Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.
As part of a massive quarterly ‘CPU’ (Critical Patch Update), Oracle recently announced Java 7, Update 45 (7u45).
This new version of Java includes several security enhancements, mostly related to Java component deployment. A new button on the Security tab of the Java Control Panel, labeled ‘Restore Security Prompts’, allows the user to completely clear the list of allowed Java applications.
As for the contentious ‘Issue 69‘ Java security vulnerability reported by security researcher Adam Gowdiak: according to Mr. Gowdiak’s latest research, this issue was resolved in Java 7, Update 40 (7u40).
Another new version of Google Chrome was announced yesterday. The new version includes fixes for five security vulnerabilities, many of which were reported to Google via its ongoing vulnerability rewards program.
Security researchers recently attempted to take down the ZeroAccess botnet, but the malware network proved more resilient than expected and is still in operation.
This month’s ‘Ouch!’ newsletter from SANS covers password managers. A password manager is a small program that stores all of your passwords, in an encrypted form. When you forget a password, you only need to remember the password manager’s password to access your collection.
I’ve been using the freeware Password Corral for years and recommend it.
On October 3, 2013, Adobe announced that their network and some of their servers had been breached. Their investigation continues, and the full scope and impact of the breach has yet to be determined.
However, we do know the following:
The intruders obtained Adobe customer data, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. According to Adobe, “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.” Adobe reset the passwords for all affected user accounts, and has been sending out alerts to those users. If you have never purchased software from Adobe directly, you should be safe. If you receive an alert from Adobe, follow their instructions to change your password.
The intruders also obtained source code for at least one product: Acrobat/Reader. Reader is already a popular target for malware perpetrators, and having access to the source code can only make things easier for them. Stay tuned for a fresh new crop of Reader security issues.
Patches from Microsoft and Adobe were announced today, along with a new version of Flash.
Eight bulletins from Microsoft fix security vulnerabilities in Windows, Internet Explorer, .NET, Office, Windows Server and Silverlight.
The Microsoft Security Research Center as usual provides a more friendly overview of this month’s patches, while the SANS Internet Storm Center provides a wealth of technical details.
Development continues on the new Webkit-based version of the Opera web browser. Version 17 was announced today. This version adds pinned tabs, startup options and custom search engine support.
Purists can still download the classic version 12.x Opera. It remains to be seen how many of the features lost in the transition from the Presto-based browser will be added to the Webkit-based browser. So far there’s plenty missing, including bookmarks, the sidebar and proper tab control.
Next Tuesday, October 8, will see patches from Microsoft (for Internet Explorer, Windows, .NET, Office and Silverlight) and Adobe (for Reader/Acrobat).
boot13