boot13Minor bug fixes and stability improvements feature in the latest version of Opera, 39.0.2256.71. The full change log doesn’t list any security fixes, so this is not an urgent update unless you’re experiencing stability issues. For most users, Opera will update itself automatically.
Monthly Archives: September 2016
Recent Infosec highlights
It sometimes feels like news in the world of information security (infosec) is a never-ending tsunami. With the almost-daily reports of breaches, malware, phishing, vulnerabilities, exploits, zero-days, ransomware, and the Internet of Things (IoT), it can be difficult to identify stories that are likely to be of interest to typical computer users.
Stories about infosec issues that are primarily academic may be interesting, but they’re unlikely to affect most users. Sometimes the impact of a security issue is exaggerated. Occasionally the threat is later found to be nonexistent or the result of faulty reporting.
In the past, I collected infosec stories and wrote about the most interesting and relevant ones in a single month-end roundup. This helped to manage the load, but it introduced an arbitrary and unrealistic schedule.
Starting today, I will occasionally post a few selected infosec stories in a single ‘highlights’ article. Without further ado…
Don’t be a victim of your own curiosity
Researchers in Germany discovered that most people click phishing links in emails, even when they don’t know the sender, and even when they know they shouldn’t do it. Why? Curiosity, apparently. It doesn’t just kill cats any more.
Promising new anti-phishing technology
On a related note, there’s a new reason to be optimistic in the fight against phishing. A proof-of-concept, prototype DNS greylisting service called ‘Foghorn’ would prevent access to unknown domains for 24 hours, or until the domain is identified as legitimate and whitelisted. Hopefully Foghorn will prove effective, and become available for regular users in the near future.
Scope of 2012 breaches of Last.fm and Dropbox finally revealed
Popular Internet radio service Last.fm suffered a breach way back in 2012, but the details were not revealed until very recently. According to a report from LeakedSource, as many as 43 million user passwords were leaked, and the passwords were stored using very weak security. If you had a Last.fm account in 2012, you were probably instructed to change your password. If you didn’t do it then, you should do it now.
Massively popular file sharing service DropBox was also breached in 2012, but again, the complete details of the breach are only coming to light now: passwords for as many as 60 million Dropbox user accounts were stolen. The validity of this information has been verified by SANS and Troy Hunt.
The usual advice applies:
- If you have accounts for these services, change your passwords now, if you haven’t already.
- Avoid using the same password for more than one service or site.
- Use complex passwords.
- Use password management software so you don’t have to remember all those unique passwords.
Chrome 53.0.2785.89
The full change log for Chrome 53.0.2785.89 is another one of those browser-annihilating pages that you probably shouldn’t even try to load. Included in the boat-load of changes in Chrome 53 are thirty-three fixes for security vulnerabilities, making this an important update.
For most users, Chrome will automatically update itself, but given the number of security fixes, you should probably make sure. Click the funny little menu icon (three dots in a vertical line), then select Help > About from the menu. If Chrome isn’t already up to date, this should trigger an update.
There may be some interesting new features in Chrome 53, but the announcement doesn’t mention anything in particular. If anyone out there is patient enough to read the full change log and notices anything noteworthy, drop me a line to let me know, and I’ll update this post.