Although bt is an awesome resource for understnading how a system is vulnerable, how can i assess a system for java and flash vulnerabilities? A recent (May 2008) patch was eeded for adobe flash-but how did Mark Dowd find it?