Scary experience with Tinypic + Flash

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
BlueEars
Posts: 3599
Joined: Sat Mar 10, 2007 12:15 am
Location: West Coast

Scary experience with Tinypic + Flash

Post by BlueEars » Mon Dec 26, 2016 6:14 pm

Here is what happened (long explanation): I've used Tinypic for years. A long time ago the URL information that was displayed by Tinypic to cut/paste was blacked out and I had to enable Flash to avoid this. In recent months whenever I put an image up like a chart for Bogleheads, I noticed that a new tab was opened in my Firefox browser with an advertisement that looked bogus. I just closed that tab. But just today I was preparing to post a chart here and went to Tinypic. It seems to require the Adobe Flash software and so I enabled that for this Tinypic app. I'm using the Shockwave Flash plugin that stops Flash except when you want it because apparently Flash is a notorious security issue.

When I tried to upload a JPEG file my Windows 10 computer (fully up to date) did this:
1) A web page came up with a "Microsoft like looking page"
2) A popup said to call a "Microsoft" 800 number because a virus was detected and Microsoft would disable my computer
3) An audio message said the same thing as #2, and kept repeating
4) I tried to capture the message with the snipping tool but then my screen froze and I lost all control

When #3 happened I was a bit alarmed but remembered hearing about this sort of fake out. But when #4 happened I was really alarmed.

So I hard shut the system down and rebooted. It came up fine. Then restarted Firefox. The same thing happened because the tabs just came up as in the previous session (no message asking if I wanted to restore tabs). So I restarted again. This time I brought Firefox up using the Run window command: Firefox -safe-mode . Doing this allowed me to avoid the old session and store a clean set of tabs for the next Firefox session.

The culprit? I think the problem was Tinypic's requirement to use Flash. If I do not do this the information for the URL to the upload image is blacked out i.e. Flash seems to be a requirement. Or is there something like a cookie for Tinypic that has been inserted? Any thoughts on how to use Tinypic and get around this problem?

Workaround? At this point I'm thinking I should just use another image hosting site. Any image hosting sites people prefer? I tried out Postimage and it seems to work fine.

dumbmoney
Posts: 2269
Joined: Sun Mar 16, 2008 8:58 pm

Re: Scary experience with Tinypic + Flash

Post by dumbmoney » Mon Dec 26, 2016 6:55 pm

Some sites will use flash if they detect you have it installed, otherwise they won't require it. So if you just disable flash you may be fine.
I am pleased to report that the invisible forces of destruction have been unmasked, marking a turning point chapter when the fraudulent and speculative winds are cast into the inferno of extinction.

normaldude
Posts: 719
Joined: Tue Jan 27, 2009 4:41 am

Re: Scary experience with Tinypic + Flash

Post by normaldude » Mon Dec 26, 2016 7:33 pm

I stopped using Tinypic back in 2010, and have been using Imgur.com ever since. Imgur has been great so far.

Many free services (including image hosting sites like TinyPic) are great for a few years. But at some point, they get sick of bleeding cash, and they start aggressively selling ads, or they sell their whole website to someone who will aggressively monetize the traffic.

Because of your post, I just visited TinyPic.com, and indeed, it has turned into pop-up advertising hell. I would avoid that place.

User avatar
BlueEars
Posts: 3599
Joined: Sat Mar 10, 2007 12:15 am
Location: West Coast

Re: Scary experience with Tinypic + Flash

Post by BlueEars » Mon Dec 26, 2016 7:37 pm

Normaldude, thanks for the tip. I'm glad you saw the same behavior so it's not likely something else on my system.

mnaspbh
Posts: 204
Joined: Fri Sep 09, 2011 12:26 pm

Re: Scary experience with Tinypic + Flash

Post by mnaspbh » Mon Dec 26, 2016 7:43 pm

I've seen several "free" image hosting sites (ones people have linked to from this site) try to serve ransomware or other malware via Flash exploits. Do not use Flash, at all, ever. It's just too dangerous. Adobe Acrobat Reader is also too dangerous to use, especially if it has any browser plug-ins.

Do a full system check for malware. Note that some malware (ransomware in particular) will hide for days or weeks before it starts up, in order to make it harder to correlate with an exploited site.

User avatar
BlueEars
Posts: 3599
Joined: Sat Mar 10, 2007 12:15 am
Location: West Coast

Re: Scary experience with Tinypic + Flash

Post by BlueEars » Mon Dec 26, 2016 7:54 pm

mnaspbh wrote:I've seen several "free" image hosting sites (ones people have linked to from this site) try to serve ransomware or other malware via Flash exploits. Do not use Flash, at all, ever. It's just too dangerous. Adobe Acrobat Reader is also too dangerous to use, especially if it has any browser plug-ins.

Do a full system check for malware. Note that some malware (ransomware in particular) will hide for days or weeks before it starts up, in order to make it harder to correlate with an exploited site.
I guess not using Flash at all will eliminate using Pandora or is there a workaround?

I have a payed copy of Malwarebytes running on my Windows 10 system. This also includes anti-exploit.

Dragline
Posts: 63
Joined: Mon Oct 26, 2009 11:25 pm

Re: Scary experience with Tinypic + Flash

Post by Dragline » Mon Dec 26, 2016 8:35 pm

BlueEars wrote:I guess not using Flash at all will eliminate using Pandora or is there a workaround?
In my browser, I switched Flash from "always enabled" to "ask to activate". This allows me to decide which sites get to use Flash and which don't. With this setup, Flash will be blocked by default, but you have the option to activate it on sites you trust (like Pandora).

For what it's worth, I use Firefox but assume that other browsers have this capability as well.

User avatar
BlueEars
Posts: 3599
Joined: Sat Mar 10, 2007 12:15 am
Location: West Coast

Re: Scary experience with Tinypic + Flash

Post by BlueEars » Mon Dec 26, 2016 9:45 pm

That is what I'm doing. Using a plugin to selectively enable Flash. As I documented above, it doesn't always protect you if the site is screwed up.

Pandora has not yet shown a problem. But could it?

dumbmoney
Posts: 2269
Joined: Sun Mar 16, 2008 8:58 pm

Re: Scary experience with Tinypic + Flash

Post by dumbmoney » Tue Dec 27, 2016 1:35 am

Dragline wrote: In my browser, I switched Flash from "always enabled" to "ask to activate". This allows me to decide which sites get to use Flash and which don't. With this setup, Flash will be blocked by default, but you have the option to activate it on sites you trust (like Pandora).
That's convenient, but if you do that, then sites will detect you have flash, which will sometimes give you flash when it's not required (that is, the site may require flash only if it thinks you have it).
I am pleased to report that the invisible forces of destruction have been unmasked, marking a turning point chapter when the fraudulent and speculative winds are cast into the inferno of extinction.

Post Reply