Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.
A new version of Flash was announced by Adobe yesterday. Flash 17.0.0.134 addresses at least eleven critical security vulnerabilities.
Anyone who uses a web browser with Flash enabled should install this update as soon as possible. That includes anyone who ever looks at any videos on Youtube.
Internet Explorer 10 and up will receive this Flash update via Windows Update, and Google Chrome will update itself.
Update 2015Mar27: That didn’t take long. At least one popular exploit kit (aka ‘set of hacking tools’) now includes a pre-packaged attack that targets one of the vulnerabilities fixed in Flash 17.0.0.134. If you use Flash, and you’re not in the habit of updating it, you should either stop using Flash or keep it up to date.
One of the updates made available by Microsoft earlier this week is apparently causing problems on some Windows 7 computers. Details are sketchy at this point, but some users are reporting that their Windows 7 computers get into an infinite reboot loop after installing the KB3033929 update.
Microsoft is expected to release another update or pull the existing update soon. For now, anyone running Windows 7 should avoid this update.
A new version of Chrome was announced by Google yesterday.
Unfortunately, the update announcement provides no information on what was changed and only points to the change log, which is not very useful for regular users.
Today Microsoft announced fourteen updates for security vulnerabilities in Windows, Office, Exchange, and Internet Explorer. Five of the updates are flagged as Critical.
The bulletin summary gets into all the technical details. All you really need to know is that you should install these updates as soon as possible, especially if you use Internet Explorer.
One of the updates provides what is hoped will be a complete fix for a vulnerability that allowed the Stuxnet worm to spread. Microsoft published a fix for this vulnerability in 2010, but the fix was incomplete and the vulnerability remained largely intact.
Another new version of Firefox was made available by Mozilla on Thursday. This one seems to consist mostly of bug fixes, although some new functionality was added, including full support for HTTP/2. Compatibility with HTML5 was improved. The release notes claim there were also ‘various security fixes’ but the Security Advisories (aka Known Vulnerabilities) page doesn’t bear that out.
As usual, I learned about the new version from a source other than Mozilla, which is an ongoing source of frustration.
On March 3, Oracle announced a new version of Java 8, designated Update 40. This update includes a variety of improvements for stability and performance, but no security fixes.
A new version of Chrome was released on Tuesday. Version 41.0.2272.76 includes fixes for at least 51 security vulnerabilities, as well as a number of other fixes related to stability and performance.
In the wake of the Snowden revelations, there’s been a lot of new interest in Virtual Private Networks (VPN).
A VPN service works by creating a secure, encrypted network that extends across the public Internet, allowing users to communicate securely with remote systems. VPNs have been used for corporate networks – which are often distributed across many physical locations – for years.
While a VPN service can be set up by anyone using open source software and network hardware, a simpler approach for typical users is to use one of the many VPN service providers currently available.
With so many people now depending VPN services, TorrentFreak wondered just how private those services really are, and came up with a list of questions for VPN providers. For example, some VPN providers keep logs of user IP addresses, which – when handed over to the NSA – could lay bare your supposedly private communications.
Ramnit began operations in 2010, and has evolved from a simple worm to include advanced features for stealing personal/banking information and self-propagation. In its latest incarnation, Ramnit is capable of compromising infected computers in numerous ways. In 2012, Ramnit was used to gain access to 45,000 Facebook accounts.
Only time will tell whether this crackdown has actually succeeded in ridding the world of this particular piece of malware.
If you’re feeling strong, Ars Technica has a report on the possible futures of the Internet. Tl;dr (aka ‘executive summary’): it’s not looking good; the scenario with the highest probability is this one:
The Internet becomes just like every physical domain of human existence: turf to fight over. Crime, espionage, embargoes, and full-blown nation-on-nation conflicts extend into the Internet.
Bleak.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13