Yet another critical security flaw has been found for Adobe's notoriously sieve-like Flash plug-in, this time by Google Engineer Michele Spagnuolo. His exploit tool, called "Rosetta Flash" is just a proof of concept, but could allow hackers to steal your cookies and other data using malicious Flash .SWF files. The exploit is well known in the security community, but had been left unfixed until now as nobody had found a way to harness it for evil. So how does this affect you? Many companies like Twitter, Microsoft, Google and Instagram have already patched their sites, but beware of others that may still be vulnerable. Adobe now has a fix, and if you use Chrome or Internet Explorer 10 or 11, your browser should automatically update soon with the latest versions of Flash, 14.0.0.145 (check your version here). However, if you have a browser like Firefox, you may want to grab the latest Flash version from Adobe directly (watch out for unwanted add-ons with pre-checked boxes). Finally, if you use apps like Tweetdeck or Pandora, you'll need to update Adobe AIR -- that should happen automatically, but the latest version is 14.0.0.137 for Windows, Mac and Android.

Via: Krebson Security

Source: Michele Spagnuolo, Adobe

It's hard to learn to play the piano just by watching a video of a great pianist. Interactive learning is much more effective! oppia.org helps you make embeddable interactive educational "explorations" that let people learn by doing.

The second experiment, quietly announced on Google's Open Source Blog, was the launch of Oppia, a project that aims "To make it easy for anyone to create online interactive activities" that others can learn from.

Google's new open source project essentially aims to take the headache or mystery out of the process by providing the framework by which anyone can quickly create these types of interactive learning experiences and add them to their site.

In describing Oppia, Google says that one can think of it as a "Smart feedback system," which is an attempt to begin automating how we "Teach a person to fish" - to use its example.

On the technical side, Google says that it's based Oppia on an extensible framework, allowing developers to add their own inputs and extend the range of potential formats and types of responses that Oppia understands.

Explorations, as Google calls the lessons users can build through its system, that are created on an Oppia server can be embedded in any web page, and embeddings can "Refer to a particular version" of the exploration so that future changes don't mess with the principle version, Google explained.

As with many Google projects of this kind, it's not totally clear how much attention and support Google intends to throw at Oppia going forward.

The project's home page conspicuously says that Oppia is not officially a Google product, which would seem to imply that Google isn't planning to dedicate a ton of manpower or resources to the project.

More on Oppia at home here and in Google’s YouTube explainer below: