing to stop the proliferation of spam (by customers of those ISPs) or actively engage in producing spam themselves. ISPs and companies that subscribe to the RBL will know the IP addresses they need to block traffic from. What We're Reading from Around the Web Netflix too powerful for cable companies to snub, says Morgan Stanley [Business Insider] White Hat Hackers Would Have Their Devices Destroyed Under the TPP If You're Not Paranoid, You're Crazy How to listen to (and delete) everything you've ever said to Google All versions of Windows affected by critical security flaw [ZDNet] The Obscure 1789 Statute That Could Force Apple to Unlock a Smartphone How to Insert Page X of Y into a Header or Footer in Excel If you have a large spreadsheet in Excel, you may want to add page numbers. Doing so is easy, and you can even add them in the format of "Page X of Y". Read on to find out how. Read This Article → How to Use Google Now on Tap, Android 6.0’s Best New Feature Android 6.0’s big hallmark feature is Google Now on Tap. Part of Google Now, Now on Tap allows Google to scan the screen whenever you open it, automatically guessing what you want to search for and providing you with more information. Read This Article → Can Magnets Damage or Wipe a Laptop’s Hard-Drive? Whether our computer hardware is brand new or a bit older, it never hurts to exercise a bit of caution in order to avoid damaging it. With that in mind, can magnets damage or wipe a hard-drive? Today’s SuperUser Q&A post has the answer to a worried reader’s question. Read This Article → How to Use Offline Google Maps on Android or iPhone You can get offline maps in Windows 10, but what if you want offline maps on your mobile device and you're using an Android device or an iPhone or iPad? No worries. It's easy to download offline maps on those devices using Google Maps. Read This Article → Tired of Getting Your Credit Card Stolen? Use Apple Pay or Android Pay It seems to happen more and more often. A retail store is breached and loses its customers credit card numbers. Use Apple Pay, Android Pay, Samsung Pay, or another smartphone payment solution and you’d be immune to these breaches. Read This Article → Advertisement Download How to Control Windows 10: The Settings Guide The control panel, one of the most important interfaces in Windows, is being slowly retired. In its place, Microsoft has introduced a successor, a process that began in Windows 8 and continues in Windows 10 with the new Settings app. Download this eBook and get started learning about Windows 10 settings today! Click here to download