Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett

Internet Explorer, Microsoft, Patches and updates, Security, Tools, Windows

EMET 5.2 released by Microsoft

March 14, 2015 jrivett Leave a comment

A new version of the Enhanced Mitigation Experience Toolkit (EMET) was announced by Microsoft on March 12. EMET is an application that provides an additional level of security for Windows systems by detecting and blocking specific types of application behaviour that are associated with malware.

Version 5.2 of EMET adds new features for Windows 8.1 (and up), and for Internet Explorer.

EMET is highly recommended for Windows computers. You can obtain it from the main EMET page.

Update 2015Mar17: If you downloaded EMET 5.2 before March 16, you may have noticed that Internet Explorer on Windows 8.1 stopped working. Microsoft has re-released EMET 5.2 to address this problem.

Adobe, Flash, Patches and updates, Security

Flash 17.0.0.134 fixes eleven security bugs

March 13, 2015 jrivett Leave a comment

A new version of Flash was announced by Adobe yesterday. Flash 17.0.0.134 addresses at least eleven critical security vulnerabilities.

Anyone who uses a web browser with Flash enabled should install this update as soon as possible. That includes anyone who ever looks at any videos on Youtube.

Internet Explorer 10 and up will receive this Flash update via Windows Update, and Google Chrome will update itself.

Update 2015Mar27: That didn’t take long. At least one popular exploit kit (aka ‘set of hacking tools’) now includes a pre-packaged attack that targets one of the vulnerabilities fixed in Flash 17.0.0.134. If you use Flash, and you’re not in the habit of updating it, you should either stop using Flash or keep it up to date.

Microsoft, Patches and updates, Security, Windows 7

Microsoft update 3033929 causing problems

March 12, 2015 jrivett Leave a comment

One of the updates made available by Microsoft earlier this week is apparently causing problems on some Windows 7 computers. Details are sketchy at this point, but some users are reporting that their Windows 7 computers get into an infinite reboot loop after installing the KB3033929 update.

Microsoft is expected to release another update or pull the existing update soon. For now, anyone running Windows 7 should avoid this update.

Chrome, Google

Chrome 41.0.2272.89 released

March 11, 2015 jrivett Leave a comment

A new version of Chrome was announced by Google yesterday.

Unfortunately, the update announcement provides no information on what was changed and only points to the change log, which is not very useful for regular users.

Parsing the change log for version 41.0.2272.89 doesn’t reveal any changes worth noting. There don’t seem to be any security fixes.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for March 2015

March 10, 2015 jrivett Leave a comment

Today Microsoft announced fourteen updates for security vulnerabilities in Windows, Office, Exchange, and Internet Explorer. Five of the updates are flagged as Critical.

The bulletin summary gets into all the technical details. All you really need to know is that you should install these updates as soon as possible, especially if you use Internet Explorer.

One of the updates provides what is hoped will be a complete fix for a vulnerability that allowed the Stuxnet worm to spread. Microsoft published a fix for this vulnerability in 2010, but the fix was incomplete and the vulnerability remained largely intact.

SANS provides a breakdown of the new updates every month. The information is presented in a way that may be more appealing/useful to some readers.

Firefox, Patches and updates

Firefox 36.0.1 fixes numerous bugs

March 7, 2015 jrivett Leave a comment

Another new version of Firefox was made available by Mozilla on Thursday. This one seems to consist mostly of bug fixes, although some new functionality was added, including full support for HTTP/2. Compatibility with HTML5 was improved. The release notes claim there were also ‘various security fixes’ but the Security Advisories (aka Known Vulnerabilities) page doesn’t bear that out.

As usual, I learned about the new version from a source other than Mozilla, which is an ongoing source of frustration.

Java, Patches and updates

Java 8 Update 40 released

March 5, 2015 jrivett Leave a comment

On March 3, Oracle announced a new version of Java 8, designated Update 40. This update includes a variety of improvements for stability and performance, but no security fixes.

The release notes for Java JDK 8 Update 40 provide the technical details.

Chrome, Google, Patches and updates, Security

Chrome 41.0.2272.76 fixes 51 security issues

March 4, 2015 jrivett Leave a comment

A new version of Chrome was released on Tuesday. Version 41.0.2272.76 includes fixes for at least 51 security vulnerabilities, as well as a number of other fixes related to stability and performance.

Internet, Privacy, Tools

VPN services: how private is your communication?

March 2, 2015 jrivett Leave a comment

In the wake of the Snowden revelations, there’s been a lot of new interest in Virtual Private Networks (VPN).

A VPN service works by creating a secure, encrypted network that extends across the public Internet, allowing users to communicate securely with remote systems. VPNs have been used for corporate networks – which are often distributed across many physical locations – for years.

While a VPN service can be set up by anyone using open source software and network hardware, a simpler approach for typical users is to use one of the many VPN service providers currently available.

With so many people now depending VPN services, TorrentFreak wondered just how private those services really are, and came up with a list of questions for VPN providers. For example, some VPN providers keep logs of user IP addresses, which – when handed over to the NSA – could lay bare your supposedly private communications.

You can find the results of TorrentFreak’s investigation on their web site.

Internet, Internet crime, Malware, Privacy, Security

Ramnit botnet suppressed

March 1, 2015 jrivett Leave a comment

Europol, with assistance from Microsoft, Symantec, and Anubis Networks, has identified and seized the servers thought to be at the core of Ramnit‘s infrastructure.

Ramnit began operations in 2010, and has evolved from a simple worm to include advanced features for stealing personal/banking information and self-propagation. In its latest incarnation, Ramnit is capable of compromising infected computers in numerous ways. In 2012, Ramnit was used to gain access to 45,000 Facebook accounts.

Only time will tell whether this crackdown has actually succeeded in ridding the world of this particular piece of malware.

boot13