Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.
Earlier this week, Adobe announced that they would delay this month’s Flash update for a few days, which would allow them to include a fix for a critical vulnerability (CVE-2016-4171) that’s being actively exploited on the web.
Yesterday Adobe released Flash 22.0.0.192, which addresses CVE-2016-4171 and thirty-five other vulnerabilities. Anyone who uses Flash should install the new version as soon as possible, but those of us who still use Flash in a web browser need to check their version and update immediately.
Recent versions of Internet Explorer and Edge will get the new version of Flash via Windows Update. Microsoft issued a related bulletin yesterday.
Chrome’s embedded Flash will be updated via its own internal updater. You can trigger the update by clicking the ‘hamburger’ menu button at the top right, then clicking Help and About Google Chrome.
I’ve been running Windows 8.1 on my main computer for a while now, and while I was initially dreading the goofy new touch-centric user interface, most of the time it stays out of the way.
There is one exception: the ‘Charms Bar’. There’s nothing ‘charming’ about this thing; it pops up at the most inconvenient times, usually when I’m gaming.
The Charms Bar is a toolbar and clock overlay that – by default – appears when the mouse moves to the top right or bottom right of the display. The toolbar contains links to the Devices and Settings apps, and the Start screen. I already have plenty of ways to get to those things, so the bar is pure annoyance.
Sure, if I was using a tablet, the Charms Bar would probably be useful. But I’m not. Thankfully, Microsoft provided some settings for getting rid of it. Unfortunately, the settings involved are in more than one place, and there is no setting to disable the lower right corner trigger.
To stop the Charms Bar from appearing when you move the mouse to the top right, navigate to Control Panel > Taskbar and Navigation > Navigation > Corner Navigation and disable the option When I point to the upper-right corner, show the charms.
If your computer supports mouse or touch swiping motions, you will probably need to disable those as well. To do that, navigate to Control Panel > Mouse, look for swipe-related options, and disable them.
That’s as far as you can go with built-in Windows settings. You’ll still see the Charms Bar when you move your mouse to the lower right. The best solution I’ve found so far is the freeware Charms Bar Killer from Winaero. Even this tool can’t fix the problem permanently, because the changes it makes are reversed whenever Windows (or Explorer) restarts. You can configure it to start with Windows, or just run it whenever you want to disable the Charms Bar until the next reboot.
Microsoft: frustrating people needlessly since 1975.
The only notable change in Opera 38.0.2220.31 is an upgrade to the Chromium engine on which it is based. Chromium upgrades typically improve performance and stability.
The change log for 38.0.2220.31 lists only one difference: DNA-54944 All downloads not working. The meaning of this is unclear.
Based on the available information, no security fixes were addressed in the new version.
It’s that time again, folks. This month Microsoft has sixteen updates, which address forty-four vulnerabilities in the usual culprits: Windows, Internet Explorer, Office, and Edge. Five of the updates are flagged as Critical.
Adobe issued an alert earlier today, saying that they have identified a vulnerability in Flash that is being actively exploited. There’s no update as yet, but they expect to have one ready by June 16. I imagine that Adobe was planning to release a Flash update today to coincide with Microsoft’s updates, but this new threat messed up their timing.
Changes in Opera 38.0 include power use improvements for mobile users, customization for the ad blocker, and numerous bug fixes and other performance improvements.
The full change log has all the details, which as usual distinguishes between the beta and developer versions that led up to the stable version 38.0.2220.29.
There don’t appear to be any security fixes in Opera 38.0, so this isn’t an urgent update.
The announcement for Firefox 47.0 highlights a few changes: synchronized tabs (between Firefox instances), improved video playback, and some security and performance improvements for Android users.
According to the release notes, Firefox 47.0 takes a few more steps in the process of moving away from Flash and toward HTML5 for video, and removes support for some older technologies related to plugins. The click-to-activate plugin whitelist, a security feature that was introduced in 2013, has been removed.
Most importantly, Firefox 47.0 fixes at least thirteen security issues. So don’t delay, update Firefox as soon as you can.
Check your Firefox version and trigger an update by navigating to its About page:
Click the ‘hamburger’ (three horizontal bars) menu button at the top right.
Click the question mark at the bottom of the menu.
Version 51.0.2704.84 of Google’s web browser was released on June 6. The announcement doesn’t list any changes, but points to the full change log. The log lists about sixteen changes, mostly minor bug fixes. Although it’s not explicitly stated, some of the changes appear to be related to security, so we recommend updating Chrome as soon as possible.
It remains unclear exactly how these unauthorized intrusions are happening. TeamViewer officials are so far denying that the software has been hacked, insisting that the current surge in TeamViewer-based attacks are the result of password re-use, combined with the recent publication of several databases of stolen credentials.
Until we know for sure what’s going on, we recommend removing TeamViewer from all computers on which it is installed.
If removal is not an option, as may the case for some support setups, then you should configure TeamViewer to not start with Windows, only start it when asked to do so by support staff, and then close it when their work is complete.
Recommendation: disable the option that starts TeamViewer with Windows.
You should also avoid using fixed, personal passwords, relying instead on the temporary passwords TeamViewer generates when it is started, or at least make sure that your personal passwords are strong and unique. Oddly, there’s no way to disable a fixed, personal password, once it’s set up, so your only option in that case is to set it to something very long and random.
Recommendations: set the personal password to something very long, complex, and unique, then don’t use it. Avoid the ‘Grant easy access’ feature. Change password strength of random passwords to 10 characters.
Criticism of TeamViewer is building, and the company’s response to this issue has been somewhat less than stellar. If they are convinced that the problem is re-used passwords, why have they not forced a password change for all TeamViewer accounts?
TeamViewer’s makers also seem unwilling to consider the notion that the software itself has been hacked in some way, instead focusing on TeamViewer accounts. An account is not required to use TeamViewer, and exists only as a master address book for people who use TeamViewer to access many different computers. If your TeamViewer account is compromised, an attacker will then have full access to all computers in your account.
To their credit, Teamviewer is working to add new features to the software that should beef up its security. But the new features only affect TeamViewer accounts. If you don’t have a TeamViewer account, you won’t see any benefit.
Meanwhile, we’re wondering whether it might be helpful if TeamViewer showed a large red warning when setting up an account, like this: WARNING: if there's only one site or service where you use a strong password, let it be your TeamViewer account. Because if someone gets access to your TeamViewer account, they will also have full access to all of the computers you access through your account.
The people who make Vivaldi were happy enough with a recent developer snapshot of the browser to release it as version 1.2.
Whether or not you agree that Vivaldi is ready to be your main browser (I don’t), it is improving. Version 1.2 adds custom mouse gestures, per-tab zoom level, and new settings related to the ‘new tab’ page.
Another batch of security fixes highlights the release of Chrome 51.0.2704.79. At least fifteen security issues are addressed in the new version, so if you use the browser, you should make sure it’s up to date. The full change log (only about three dozen entries this time) provides additional details.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13
