Happy Thanksgiving to all our US readers.
We hope you have a great day today, and we hope that you’ll have a good time on Black Friday and Cyber Monday, too.
In particular, we hope you stay clear of spammers, scammers, skimmers and the many cybercrooks who make a living out of getting between customers and retailers and helping themselves to your data (and your money) during the holiday season.
With that in mind, we’ve published these pieces this week:
- Tuesday November 22: Black Friday: What to watch out for when you hit the stores.
- Wednesday November 23: Cyber Monday: What to watch out for when you hit the web.
- Thursday November 24 2016 (Thanksgiving Day): Facebook Live Video: Don’t be a security turkey this Thanksgiving.
Thanks to everyone who tuned in for our Facebook Live video, or who watched it later, and to everyone who has liked it, loved it and shared it.
We hope it gives you the encouragement to keep security in mind now and in the future.
As we put it in the video:
Computer security is a bit like quitting smoking. You don’t go to a “quit smoking” day so you can have one day off. You go because you want to make a change in your lifestyle that will let you stop smoking forever. What we’re hoping is that our advice is general enough that it will help you specifically this weekend, but that it will also show you you can live life without taking some of the risks that you may have thought necessary in the past. Sort of, “2% less fun; 98% more security”, if you want to put it that way.
We talked about some of those lifestyle changes in the video, so if you haven’t watched the video yet, here it is:
Have a great weekend, and remember, when it comes to personal information, online or in the store: “If in doubt, don’t give it out.”
Walter North
I thought it was sort of ironic that it is apparently published using flash …
Paul Ducklin
Facebook stopped using Flash for videos about a year ago:
https://nakedsecurity.sophos.com/2015/12/22/facebook-moves-videos-away-from-flash-onto-html5-for-all-browsers/
https://code.facebook.com/posts/159906447698921/why-we-chose-to-move-to-html5-video/
That covers videos on Facebook itself, and videos embedded in other sites, like here.
FWIW, even if I deliberately install Flash on macOS and enable it in both Firefox and Safari, both browsers still use HTML5. So I am pretty sure you are mistaken.
Steve
The Frame Info shows this URL as “Embed” under Media:
https://www.facebook.com/rsrc.php/v2/yo/r/aMgPcflyLWh.swf
And lists the media type as Shockwave Flash.
Mark Stockley
The iframe contains an video element and inside that is an embed element. The video element references the HTML5 video via its “src” attribute. The embed element references a SWF (Flash) file, as you say.
This arrangement – embed within video – is a way of providing a SWF file as a fallback if your browser doesn’t know what to do with an HTML5 video element or can’t interpret the video’s encoding. The SWF file will only come into play if you have Flash installed and enabled, and your browser is unable to play the HTML5 video for some reason.
The HTML elements mentioned here, indeed everything within the iframe, is the preserve of Facebook and beyond our reach (just as the internals of a YouTube video player are).
Is your browser actually playing the SWF file? If it is, and if you’d care to share, I’d be interested to know what browser and OS you’re using.
Steve
This is a bit puzzling. When I posted that comment, I was on my desktop PC at work. As a resident contractor in a secure facility, my only internet access is via a guest wifi connection with rather strict (but reasonable) security. Now I am on my desktop PC at home. Here, when I right-click on the video, I get a menu of options to Play, Mute, or Show video URL – as normal for an HTML5 video. But at work, I didn’t get that; thus I went to look for the info as I was curious after reading the comment from Walter North and Duck’s reply. I did not attempt to play the video at work.
So why am I puzzled? Because both PCs are running Windows 7 and Mozilla SeaMonkey, with Flash installed but set for click-to-activate on both systems. *shrug* Yet another PC mystery!
Paul Ducklin
What happens if you set it to “Bever activate” (so the browser doesn’t consider it an option) or temporarily uninstall Flash? Do you get an HTML5 video or a box saying that you need the Flash plugin?
Steve
I don’t have the option to “Bever activate”, or even “Beaver activate”! ;) But intend to try a full disable if I find time when I return to work Monday. And I’m about ready to try complete removal as a permanent change, if things go well with the disabled Flash.