boot13Backblaze, a cloud backup provider, recently completed a series of reliability tests on consumer hard drives from Western Digital, Seagate and Hitachi. The big winner was Hitachi, with Seagate drives lagging notably in a distant third place. Having recently replaced two failing Seagate drives in a client’s PC (while a third drive – a Hitachi – continued operating just fine), my own limited observations would seem to confirm Backblaze’s findings.
People are changing their passwords
It looks like the warnings about passwords are being heard by users everywhere. For years, industry experts have been telling people not to use simple passwords, and not to use the same passwords everywhere. Now, research shows that the previous most-used password, “password” is no longer #1.
Unfortunately, the new #1 password is “123456”. Which was previously #2. It’s difficult to categorize this as progress, since both of those passwords are equally terrible. Don’t use them. Please.
Cryptolocker malware is getting worse
A new variant of the nasty malware known as Cryptolocker is appearing on the Internet. Cryptolocker – once it infects your computer – encrypts all your files and then demands money to decrypt them. If you fail to pay within a specified time period, your files become permanently inaccessible.
The new version of Cryptolocker can apparently spread itself via portable media such as thumb drives. It is also often disguised as a software activation program for Photoshop and Microsoft Office on file sharing sites. The original Cryptolocker typically arrived in the form of a fake PDF file.
Disguising Cryptolocker as a software activation program is a particularly devious way to spread the malware. Every day, thousands of people who can’t afford the massively overpriced Office and Photoshop look for alternative ways to use that software, and now those people are going to be risking more than the ire of Microsoft and Adobe.
Google releases Chrome 32.0.1700.76
A new version of Chrome fixes eleven security issues and adds some enhancements, including indicators that tell you which tab is generating audio, better blocking of malware files, and stability and performance improvements. The version of Flash embedded in Chrome was updated to the latest version (12.0.0.41) as well.
The official announcement for version 32.0.1700.76 has additional details, and a post on the Chrome blog explains the new features.
New version of Java fixes more security issues
Included in a massive set of updates released yesterday by Oracle was a new version of Java. Version 7 Update 51 fixes a whopping thirty-four security vulnerabilities in previous versions.
If you use a web browser in which Java is enabled, you should install the new version as soon as possible.
Adobe Reader 11.0.06 released
A new version of Adobe’s Reader software was made available yesterday. Version 11.0.06 includes fixes for several security vulnerabilities. All the details are available in the new version’s release notes.
Flash version 12 released
Yesterday, Adobe announced new 12-series versions of the Flash player for various environments and browsers:
- Internet Explorer 10 on Windows 8 (via Windows Update): 12.0.0.38
- Internet Explorer 11 on Windows 8.1: 12.0.0.38
- Other versions of Internet Explorer: 12.0.0.38
- Google Chrome (self-updating): 12.0.0.41
- All other browsers on Windows: 12.0.0.43
You can get the new version from the main Flash download site.
Flash 12 includes some new features and enhancements, as well as fixes for several security vulnerabilities.
Patch Tuesday for January 2014
It’s a light month for Microsoft patches, with only four bulletins, none of which are flagged as Critical. The updates fix vulnerabilities in Office, Windows, and Server software.
Patches for the Windows XP NDProxy vulnerability and Office on Vista are among those made available today.
A post on the ISC Diary blog over at SANS has a useful overview of the vulnerabilities associated with this month’s patches.
As usual, the MSRC blog has its own spin on this month’s patches.
Updates for Adobe Reader on Patch Tuesday
Not wanting to be left out of the party next Tuesday, Adobe has announced that they will issue patches for Acrobat and Reader on January 14.
According to the bulletin, “These updates address critical vulnerabilities in the software.“
Latest SANS Ouch! newsletter: securing your home network
This month’s Ouch! newsletter (PDF) from SANS covers the basics of securing your home wireless network. There’s not much here for experienced professionals, but if you’re not sure whether your home wireless network is secure, this is a good place to start.