Following the news that Amazon has revealed it will no longer accept advertisements that use Flash after September 1, Tim Erlin, director of security and risk at Tripwire says “This is driven by recent browser setting updates from Google Chrome, and existing browser settings from Mozilla Firefox and Apple Safari, that limits Flash content displayed on web pages. This change ensures customers continue to have a positive, consistent experience on Amazon, and that ads displayed across the site function properly for optimal performance.”
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of IT Security and Risk Strategy at Tripwire :
“While it may seem obvious that Amazon’s decision was made with security in mind, it’s not necessarily true. With more and more users disabling Flash or using a ‘click-to-play’ setting in their browser, Flash-based ads simply aren’t being seen as effectively. After all, who specifically enables Flash to view a banner ad?
This is an example of security driving a meaningful change in the industry. While Amazon may not be directly concerned about the vulnerabilities in Flash, enough users (and browsers) have disabled it because of security to effectively force a change from Amazon. If other advertising networks follow suit, it will force attackers to move to a different, and hopefully less effective, platform for malvertizing.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.