Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Firefox, Patches and updates, Security

Firefox 44.0.1 and 44.0.2

Leave a comment

Two stealth releases this week for Firefox. Version 44.0.1 was released on February 8 to fix a handful of minor bugs. Version 44.0.2 was released yesterday to fix a startup hanging problem and to address one security issue.

Most installations of Firefox will offer to update themselves automatically, but since 44.0.2 includes a security fix, you should check your version and trigger an update if you’re still running an older version.

If you’re wondering where Mozilla hid the ‘About’ box:

  1. Click the ‘hamburger’ button (three stacked horizontal lines) at the top right.
  2. Click the question mark button at the bottom of the menu.
  3. Click ‘About Firefox’.
Microsoft, Patches and updates, Security, Windows 10

Microsoft finally providing Windows 10 update history

Leave a comment

Responding to a steady stream of complaints since the launch of Windows 10, Microsoft has finally relented and will now provide useful notes to accompany changes to the operating system.

The Windows 10 update history page shows changes to release versions, starting with the initial release (build 10240.16683) in July, and ending with the most recent release version, 10586.104.

The notes for release 10586.104 show that a serious security flaw related to InPrivate browsing in the Edge browser has now been fixed.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for February 2016

Leave a comment

Thirteen security updates from Microsoft this month address over forty issues in Windows, Internet Explorer, Edge, Office, server software and .NET. Six are flagged as Critical.

In keeping with their recent practise of tagging along with Microsoft, Adobe also just released several updates, most notably for Flash. The latest version of Flash is now 20.0.0.306. As usual, Internet Explorer on Windows 8.1 and 10 and Edge on Windows 10 will get their new Flash via Windows Update, and Chrome will update itself with the latest Flash. The associated security bulletin gets into all the technical details. A total of 22 vulnerabilities are addressed in the new version.

Java, Patches and updates, Security, Windows

New Java versions address installation vulnerability

Leave a comment

Java 8 Update 73, Java 7 Update 97, and Java 6 Update 113 were announced yesterday by Oracle. The new versions fix a serious vulnerability in the Windows installer for all previous versions of Java.

Although technically you don’t need to install the latest versions of Java if you were already up to date, you should at least make sure that you have uninstalled any older versions of Java on your Windows computers. Also, if you have any previously-downloaded Java installers, you should remove those as well.

And finally, be very careful about where you obtain Java. Always make sure that you’re getting it from Oracle, via the main Java download page or using the Windows Java Control Panel.

A security alert for the new Java versions provides additional information.

Microsoft, Patches and updates, Security, Tools, Windows

EMET 5.5 now available

Leave a comment

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) version 5.5 was released on February 2.

EMET is not a substitute for anti-malware software, but it does provide an additional layer of security against typical malware activity. If malware finds its way onto your Windows computer, EMET can prevent it from causing actual damage; by default, it kills the affected process.

EMET is free, and recommended. Unfortunately, when you use EMET, there’s a chance that it will cause problems for legitimate software. A few weeks ago – before EMET 5.5 was released – EMET started reporting problems with my main computer’s Office software, including Outlook and Excel. I was forced to disable some of EMET’s detection settings for those programs. I had hoped that EMET 5.5 would resolve these issues, but it did not.

Still, EMET can be a useful addition to your security toolkit, if you’re willing to put up with the occasional glitch.

Microsoft, Patches and updates, Windows 10, Windows 7, Windows 8.x

Windows 10 now classed as ‘recommended’ update for Windows 7 and 8.1

Leave a comment

As expected, Microsoft recently changed the status of the Windows 10 update for Windows 7 and 8.1 computers, from ‘optional’ to ‘recommended’. If your PC’s Windows Update settings are configured to automatically install recommended updates, Windows 10 will be downloaded, silently consuming multiple gigabytes of bandwidth and hard drive space.

Thankfully, the Windows 10 upgrade won’t actually be installed without your consent; users will be given a chance to skip or reschedule the upgrade. You can also avoid the update completely by making some changes to the Windows registry, or by using the excellent GWX Control Panel.

Malware, Security, WordPress and other CMS

Hacked WordPress sites spreading ransomware

2 Comments

WordPress continues to be a favourite target for people engaged in malicious activity on the web. A WordPress site that isn’t kept up to date with security patches is almost guaranteed to be compromised in some way.

There’s been a recent surge in the number of hacked WordPress sites, many of of which are infecting visitors with ransomware. If you haven’t bothered to install security updates on your computer, simply visiting a compromised site can infect it. And ransomware is not something you want to mess with.

Please, make life more difficult for the people spreading malware and compromising web sites: keep your WordPress sites, operating system, and software patched.

Android, Apple, Cloud, Google, Hardware, Internet crime, Linux, Mac, Malware, Microsoft, Mobile, Privacy, Security

Security and privacy roundup for January 2016

Leave a comment

Your devices are talking about you

You already know that your web browser is tracking your activity. You are probably also aware of ‘The Internet of Things‘ – the increasing prevalence of devices that are connected to the Internet – and you recognize that any such device can also track your activities. Bruce Schneier reveals the next step in this evolution: enabling devices to share information about you. Of course, since the goal of all this surveillance is merely better-targeted advertising, most people are unlikely to care. Still, if privacy and control are important to you, this will not be welcome news.

Brian Krebs reminded us that ransomware can affect files in your cloud storage space as well as on your physical computer and network-connected devices.

A summary of software vulnerabilities over at VentureBeat shows Mac OS X topping the list for 2015. Microsoft’s security efforts seem to be paying off, as the highest-ranked version of Windows on the 2015 list is Windows 8.1 at number 10, and fewer than half the vulnerabilities as OS X.

Serious vulnerabilities were discovered in OpenSSH (a very commonly-used secure terminal client), OpenSSL (the ubiquitous security library), and Trend Micro antivirus software.

Vulnerabilities in the Linux kernel (affecting Android phones and Linux PCs) remain unpatched on many affected devices.

Google produced more patches for vulnerabilities affecting Android devices, but as always, the patches are finding their way to devices very slowly.

The very weak hashing functions MD5 and SHA1 are still being used in HTTPS encryption in some contexts.

It’s official: your smart TV can become infected with malware.

Network devices made by Juniper and Fortinet were found to contain serious vulnerabilities, including an NSA-developed back-door function and a hard-coded back-door password (more).

The free-to-use deep search tool Shodan made the news when researchers showed that it can be used to find household cameras, including baby-cams. Note that the problem here is not Shodan, which is just a useful search tool. The problem is the failure to properly secure Internet-connected devices.

There were more serious corporate security breaches in January, at Time Warner and Linode. As usual in these cases, the login credentials of subscribers were obtained by the attackers.

Amazon’s security practices were (unwillingly) tested by a customer, and found seriously deficient.

More malicious apps were found in the Google Play store. Google removed those apps, but not until they were downloaded millions of times by unsuspecting Android device users.

LG fixed a critical security hole affecting as many as ten million of its mobile devices.

Google, Internet

Google clamps down on misleading ‘download’ buttons

Leave a comment

We’ve all run into this: you’re trying to find some software, and when you finally get to a download page, you’re faced with multiple DOWNLOAD buttons. It’s like a really bad game, in which clicking the right button gets you the software, and clicking the wrong one infects your computer with malware.

Google is aware of this problem, and in keeping with its goal of using its vast resources to help protect users, will now detect these misleading buttons and warn users. Increasingly, when you navigate to a page with these deceptive buttons, Google will warn you: ‘Deceptive Content Ahead’. A welcome improvement.