Monthly Archives: September 2013

Internet, Malware, Privacy, Security

NSA-Themed Ransomware

Leave a comment

Any time something catches the attention of huge numbers of Internet users, there’s a possibility that nefarious persons will try to make money from it. A famous actor has their phone hacked, a celebrity dies, or a whistleblower exposes the extent of NSA snooping, and the spam in your inbox suddenly has a new flavour… or worse.

Zscaler and other security researchers are reporting an increase in ransomware threats that are built on recent revelations of the NSA’s activities.

Ransomware works like this: you visit a web site that has been compromised and is serving malicious code. The code infects your computer, after which it becomes impossible to use your computer. Instead you see a full page threat from what appears to be the NSA, claiming that you have participated in unlawful activities (usually downloading copyrighted materials). You are told that you can pay up or face legal action.

If this happens to you, do not follow any of the instructions shown by the ransomware. Hire a professional to remove the malware or reinstall your operating system.

How to determine whether a warning is fake and ransomware:

  • No legitimate agency would use this tactic (at least not yet).
  • Awkward language and spelling mistakes in the warning.
  • Payment methods use third-party services.

Techdirt has additional details.

Adobe, Flash, Internet Explorer, Patches and updates

Another bug fix for ActiveX version of Flash

Leave a comment

Adobe released new versions of Flash for all platforms on September 10. A few days later, they released a new ActiveX version (11.8.800.174) to fix some bugs that were discovered in the previous release.

Today, Adobe released yet another ActiveX version of Flash to fix one more bug. The new version (11.8.800.175) is now available, but only via the Flash auto-updater.

For some unknown reason, Adobe has not posted the new version to the main download page, so anyone trying to update Flash in Internet Explorer by visiting this page will have no luck. According to Adobe, they hope to have version 11.8.800.175 available on the main download page on September 24.

Uncategorized

Windows 8.1 same price as Windows 8

Leave a comment

Microsoft has announced pricing and package information for Windows 8.1. The update was previously confirmed as being free for anyone already running Windows 8, but when purchased new, 8.1 will cost the same as Windows 8: $119.99 for the basic package, and $199.99 for the Pro version.

Unfortunately, while 8.1 will be available as a full package (unlike Windows 8, which was only sold as an upgrade), it will not be available in a form that will allow upgrades from Windows 7. So if you are considering upgrading from Windows 7 to 8.1, it will be a two step process: 7 to 8, then 8 to 8.1.

Ars Technica has more.

Microsoft, Patches and updates

Microsoft updates declining in quality?

Leave a comment

Given that the vast majority of Windows systems are configured to download and install updates automatically, it’s critical for Microsoft to ensure the quality of those updates. One seriously bad update could cripple millions of Windows computers.

Issues with several of the September 2013 updates, along with similar problems in recent months, are causing concern in the industry. ComputerWorld has an informative look at the recent problems.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

Internet Explorer flaw being actively exploited

1 Comment

Yesterday, Microsoft announced that they are looking into reports of a security vulnerability potentially affecting all versions of Internet Explorer. Apparently an exploit for this flaw exists and has been observed in the wild, targeting IE 8 and 9.

If you are using one of the affected browsers (likely all versions of Internet Explorer) and you visit a web site that has been compromised with malicious code that targets this vulnerability, an attacker might be able to execute arbitrary code on your computer remotely.

Microsoft issued security advisory 2887505 to warn and provide guidance to users. Workarounds include installing EMET and raising the security settings related to running ActiveX within the browser.

No patch for this vulnerability has yet been published by Microsoft, although there is a temporary ‘Fix-It’ solution available from Microsoft.

Update 2013Sep21: The SANS Internet Storm Center has been monitoring this issue. They have confirmed seeing related exploits in the wild. They also confirmed that Microsoft’s ‘Fix-It’ solution prevents these exploits, but only in 32-bit versions of Internet Explorer.

Update 2013Oct03: The developers of the controversial hacking toolkit Metasploit have released a module that exploits this IE vulnerability. This is likely to spur an increase in the number of attacks based on this vulnerability. Microsoft has yet to release a proper fix. If you use Internet Explorer for anything other than Windows Update, you should consider applying the temporary Fix-It solution or installing EMET (see above).

Firefox, Patches and updates

Firefox 24 released

Leave a comment

Most of the world considers a version increase from 23.x to 24 to represent a major release, with many new and changed features. Not so with Firefox. In the interest of marketing, Mozilla has tossed out anything resembling industry standards for naming Firefox’s version numbers.

Version 24 of Firefox fixes a few minor bugs and adds some very minor enhancements: nothing worthy of a major version increase. Version 24 does include several security fixes, which can be seen on the Security Advisories page.

I suppose it almost goes without saying by now, but the release notes and related announcements for Firefox still leave a lot to be desired (see my post about Firefox 23 for details).

Flash, Internet, Tools

Internet speed tests

Leave a comment

I’ve tried a lot of different broadband speed tests. Up until the last year or two, they usually agreed fairly closely when measuring my connection. Recently, the reported speeds have been much more diverse.

Why do the results vary so much? Is there a truly accurate test out there?

It turns out that most of the speed tests offered by Internet Service Providers (ISPs) are actually using the same Flash-based test, provided by a company called Ookla. I’ve read that Flash-based tests are all currently unreliable due to technical limitations in the current versions of Flash. Here’s an excerpt from the TestMy.net web site:

There is buffering between the application and the browser and throughput bursting due to CPU usage. Flash based tests need to make adjustments for this… rough estimate adjustments of up to 40 percent. How can the test be accurate if it’s being adjusted by 30-40% to offset an unknown variable.

Emphasizing this problem with Flash-based tests is my recent experience with very slow speeds from my provider, Shaw. Shaw’s own test showed results that match exactly what I’m paying for: 25 Mbps down; 2.5 Mbps up. This made no sense, since even basic web surfing was painfully slow. I reported the problem; Shaw eventually found the cause and fixed it. Everything went back to normal: web surfing was extremely fast again. But what did Shaw’s Flash-based test show? The same results as when speeds were clearly slow.

So I started looking specifically for non-Flash tests. I’ve found two HTML5-based tests that seem to be much more reliable and accurate than the Flash-based tests: SpeedOf.Me and TestMy.net. Both of these tests avoid the problems inherent in Flash-based tests. Both also offer additional features, such as comparisons with previous tests and other test results in your region and from your ISP, and graphs that show previous test results.

But my overall favourite is SpeedOf.Me, because it comes closest to showing the actual speeds I’m experiencing at any given time.

Here’s a list of the speed tests I’ve looked at: