Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Internet, Security, Tools

Test your browser’s security

Leave a comment

A new, free, web-based service from cyscon GmbH tests your web browser and reports any security issues it finds.

Check-and-secure starts by checking your computer for open ports, then compares your IP address against a list of addresses associated with botnet activity.

Next, you have the option of checking your browser version and looking for out of date plugins like Java, Flash, and Silverlight. This is arguably the most useful part of the service, and you can get to it directly, which is handy.

The remainder of the service consists of offers to install various local security software packages. I haven’t yet tried the Cyscon Vaccination software, so can’t comment on its efficacy.

Hardware, Internet, Microsoft, Patches and updates, Security, Silverlight

February security roundup

Leave a comment

In February, a security researcher discovered that a Silverlight exploit – patched by Microsoft in January – is now being distributed through the Angler hacking kit. The researcher also found web sites using the exploit to infect site visitors who have not yet installed the Silverlight patch.

Comodo Internet Security, a highly-rated security package, was found to include features that actually make the host computer less secure. Most notably, that included a VNC server running without a password. VNC is a remote desktop application. The problems were resolved in subsequent updates from Comodo.

Brian Krebs wrote about serious security issues found in some Internet-connected Trane thermostats, and warns buyers to use caution when purchasing ‘smart’ devices.

Chrome, Google, Patches and updates, Security

Chrome 49.0.2623.75

Leave a comment

There are fixes for at least twenty-six security issues in the latest version of Chrome, 49.0.2623.75.

The release announcement lists the most important security fixes, while making it clear that the full details may not be made available until the majority of users have had a chance to update.

The full change log for Chrome 49 seems to go on forever. I tried to find the end of it, but gave up after a few pages. At least it doesn’t try to load in one page, since that would probably crash most browsers. Presumably if Google had made any really interesting changes in Chrome 49, they would have been mentioned in the announcement.

Internet

IPv6 addresses are confusing

Leave a comment

ZeroTier has an interesting and amusing look at IPv6 addresses.

At one time, there were a lot of dire predictions about running out of Internet addresses. It seemed clear that given the number of addresses available with the IPv4 scheme, they would soon all be in use. The increasing use of Network Address Translation (NAT) provided relief, as each single address was then able to provide Internet access to multiple devices behind a router.

However, NAT only delayed the inevitable for IPv4, and IPv6 was planned as its replacement. While there are only four billion IPv4 addresses, IPv6 allows for up to 340,000,000,000,000,000,000,000,000,000,000,000,000 addresses. Which should be plenty, even once the Internet expands to other planets.

Acceptance and deployment of IPv6 has been steady, but there are a few hurdles to overcome. One of those is the IPv6 numbering scheme itself.

I’m sure you’re familiar with the IPv4 scheme, in which any device on the Internet is identified by a sequence of four numbers, like this: 123.456.789.123. A full IPv6 address looks like this: adde:efbe:0000:0000:0000:0000:0000:0001. That’s a lot of digits to remember.

Luckily, the IPv6 developers invented ways to abbreviate IPv6 addresses, so that they typically look more like these:

  • adde:efbe::1
  • 2607:f2f8:a368::2
  • fe80::3cee:cdff:fe30:c27
  • fe80::1
  • 2607:f8b0:4007:809::200e

But while those abbreviated numbers are shorter, they are difficult to understand. The ZeroTier post explains why.

NetworkWorld has a fun and informative infographic that compares IPv4 and IPv6.

Hardware

Backblaze hard drive reliability report for 2015

Leave a comment

In the 2015 edition of their hard drive reliability report, backup service provider Backblaze finds that once again, HGST drives are the most reliable. Seagate drives have improved markedly since the previous report.

While it could be argued that Backblaze’s use of hard drives differs considerably from that of typical computer users, the report is still useful as a general indication of the relative reliability of the major drive brands.

Chrome, Google, Opera, Patches and updates, Security

Opera 35.0.2066.82

Leave a comment

The Opera web browser is based on Google’s Chromium ‘engine’ – the same core software that powers the Chrome browser. Aside: the Chromium browser engine is not to be confused with the other ‘Chromium’ – Google’s operating system, ChromiumOS. What is it with big corporations and confusing names?

Anyway… when Chrome gets a security fix, an Opera release with the same fix will soon follow. Opera 35.0.2066.82, announced on February 23, contains the same updated version of Chromium as Chrome 48.0.2564.116, which was released on February 18.

The Chromium security issue addressed in the latest versions of Opera and Chrome is CVE-2016-1629. The bug potentially allows attackers to bypass Same Origin Policy (SOP) measures that normally prevent scripts on other hosts from running.

If you use Chrome or Opera, or any other web browser based on the Chromium engine, you should update it as soon as possible. Chrome and Opera have self-updating features which can be triggered by navigating to their respective ‘About’ pages.