Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Internet Explorer, Microsoft, Patches and updates, Security

Special security update for Internet Explorer

Leave a comment

Last week Microsoft issued an unscheduled security update that fixes a serious security vulnerability in Internet Explorer 9, 10, and 11.

According to Microsoft, this vulnerability is currently being exploited on the web, which means that malicious activity that takes advantage of the security hole has been observed.

Details of the vulnerability can be found in Microsoft’s Security Update Guide.

Anyone who still uses Internet Explorer for web browsing should install this update by running Windows Update in the Windows Control Panel or system settings.

Chrome, Google, Patches and updates, Security

Chrome 71.0.3578.98 fixes one security bug

Leave a comment

A lone security vulnerability is addressed in the latest Chrome, version 71.0.3578.98. The full change log documents about twenty changes in all.

Chrome keeps itself up to date, mostly whether you want it to or not. I’ve long since stopped fighting Google’s automatic updates on my own computers, partly because those updates never seem to cause problems, which is refreshingly different from Microsoft’s sad history.

On the other hand, Chrome may not get around to updating itself for a while; Chrome release announcements usually include boilerplate text saying that the new version “will roll out over the coming days/weeks.” You can get it up to date right now by clicking its menu button and choosing Help > About Google Chrome.

Firefox, Mozilla, Patches and updates, Security

Firefox 64.0 fixes eleven security bugs

Leave a comment

The latest Firefox fixes a handful of bugs, eleven of them security vulnerabilities, ranging in impact from low to critical.

New in Firefox 64.0 is the ability to select and manipulate multiple tabs. Hold the Ctrl or Shift key while clicking to select several tabs, then right-click one of the tabs to see some new actions in the context menu. Unfortunately, there’s no visual indication of which tabs have been selected, making this otherwise helpful feature somewhat awkward to use. You can at least see how many tabs you have selected in the context menu, in the Send n Tabs To Device entry.

Firefox’s Task Manager, which you can show by navigating to about:performance, now shows the amount of power being used by each tab and Add-On. This should be very handy for mobile device users.

Starting with Firefox 64.0, TLS certificates issued by Symantec are no longer trusted. You’ll only notice this if you visit a web site that still uses a certificate from Symantec.

The special page about:crashes is improved in Firefox 64.0: it’s now clear when a crash is being submitted to Mozilla, and that removing crashes locally does not remove them from the Mozilla crash stats page.

The release notes for Firefox 64.0 have more details.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for December 2018

Leave a comment

It’s the second Tuesday of the month, so it’s once again time to play Patch Or Else, brought to you by Microsoft and Adobe.

It’s easy to get complacent about updating software: diligently installing updates as soon as they become available is an essential part of a good security strategy, and it means you’re less likely to fall afoul of malicious activity. But it also means that after a while you can lose sight of the risk of not staying up to date, and gradually become lax about installing updates. History is filled with stories of lost lessons; it’s apparently in our nature to forget what’s important when we aren’t reminded of the reasons for that importance.

Analysis of Microsoft’s Security Update Guide for the December 2018 updates reveals that this month we have sixty-seven distinct updates, half of which are flagged as having Critical severity. The updates address security issues in Adobe Flash (embedded in Internet Explorer and Edge), Internet Explorer, Edge, .NET, Office, Visual Studio, and Windows.

Update Windows and your other Microsoft software via Windows Update. In Windows 10, open the Start Menu and click on Settings > Update & Security settings > Windows Update. In older versions of Windows, you can find Windows Update in the Control Panel.

Presumably as part of the ongoing push for transparency in response to Windows 10 update problems earlier this year, Microsoft Corporate VP Michael Fortin posted an article, coinciding with this month’s updates, that explains some of the planning that goes into the monthly updates. Fortin points out that “During peak times, we update over 1,000 devices per second”.

Adobe’s contribution to the patch pile this month is a new version of Adobe Reader. The new Reader includes fixes for at least eighty-seven vulnerabilities, many having Critical severity. The release notes for Adobe Reader DC 2019.010.20064 provide additional details. Update Reader by pointing your browser to the Acrobat Reader Download Center.

Adobe, Flash, Patches and updates, Security

Flash 32.0.0.101 fixes two security bugs

Leave a comment

Released on December 5th, the latest Flash addresses two security vulnerabilities in earlier versions. The security bulletin for Flash 32.0.0.101 provides additional details.

If you’re still using Flash, you should install the new version as soon as possible. If you use a web browser with a Flash plugin enabled, don’t wait: update now. If you’re not sure whether your browser has Flash enabled, visit the Flash Player Help page with that browser. The Help page will detect Flash in your browser, tell you which version is installed, and provide a download link for the latest version.

Web browsers that include their own embedded Flash will be updated via their usual channels: for Microsoft browsers, that means Windows Update. Chrome usually updates itself automatically, but you can trigger an update by navigating its menu to Help > About Google Chrome.

