Flash logo

In a letter sent today, Oregon Senator Ron Wyden asked officials from three government agencies to come up with solutions and procedures that mandate the removal of Adobe Flash content from all US government websites by August 1, 2019.

The Senator is urging US government officials to act in light of Adobe's Flash end-of-life date scheduled for the end of 2020, after which Adobe announced it would cease to provide any technical support for the software.

Trying to avoid another Windows XP fiasco

Senator Wyden is hoping to avoid a situation like the one of Windows XP, which US government agencies still use, despite Microsoft retiring the operating system back in 2014.

"The federal government has too often failed to transition away from software that has been decommissioned," Wyden wrote in his letter.

The Senator points out Flash's "serious, largely unfixable cybersecurity issues" as one of the reasons US government sites should take proactive steps from removing this technology of its sites even before the cut-off date, after which Adobe won't provide any security fixes at all.

Wyden would like that officials would:

›   Mandate that government agencies shall not deploy new, Flash-based content on any federal website, effective within 60 days.
›   Require federal agencies to remove all Flash-based content from their websites by August 1, 2019.
›   Require agencies to remove Flash from desktop computers by August 1, 2019.

For the last point, the optimal plan, Wyden suggests, is that officials create a pilot program to remove Flash from the PCs of a small number of employees by March 1, 2019, and from all computers by August 1, 2019.

The letter, which you can read in full here, is addressed to the heads of the US National Institute of Standards and Technology (NIST), the National Security Agency (NSA), and the Department of Homeland Security (DHS).

Wyden previously asked that federal agencies use ad blockers

Last year, Senator Wyden also urged in a similar letter that US agencies deploy ad blocking technologies to prevent malware delivered via malicious ads (malvertising) from infecting government networks.

In another letter, he also urged Department of Defense officials to encrypt their websites by deploying technologies like HTTPS and HSTS (HTTP Strict Transport Security).

Speaking at a conference in February, Parisa Tabriz, Director of Engineering at Google, said the percentage of daily Chrome users who've loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018.

According to web technology survey site W3Techs, only 4.9% of today's websites utilize Flash code, a number that has plummeted from a 28.5% market share recorded at the start of 2011.

Related Articles:

US offers up to $15 million for tips on ALPHV ransomware gang

US sanctions crypto exchanges used by Russian darknet market, banks

US sanctions APT31 hackers behind critical infrastructure attacks

Flipper Zero makers respond to Canada’s ‘harmful’ ban proposal

Chinese Earth Krahang hackers breach 70 orgs in 23 countries