The latest Flash vulnerability and monoculture

Peter Gutmann pgut001 at
Mon Jul 27 00:45:55 EDT 2009

"Perry E. Metzger" <perry at> writes:

>This highlights an unfortunate instance of monoculture -- nearly everyone on
>the internet uses Flash for nearly all the video they watch, so just about
>everyone in the world is using a binary module from a single vendor day in,
>day out.

There are quite a number of third-party video players that will render Flash
video, are these using Adobe codecs or third-party H.263/264/VP6 ones?  In
theory you don't actually need to run Adobe code to view FLV's, but given the
freewheeling nature of video players which often, um, borrow codecs from all
over the place, it's hard to tell what you're actually getting.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list