The Flash technology has been very famous in the years 2000, and has been used profusely on many websites. Some of them were fully in flash, and would not open if Flash was not enabled. It was also Flash that was used for all the small video games playable in the browsers.
Flash has a bad reputation in terms of cyber security because it had a huge amount of security weakness, and it has been supplanted by new technologies (HTML5 mostly)
The Flash editor, Adobe, made the announcement years ago: Flash will be discontinued with an end of life (EOL) on December 31st 2020. The common browsers all announced that they will stop Flash plugin integration at the end of December 2020 or January 2021.
In short: soon we won’t be able to open Flash website or display Flash content.
The next ones: Silverlight and http
Silverlight has been the late competitor of Flash from Microsoft. This project has also been discontinued, and it is already difficult to make it work: for example Firefox, Chrome and Edge won’t be able to display it. You will have to use Internet Explorer 10 or 11 and manually install the plugin.
The EOL of Silverlight is October 12th 2021.
The http protocol (opposed to https which is secure) is the historical protocol of the web. It poses several structural security issues because the data is unencrypted and because you can’t guarantee the authenticity of the content or its origin.
That’s why all the web is going to https. The Internet giant are pushing toward this trend: for example since October 2020 Google Chrome blocks the download of http files from https links.
Some encryption methods are deprecated: TLS 1.0 and TLS 1.1. For this reason Google Chrome since October 2020 also blocks access to the websites using https with these certificates. You’ll get :
In the maritime sector
The Flash and Silverlight technologies have been used for the web interface of some tools: web interface for video surveillance for example, web interface to configure NAS file server …
The http protocol is also the only one available on many tools provided by product suppliers.
Every tool with a web interface can be concerned. The most at risk are the oldest and the ones infrequently used as the problem might not be anticipated and could be blocking in a critical situation.
You need to keep in your inventory of all systems the technology details used in their web interface, and find bypass strategies if the product supplier doesn’t have a solution.
Check your VDR interfaces, your manageable switches interface, your file server interfaces, your video surveillance interface, etc. and keep track in your inventories of the technology details of each web interface used onboard.
Ressources :
https://www.ncsc.gov.uk/blog-post/enterprise-patching-in-a-post-flash-world
https://blog.chromium.org/2020/02/protecting-users-from-insecure.html