Stop Using The SARS Browser Immediately!

Flash was Dead 15 years go


The year is 2005, I am sitting in Computer Science class which is a triple period. Our class of only 5 students, requires a decent amount of time to create, run and test code for the programs that we were writing.


After recently completing a piece of software that analyses vehicle movements at traffic lights and adjusts the mean time on each stage to speed up the stop time of each lane and therefore decrease traffic stand still, I decided to reward myself and develop a basic arcade game that I had been trying to get around to.


The game is simple, car racing in 2D against the computer that was set to always beat you, unless you identified and corrected your weaknesses which it exploited. Weaknesses such as gear changing, granny shifting, clutch handling, corner handling, basically everything the Stig does to perfection, you had to match!


Next Question,


what platform should I develop this game on. I just compiled the Traffic light analyser on C+, using Delphi but this game was too image intensive to build in C+, so Adobe Flash would be the direction to go.


Flash was currently in its peak, running on all websites, across the globe, hosted anywhere, flash would run on almost anything. But why was it not enabled by default in any of the available web browsers at the time?


I asked my teacher what his opinion on it was, assuming that flash was blocked at a firewall or proxy level at my school due to all the students coming in and streaming Flash movies.


What my teacher explained back then, shaped my future of Flash use forever.


He told me that Flash allowed programs free reign over any windows service, driver, and software, basically handing over complete admin privileges at simple click. He explained that he did not anticipate Flash hanging around for long as technology surges forward, it would soon be forgotten as most enterprise would bolster that movement to eradicate it from the tech scene.


I ended up building my game in Java, in case you were wondering at it was TERRIBLE!


Skip forward 12 years


to 2017 after almost all browsers have blocked Adobe Flash from running natively, and therefore forcing Adobe to announce the shutdown of Adobe Flash with 3 years runway for anybody still utilising it to make the shift to Html or Java, which almost everyone had already done anyway as Html and Java were already secure, efficient and lightweight compared to Flash so made more sense to move to html anyway…


Well apparently, no one told SARS this. yes, the South African Revenue Service, basically the only department of our government that operates as close to a well-oiled machine as we would like to admit, but I mean come on, politicians would not allow anything to happen to their converted revenue stream, how else would they pay for their flashy sports cars and oversees vacations if no one was collecting the money?


SARS began migrating documents to Java and Html too late, with reports of the migration starting as early as 2018 and some stating that nothing had been done until late 2020. WHO’s to know what the truth is.


All we know for now, is that System Administrators have been warning against the use of Flash from as early as 15 years ago, why SARS thought it would be a good idea to use Flash in the first place, is a complete enigma.


12 January 2021 and Flash is officially dead.


Yet SARS refuses to engage in that first step of grief and admit that its dead and will never ever rise again.


Denial is a dirty thing, it forces people to make grave mistakes, persuaded by manipulating themselves into believing wrong information.


SARS launches their own Web browser with Adobe Flash embedded and running by default, stating it is a temporary solution to mitigate some bugs which were not addressed during the migration from Flash to HTML and Java.


There is a reason why Adobe, the creator of Flash decided, 3 years ago, that it would not be a viable platform to run any code base on and should not have been in existence this long to begin with, that reason is, as I stated before, security.


The SARS browser, as many security experts can attest, is plagued with bugs and more importantly, vulnerabilities, mainly due to the Flash Engine, and SARS have not reported any end in sight, stating that it is, indeed, interim, but in my opinion, creating an interim solution instead of resolving the main issues, with millions of users relying the interim solution will cause mass confusion, and cyber terrorist thrive on mass confusion.


Denial is often accompanied with delusion and SARS is no exception.


SARS expect to complete the migration to Java and Html but they have not released how much of it is in html already and how much of the data is not. Some analysists are reporting that none of it is in HTML yet, looking at system resources of the browser itself as well as data packet inspection. (which should be encrypted but alas, one issue at a time.


Poor planning, lack of industry knowledge and staff / executive incompetence is to blame.


The Catch-22 is, as any IT Compliance officer will inform you, according to the POPI Act, the onus is on each individual business to ensure that their data is safe, secured, and redundant i.e. Adequately replicated.


Yet, that is simply not attainable if the software the revenue service is requesting you to use is unsecure, transferring all private information over unencrypted protocols and channels, therefore putting your entire business data at risk and inevitably thrusting your business into POPI incompliance.


In staying with true south African culture, the responsibility is now yours to ensure that your data is safe, ESPECIALLY using a thrown together web browser with a long since deprecated code engine for the purposes of delivering data by any means and ways possible through an unencrypted tunnel in the goal of separating you from the money which needs to be paid to government.


So what can you do?


First things first, ensure that you are running a good anti-virus, something you have paid for will be perfect. Windows Defender is good, but it really thrives when its working in a team with a professional AV.


The second option is to try and submit your returns and documents via phone call, email or physical cashier at a SARS office if at all possible and avoid the browser at all costs. Obviously if you are running a fortune 500 or anything close than I understand that’s not always feasible but then at least ensure you have good IT guy who can confirm that your data is backed up and a decent Firewall and Antivirus is being utilised.


For now, those are the only 2 options we can offer, but as more information becomes available, you can rest assured that we will keep in touch and offer more assistance.


If you require any assistance on the IT side, such as backups and antivirus, be sure to give us a call at RandTech IT. The pros will be more than happy to assist you with 15 years of experience in the South African IT sector, utilising international standards and technologies to analyse, manage and operate client and cloud networks, there really isn’t anyone else who can come close to the expertise we  offer!


Feel free to share this information onwards:

Share on facebook
Share on google
Share on twitter
Share on linkedin

Leave a comment

Your email address will not be published. Required fields are marked *