Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Internet, Internet crime

Denial of Service attack against Feedly

Leave a comment

I’ve been using Feedly as my main RSS feed reader for several months now, having tried several other alternatives to the now-defunct Google Reader.

Unfortunately, as I write this, Feedly is down. A Denial of Service (DoS) attack began when the site’s operators refused to pay extortionists to avoid the attack.

Feedly staff are working with their Internet Service Provider to mitigate the attack and hope to have service restored soon.

Graham Cluely has more.

Update 2014Jun12: Feedly seems to be back up and running normally. Feedly: 1; Internet extortionists: 0.

Adobe, Flash, Patches and updates, Security

Flash 14.0.0.125 fixes security issues

Leave a comment

Another new version of Flash was released today. Version 14.0.0.125 closes six security vulnerabilities found in previous versions.

If Flash is enabled in your web browser, you should update it as soon as possible.

As usual, the embedded Flash in Internet Explorer on Windows 8.x is updated via Windows Update, while the embedded Flash in Chrome will update itself automatically.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

Microsoft Patch Tuesday for June 2014

Leave a comment

This month there are seven bulletins, with related patches affecting Internet Explorer, Windows and Office. A total of sixty-six security vulnerabilities are fixed with these updates.

Note that Microsoft is recommending upgrading to the latest version of Internet Explorer. IE 11 contains security features not found in previous versions and is therefore somewhat more secure than those older versions. Anyone still using Internet Explorer would do well to follow this advice.

Note also that this is the last set of updates that will be available for Windows 8.1 installations without Update 1. In other words, if you’ve held off on installing Update 1, you won’t get any updates next month or after that.

Related links

Internet, Patches and updates, Security

More flaws found in critical security software

Leave a comment

Two new vulnerabilities were recently discovered in widely-used security software OpenSSL and GnuTLS.

The OpenSSL vulnerability is not as dangerous as the infamous Heartbleed bug, but can allow attackers to pull private information from communications between unpatched systems, including passwords.

The GnuTLS vulnerability can be used by malicious persons to execute arbitrary code on devices accessing specially-crafted web pages.

As with Heartbleed, these vulnerabilites mainly affect servers, although client software and operating systems that use the GnuTLS and OpenSSL libraries are also at risk. Patches are expected to be made available soon.

Chrome, Firefox, Internet Explorer, Privacy, Security

Web browsers can reveal browsing history

Leave a comment

Chrome, Firefox and Internet Explorer can be tricked into revealing your browsing history by unscrupulous web site owners.

The new vulnerability is similar to one that was discovered, then patched, in the major browsers several years ago. The new technique uses a different approach to accomplish the same thing.

Browser developers are working on fixes for this vulnerability, but in the meantime, anyone concerned about their browser history potentially being revealed should get into the habit of clearing their history frequently. Alternatively, you could switch to a privacy-oriented browsing solution such as the Tor Browser Bundle.

Internet crime, Malware, Security, Spam and scams

Gameover botnet targeted in takedown effort

Leave a comment

An international law enforcement project to disrupt the Gameover botnet is underway.

Gameover, aka Gameover Zeus or GOZ, is currently installed on up to a million computers worldwide. The botnet is rented out for malicious purposes, including harvesting private information, sending spam email, denial of service (DoS) attacks, extortion, and distribution of various kinds of malware, including the awful CryptoLocker [1,2] ransomware.

This effort to disrupt GOZ has already been very successful: the botnet’s owners are no longer able to control clients. As for Cryptolocker, newly-infected machines can no longer communicate with their controlling servers, which means they are safe, at least for now. Infected machines that are already encrypted are not affected and must still pay the decryption ransom or lose all encrypted information.

Brian Krebs provides additional details on his Krebs on Security blog.

Update 2014Jun09: Brian Krebs has a behind-the-scenes look at what went into this takeover. To this point, the takeover seems to have been 100% effective, but the botnet developers may have more moves left.