SARS launches its own Internet browser to solve Flash problems

This shouldn't be such an unsecure browser, the official parnter to take over support for this from Adobe is Harman and this simply looks like the packaged browser solution that they offer specifically to companies in this postion. SARS didn't do anything themselves, they just paid for this: https://services.harman.com/partners/adobe

Probably why their terms of service also reads: "and its use is strictly governed by a license agreement licensing SARS to provide the functionality to its taxpayers and traders"
 
This shouldn't be such an unsecure browser, the official parnter to take over support for this from Adobe is Harman and this simply looks like the packaged browser solution that they offer specifically to companies in this postion. SARS didn't do anything themselves, they just paid for this: https://services.harman.com/partners/adobe

Probably why their terms of service also reads: "and its use is strictly governed by a license agreement licensing SARS to provide the functionality to its taxpayers and traders"
Sorry see someone else said the same, pulled a SARS and rocked up a bit late here
 
This is so idiotic I don't even know where to begin. This is like saying my car needs new tires. But I can't change my tires now for whatever reason so instead I will build a new road made of rubber, so that I can keep driving on these tires.

The the stupidity. I will not enter a single detail on that web browser.
I don't doubt that it's as safe as flash currently. The issue is its mere existence is putting non-savvy people at risk. Apart from that it's just going to be a strain on resources and system bloat.
 
This shouldn't be such an unsecure browser, the official parnter to take over support for this from Adobe is Harman and this simply looks like the packaged browser solution that they offer specifically to companies in this postion. SARS didn't do anything themselves, they just paid for this: https://services.harman.com/partners/adobe

Probably why their terms of service also reads: "and its use is strictly governed by a license agreement licensing SARS to provide the functionality to its taxpayers and traders"
Good find
 
This shouldn't be such an unsecure browser, the official parnter to take over support for this from Adobe is Harman and this simply looks like the packaged browser solution that they offer specifically to companies in this postion. SARS didn't do anything themselves, they just paid for this: https://services.harman.com/partners/adobe

Probably why their terms of service also reads: "and its use is strictly governed by a license agreement licensing SARS to provide the functionality to its taxpayers and traders"

Yeah, in all it's a "kludge" workaround, but at least props to them for finding "a" solution. It's not the best, but I think all the drama about it being insecure, etc yada yada yada is much ado about nothing.

Flash didn't suddenly become insecure after December 2020, and it was used by millions of people until it got dropped in the major browsers.

They have a partner that seems intent on providing continued support to enterprise customers under the agreement, and the browser is Chromium -- effectively used by millions around the world.

There are still IBM mainframes and COBOL and RPG/400 running under extended maintenance agreements as well. There are still ATM's running Windows XP under extended corporate support agreements but nobody is losing their underwear about that...
 
Yeah, in all it's a "kludge" workaround, but at least props to them for finding "a" solution. It's not the best, but I think all the drama about it being insecure, etc yada yada yada is much ado about nothing.

Flash didn't suddenly become insecure after December 2020, and it was used by millions of people until it got dropped in the major browsers.


They have a partner that seems intent on providing continued support to enterprise customers under the agreement, and the browser is Chromium -- effectively used by millions around the world.

There are still IBM mainframes and COBOL and RPG/400 running under extended maintenance agreements as well. There are still ATM's running Windows XP under extended corporate support agreements but nobody is losing their underwear about that...

Flash is vulnerable,


the main purpose behind Harman providing these services it to allow transitional Flash content migration to alternate technologies. I believe this is also what Adobe conveyed in their press release.

Flash was a targeted technology, and now that Harman will assist entities under license to allow end user distribution with Flash content this may become another attack vector, it is an opportunity, especially in a closed ecosystem. An attack on the SARS browser can be orchestrated, however, access is still required where other vulnerabilities apply. This would apply to any other organisation which is in a transitional phase.

I am sure Harman aren't liable. It is an Adobe technology declared EOL and Adobe strongly recommend uninstalling the product. I don't know the terms between Harman and their customers, but organisations who aren't planning to transition may run into consequences.