Chrome, Google, Patches and updates, Security

Chrome 71.0.3578.80: lots of security fixes

Leave a comment

According to the release announcement, Chrome 71.0.3578.80 addresses forty-three distinct security vulnerabilities in earlier versions of the browser.

The full change log for the new version has over twelve thousand entries, none of which are mentioned in the announcement. Many of the changes appear to be fixes for minor bugs.

To check your version of Chrome, click its menu button and navigate to Help > About Google Chrome. If you’re not running the latest version, you’ll be able to update it from there.

Adobe, Flash, Patches and updates, Security

Flash 31.0.0.153: security fix

Leave a comment

There’s another new version of Flash: 31.0.0.153. A single Critical security vulnerability is addressed in this version. The vulnerability, when exploited, can allow for arbitrary code execution.

If you’re using a web browser with Flash enabled, you should update it as soon as possible. If you’re not sure whether your browser is enabled for Flash content, head over to the Flash Player Help page. If Flash is installed and enabled in your browser, your Flash version will be shown.

You can install Flash by visiting the main Flash installer page. Make sure to disable all the optional installation checkboxes on that page, or you’ll get unwanted software along with Flash.

As usual, Google Chrome and Microsoft’s browsers, which have their own embedded Flash viewers, are updated separately. Chrome will update itself; Edge and Internet Explorer are updated via the Windows Update service.

Chrome, Google, Patches and updates, Security

Chrome 70.0.3538.110

Leave a comment

According to the release announcement for Chrome 70.0.3538.110, the new version fixes a single, High-severity security vulnerability. The change log lists a few additional bug fixes but nothing particularly interesting.

Chrome will update itself automatically on most computers, over the next few days or weeks. If that’s not soon enough for you, click the browser’s menu button at the top right (three vertical dots) and drill down to Help > About Google Chrome. This will show your current version and — usually — offer to install the latest version.

Hardware, IoT, Security

Encouraging developments in the IoT security mess

Leave a comment

By now you’re probably aware that the push to connect everything to the Internet has been at the cost of security. Many IoT (Internet of Things) devices are poorly secured and can expose users to significant threats. I always encourage people to consider whether they really need their toaster to be connected to the Internet, and disable that feature if the answer is no.

Until recently, the IoT landscape was like the wild west, with little or no regulation of the security aspects of these devices.

But there’s reason for optimism, as reported by Bruce Schneier. Consumer Reports, the venerable consumer protection organization, is now testing the security of IoT devices, starting with home security cameras. Hopefully CR’s focus on security will be extended to other types of IoT devices soon.

Goverments are also waking up to the threat. California’s new SB 327 law, which will come into effect in 2020, will require that all network-connected devices meet basic security requirements. Other governing bodies are sure to follow, hopefully soon. Ultimately, we should have security standards for connected devices everywhere.

These efforts seem likely to get the attention of IoT device manufacturers, and encourage them to improve the security of their products. In particular, IoT devices need better security out of the box, with risky features disabled by default instead of enabled. Many devices are still shipped with well-known default passwords, and remote administration access enabled by default.

Microsoft, Patches and updates, Windows 10

Microsoft resumes rollout of Windows 10 October Update

Leave a comment

Last month, after users reported file deletion issues, Microsoft took the Windows 10 October Update offline. Yesterday, the (now fixed) update was again made available. Microsoft has slowed their rollout this time, and for now, you can only get the update by manually checking for updates in Windows Update. If there are no new problems, Microsoft will gradually push the update out to all Windows 10 computers over the coming weeks.

In the month since the October update was pulled, Microsoft did a lot of soul-searching (aka process review), and the results of that work, detailed in a November 13 blog post, make for interesting reading. Here are the highlights:

  • Microsoft is trying to be more transparent about how it tests new versions of Windows before they are released. This is a good thing.
  • Adequate testing is difficult because there are so many possible combinations of hardware and software being used on Windows 10.
  • Base functional testing is the responsibility of the development teams. Presumably dedicated testing staff did this previously.
  • Data and user feedback are being used to gauge quality.
  • According to Microsoft, October update issues aside, overall quality and user satisfaction are increasing with each new Windows 10 update.
  • Employees working on Windows 10 have to ‘eat their own dog food’, meaning that they are required to use Windows 10 themselves.
  • As many as 15,000 new device drivers are added to Windows each month.
  • “The first principle of a feature update rollout is to only update devices that our data shows will have a good experience.” I find this wording amusing: in this case a ‘good experience’ means one where you’re less likely to throw yourself off a building after trying to update your O/S.

Update 2018Dec19: “Rollout Status as of December 17, 2018: Windows 10, version 1809, is now fully available for advanced users who manually select “Check for updates” via Windows Update.” See Windows 10 Update History.