In fact, two new versions of the Webkit-based Opera browser were released recently. I missed both of them because Opera moved their announcement blog to blogs.opera.com/desktop.
Version 18.0.1284.63 was released on December 6. It includes fixes for GMail compatibility issues.
Version 18.0.1284.68 was released on December 16. It fixes several crashing issues.
(Correction: the original title of this post indicated that online shoppers were affected. In fact, according to Target, only customers who used credit cards for in-store purchases are at risk.)
… then you should consider cancelling the credit card you used. Data for as many as 40,000 credit cards, stolen from Target servers in early December, is already appearing on black market sites. Target says card numbers, names and expiry dates were taken, not the associated security codes, so the numbers can’t be used just anywhere. But they will be used, since not all retailers use the security code.
Update 2013Dec29: Brian Krebs of krebsonsecurity.com did some digging and has almost certainly identified one specific individual who is selling card data stolen from Target. His name is Andrey Hodirevski, and he’s been in this shady business for a while in the Ukraine. It’s not clear whether he stole the card data from Target, but he’s selling it so he probably knows who did. It will be interesting to see how this plays out…
Update 2014Jan01: Now Target is saying that PIN codes were stolen along with the rest of the card data. They insist that since the PINs are encrypted, they are of no use, but Target should not have been storing PINs in any form.
Update 2014Jan11: Target now says that additional personal information on 70 million customers was also stolen by the same attackers. This information includes names, mailing addresses, phone numbers and/or e-mail addresses.
Update 2014Mar29: Trustwave, the company that provides PCI compliance services to Target, is being sued by two banks that suffered losses in relation to the Target breach.
Additional information from Ars Technica:
Windows XP computers with autoupdate enabled are taking longer and longer to boot. Microsoft has discovered a flaw in Windows Update that is slowing down the update process. As the list of available patches for Windows XP has grown over the years, the delays have increased exponentially. Microsoft tried to fix this flaw with recent updates to little effect. Ars Technica has more.
SANS reports on a holiday-themed scam email showing up in inboxes recently. This one purports to be from a major retailer such as Costco or Walmart, and tries to trick the recipient into clicking a link related to a phony undelivered package.
If you receive such an email, just delete it. If you think the message may be legitimate, don’t click the link; contact the retailer by telephone or go to their official web site and contact them using information provided there.
Two posts on the SANS ISC blog dig into the technical details of this scam.
Adobe recently issued a warning about a new scam email making the rounds. This one appears to contain license information for Adobe products, but is not legitimate and may contain malicious attachments and/or links to malicious web sites. Recently-compromised Adobe systems may have provided recipient addresses for this email.
A serious vulnerability affecting Windows XP and Windows Server 2003 was recently discovered. Microsoft issued advisory 2914486 to warn users about the vulnerability and recommend workarounds, but so far has not released a patch.
This vulnerability is being actively exploited, through the use of a specially-crafted PDF file. Opening such a file on a computer running Windows XP can result in an attacker gaining access to the computer.
The single workaround suggested in advisory 2914486 has some undesirable side-effects, including disabling VPN. But it may be better than the alternative, especially for users who frequently receive and open PDF files on Windows XP computers.
The usual advice applies: exercise extreme caution when browsing the web, clicking links in email, opening email attachments and opening files from unknown sources. When in doubt, don’t do it.
A post on the SANS ISC Diary blog has more, including a warning that these types of vulnerabilities may become much more common after Microsoft stops supporting Windows XP in April 2014. SANS has even coined a term for this event: Winmageddon.
My install of Opera 18 updated itself recently, from version 18.0.1284.49 to version 18.0.1284.63. There was no announcement of the change, and there is no release notes page for the new version. The ‘unified’ release notes page for version 18 was last updated on November 18. Is Opera moving toward stealth releases like Firefox? If so, why? While there may be some value in software that silently updates itself, IT staff still need to make intelligent decisions about updating corporate desktops, and they can’t do that without knowing what has changed between versions. The only sensible alternative is to switch to a different browser. Another nail in the coffin for Opera, which is sad.
The latest version of WordPress includes a style and responsiveness overhaul of the dashboard, sharp new vector-based icons, better support for mobile platforms, improved responsiveness features, better theme and widget management, better RTL (Right To Left) suport, some bug fixes, and a new theme, TwentyFourteen. An entry in the WordPress Codex lists all the changes in the new version.
Tuesday saw another stealth release of Firefox: version 26. As usual, the new version was not announced by Mozilla; I learned about it from a post on the CERT Current Activity blog. The official release notes for version 26 describe some of the changes in this version: nothing worthy of note. Version 26 does include fixes for some security issues, so you should upgrade as soon as possible.
Update 2013Dec16: One notable change in Firefox 26 is that Java is now blocked on all sites by default. This behaviour can be changed, but we recommend using the default setting.
Lifecycle is the term used by Microsoft when presenting the various dates related to the sales and support of their products. The Windows Lifecycle fact sheet provides all the relevant dates for all versions of Windows.
The lifecycle for Windows 7 was recently updated by Microsoft, making October 30, 2014 the last date on which new PCs can be sold with Windows 7. Shortly afterward, that date was removed, and it now appears as ‘To be determined.’ Someone at Microsoft apparently saw the latest sales figures for Windows, and realized that given Windows 7’s growth, stopping sales of that O/S in 2014 would significantly reduce overall revenue. Presumably a new cutoff date for OEM sales of Windows 7 is being debated internally, but I have no doubt that the October 30, 2014 date will eventually be pushed back.
Ars Technica has more about this.
boot13