It isn't simply yada yada yada is much ado about nothing.

Anyway, here is Adobe's enterprise guideline,


Adobe stopped supporting Flash Player beginning December 31, 2020 (“EOL Date”), as previously announced in July 2017. In addition, to help secure users’ systems, Adobe blocked Flash content from running in Flash Player beginning January 12, 2021. Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.

For general information on Flash Player’s EOL, please see our general FAQ.

To help our enterprise customers mitigate Flash Player support and security concerns, we are implementing the following features:

Flash content will be blocked

To help secure users’ systems, Adobe blocked Flash content from running in Flash Player beginning January 12, 2021.

Please note, major browser vendors have and will continue to disable Flash Player from running after the EOL Date. Major browser vendor support for Flash Player will vary by browser company. To learn the latest details, please visit the below sites hosted by these major browser vendors:

Commercial support options available

For enterprise customers that need help transitioning their Flash content to other supported technologies or require Flash Player licensing support after the EOL Date, please contact our official distribution licensing partner, HARMAN, for more information about their commercial support offerings.

HARMAN is the official enterprise distributor for Flash Player and enterprises should contact Harman to discuss Flash Player support and Flash Player security updates after the EOL Date. HARMAN has a long-standing history as a Flash partner, maintains knowledge of the Flash Player platform and ecosystem, and is well-positioned to help enterprises through this transition given more than a decade of experience.

Potential services provided by HARMAN may include, but are not limited to:

  • Transitioning Flash content to alternate technologies.
  • Creating custom downloadable applications that will load specified Flash content for end user distribution.
  • Providing updated Flash Player installers that will allow Flash to run with compatible browsers in an internal environment.
Enterprise enablement support

Adobe strongly recommends that customers only use the most secure and up-to-date versions of Flash Player, which will only be supported after the EOL Date from HARMAN. However, enterprise administrators have the option to enable domain-level allow list support via Flash Player configuration files in the latest versions of Flash Player made available by Adobe only on browsers that have not disabled Flash Player. Using this option, enterprise administrators are able to specify the domains where Flash playback is allowed. Full details can be found in our Flash Player Administration guide (see ‘Enterprise Enablement’ section).

Any use of the domain-level allow list after the EOL Date is strongly discouraged, will not be supported by Adobe, and is entirely at the user’s own risk.

Prompting users to uninstall​

Even though many browsers have disabled Flash Player and Adobe blocked Flash content from running in Flash Player beginning January 12, 2021, we began taking additional steps to help secure users' systems by prompting them to uninstall Flash Player starting in October 2020. Please note that Flash Player’s ability to run may be dependent on browser support so please check with the appropriate browser vendor for more details. 

To help secure users’ systems, Adobe strongly recommends removing unused components promptly. However, enterprise administrators can suppress Flash Player uninstall prompts by setting preferences available in the Flash Player configuration files. If you choose to suppress the uninstall prompt, this is entirely at the user’s own risk. Full details on the uninstall prompt settings and uninstalling Flash Player can be found in the Flash Player Administration guide (see ‘Suppressing EOL Uninstall Prompts’ section).

Will Flash Player still work after the EOL Date?

Adobe blocked Flash content from running in Flash Player beginning January 12, 2021 to help secure users’ systems.

This can be overridden by using the domain-level allow list functionality available in Adobe’s latest release of Flash Player.

Any use of the domain-level allow list after the EOL Date is strongly discouraged, will not be supported by Adobe, and is entirely at the user’s own risk. Please see the Flash Player Administration guide (see ‘Enterprise Enablement’ section) for details. We strongly recommend enterprise customers contact our official distribution licensing partner, HARMAN, for more information about commercial support offerings after the EOL Date. After the EOL Date, Adobe will not issue Flash Player updates or security patches.

Which browsers will still load Flash Player after 2020?​

Please note that Flash Player’s ability to run is dependent on browser support so please check with the appropriate browser vendor for more details. To learn the latest details, please visit the below sites hosted by these browser vendors:
Will Adobe make Flash Player available for download after 2020?

