Speaking of flash bugs, did anyone read slashdot today? They've got a
story on *finally* finding the exact vector of the RSA intrusion: someone
at the parent co. got an attached .xls file, and in the spreadsheet was an
embedded flash video that actually used a known vulnerability to install
malware.
As the guy in the original story asked, why would you want to embed a
flash video in a freakin' spreadsheet?
Flash is dangerous. Treat it that way. I've got noscript, and the only
flash I see are ones *I* explicitly choose to watch.
mark