Eideard

A legal challenge has been launched in the US against a number of websites amid claims that they were engaged in “covert surveillance” of users. The lawsuit alleges that a number of firms, including Hulu, MTV, and Myspace, used a Quantcast Flash application to restore deleted cookies…

The lawsuit says that the application was creating so-called “zombie cookies” from deleted files.

Quantcast has not responded to a BBC News request for comment.

The term “zombie cookie” was coined after the issue of traditional browser cookies being undeleted by Flash was brought to light in a 2009 paper by US researchers.

The study found that more than half of sites surveyed used flash cookies to store information about the user, with some using it to “respawn or re-instantiate cookies deleted by the user”…

However, while most browsers have simple commands to delete text cookies, Flash cookies are neither listed nor controlled by the browser…

Graham Cluley, senior technology consultant at the internet security firm Sophos, told BBC News that the source of the trouble was Adobe Flash itself, which he called “one of the weirdest programs on the planet”.

“I think it’s highly unlikely that these large companies have abused Flash cookies – which are different from browser cookies – with malicious intent,” he said. “I think it’s much more likely that the vast majority of users are simply oblivious to the bizarre way in which Adobe allows them to configure the software…”

The security settings for Flash are hosted on Adobe’s own website, rather than your own computer. …These settings are changed by logging onto Adobe’s website, right-clicking on a Flash object and selecting “Global Settings” and then adjusting the security settings via the “Global Privacy Settings” panel.

Golly gosh. Seems thoughtful and easy to me. I can come up with a spare hour or two – just to diddle with Flash cookie settings over at Adobe’s website. Every day!

UPDATE: Predictably, Adobe is a royal PITA. I went to the adobe.com website and logged-in. Fortunately, I’m still registered there from days of yore.

I have no idea – yet – whether this worked; but, it just moves me one-click closer to the Steve Jobs camp on “Flash is useless crap”.

Microsoft Corp joined archrival Apple Inc in criticizing Adobe Systems Inc’s widely used Flash multimedia software, creating a rare bond among the two computing giants.

Apple Chief Executive Steve Jobs sharply criticized Flash, which is used to produce videos and games for many Internet sites on Thursday. Apple has banned Flash from its iPhone and iPad.

A Microsoft executive pitched in later that day, saying while the ubiquity of Flash makes it easy for consumers to access video on the web, the standard has flaws.

“Flash does have some issues, particularly around reliability, security and performance,” said Dean Hachamovitch, general manager for the Internet Explorer browser.

He said that Microsoft is backing the same protocols for delivering multimedia content over the Web that Apple is promoting, a group of standards known as HTML5.

But Microsoft was more conciliatory toward Adobe than Apple, saying it works closely with Flash engineers to help fix bugs that it finds in the product.

Steve Jobs, by comparison, said in his open letter that it is time for the industry to move beyond Flash.

Which is what Microsoft said when it became time to move beyond DOS. When a “standard” not only doesn’t progress; but, holds back development of improved standards and protocols – it’s time to move on.

Cripes, I’m sitting here constructing this Post with a browser that has a plug-in to block Flash. I ain’t exactly alone.

That sure was quick: It appears that Adobe has thrown in the towel on further investment in their iPhone-specific Flash developer tools, before they’re even released.

According to Engadget, Adobe’s Flash Packager for iPhone — which converts Flash applications into iPhone ones using something out of the black arts (we suspect) — has had a screeching halt in its development cycle and the company won’t be throwing further financial resources at the project.

As you’ll recall, one of the new developer rules in the iPhone OS 4.0 SDK forbids the use of code written with non-approved tools — which certainly includes the bad magic that Adobe hoped to unleash to its Flash developers to help them port their Flash apps over to the iPhone OS.

Rather than fight a losing battle with Apple, Adobe has effectively waved the white flag in surrender. Principal Product Manager Mike Chambers announced that, while the Flash Packager for iPhone will still ship as part of next month’s Creative Suite 5 as planned, they won’t continue to throw money down a black hole by developing it any further.

They could always return to programming media tools for DOS. Or CP/M.

Microsoft claims third-party applications are now a bigger security threat than its own software.

The company was speaking following the launch of its latest Security Intelligence Report, an annual compilation of security trends and threats. Cliff Evans, security and privacy lead at Microsoft UK, says third-party developers are being increasingly targeted by malware writers. Only 5.5% of browser-based exploits target Microsoft software on Windows Vista machines, although that figure rises to 40.9% on Windows XP…

The report points the finger squarely at Adobe, which saw attacks on its PDF format rise sharply in the second half of 2008, according to Microsoft.

Microsoft’s claims the vast majority of attacks on its own software are exploiting unpatched applications: 80.3% of the successful attacks on Office 2003 were found on machines that were still using the RTM software, for example.

Has Microsoft considered enforcing security updates on users of its own products? “Someone like me might say yes,” said Ed Gibson, chief cyber security advisor at Microsoft UK. “The problem with that is how do we then work with major enterprise companies who have written specific applications for their particular needs and they feel they have to do testing on security updates. They wouldn’t want to have those updates forced on them.”

Gibson admits the malware writers are blatantly ripping off the look and feel of Microsoft and third-party security products to give their malware an air of authenticity. “They’ve definitely become cleverer in terms of their approach,” he said. The fake software is largely emanating from Western countries such as the US and Spain. “Organised crime is using that [virus attacks] as a scare tactic to give you pop-ups that look legitimate,” he warned.

He said the company was working with law enforcement agencies to hunt down the perpetrators.

As much as I agree with all of the OS producers about unpatched 3rd-party software – and just plain buggy, uncertified 3rd-party software – Apple and Ubuntu and others have proved their OS can have security regeimens built-in that are robust and sufficient for the average user.

Adobe has made a move into online document sharing with the launch of the Acrobat.com community site. It allows people to create, store and share documents online, and hold web conferences to discuss changes.

Those using the service get access to the Buzzword word processor that lets them create basic text documents. Document creators can store their files on the site and invite others to collaborate, read or comment.

It also allows the creation of web conferences so co-authors can collaborate on and discuss a document in real time.

Online communities are so darling. I think I’ll start one for geeks who prefer lemon-scented canned air.

No huffers, please.