No. Adobe will remove Flash Player download pages from its site after the EOL Date. Adobe blocked Flash content from running in Flash Player beginning January 12, 2021. Enterprise customers that need Flash Player support or licensing after the EOL Date should contact our official distribution licensing partner, HARMAN, for more information about commercial support offerings.

UPDATED : January 13th, 2021
 
Flash is vulnerable,


the main purpose behind Harman providing these services it to allow transitional Flash content migration to alternate technologies. I believe this is also what Adobe conveyed in their press release.

Flash was a targeted technology, and now that Harman will assist entities under license to allow end user distribution with Flash content this may become another attack vector, it is an opportunity, especially in a closed ecosystem. An attack on the SARS browser can be orchestrated, however, access is still required where other vulnerabilities apply. This would apply to any other organisation which is in a transitional phase.

I am sure Harman aren't liable. It is an Adobe technology declared EOL and Adobe strongly recommend uninstalling the product. I don't know the terms between Harman and their customers, but organisations who aren't planning to transition may run into consequences.

It isn't simply yada yada yada is much ado about nothing.

Anyway, here is Adobe's enterprise guideline,


I don't see how it's more vulnerable than it was before it was announced EOL/2020, when people still enabled for a specific site to do their e-filing. Visiting random sites in Chrome pre-december would ask the user to enable flash, and consider the implications.

Now, we have a sandboxed browser that only allows access to sarsefiling.co.za that has flash enabled.

It's not the best solution, but it's not the worst either considering that it was standard practice to enable flash for sarsefiling before Dec 2020

But I will rephrase my prior comment to say that "flash isn't suddenly MORE vulnerable".

When used on the e-filing site....
 
Oh well, what do they suggest when you don't own a windows device?
I'd like a reduction on that expense please if I'm forced into windows
 
I don't see how it's more vulnerable than it was before it was announced EOL/2020, when people still enabled for a specific site to do their e-filing. Visiting random sites in Chrome pre-december would ask the user to enable flash, and consider the implications.

Now, we have a sandboxed browser that only allows access to sarsefiling.co.za that has flash enabled.

It's not the best solution, but it's not the worst either considering that it was standard practice to enable flash for sarsefiling before Dec 2020

But I will rephrase my prior comment to say that "flash isn't suddenly MORE vulnerable".

When used on the e-filing site....

I agree, but the general point I am getting at is that SARS needs to transition. Their sandbox may become victim to a purposed attack vector in the time to come. This interim, or temporary solution, cannot become the new standard. They need a clear vision now; the previous public made known strategy plan was a circus.
 
I don't see how it's more vulnerable than it was before it was announced EOL/2020, when people still enabled for a specific site to do their e-filing. Visiting random sites in Chrome pre-december would ask the user to enable flash, and consider the implications.

Now, we have a sandboxed browser that only allows access to sarsefiling.co.za that has flash enabled.

It's not the best solution, but it's not the worst either considering that it was standard practice to enable flash for sarsefiling before Dec 2020

But I will rephrase my prior comment to say that "flash isn't suddenly MORE vulnerable".

When used on the e-filing site....
Personally I think it adds more of a social-engineering risk than just a technical one,anything needing a suggestion to "download our browser" is likely to be abused easier
 
Personally I think it adds more of a social-engineering risk than just a technical one,anything needing a suggestion to "download our browser" is likely to be abused easier

For an attack vector, it is quite the possibility. To negate this is simple user training.
 
These companies that say they are going to discontinue something and then actually stick to the date and don't delay it 5 times before failing to discontinue it are ridiculous. Who does that really...
Send the toi toi team to adobe.
 
Intikhab Shaik, head of technology and solutions delivery at SARS, told Bruce Whitfield that SARS did not expect Adobe would “actually block” Flash Player from working. :unsure: :rolleyes:
 
They should give us a cloud desktop environment running Windows that we can log into for Apple/Linux. Then I'll really feel like this is going well.
 
Back
Top