This month’s ‘Ouch!’ newsletter from SANS covers password managers. A password manager is a small program that stores all of your passwords, in an encrypted form. When you forget a password, you only need to remember the password manager’s password to access your collection.
I’ve been using the freeware Password Corral for years and recommend it.
On October 3, 2013, Adobe announced that their network and some of their servers had been breached. Their investigation continues, and the full scope and impact of the breach has yet to be determined.
However, we do know the following:
Ars Technica has additional details, as does the SANS ISC Diary.
Update 2013Nov02: Ars Technica explains exactly what Adobe did wrong and why we should all be worried about it. Adobe now says that as many as 38 million users were affected by the breach.
Update 2014Oct10: Duo Security reviews the fallout from this breach, and warns of the dangers of password hints.
Patches from Microsoft and Adobe were announced today, along with a new version of Flash.
Eight bulletins from Microsoft fix security vulnerabilities in Windows, Internet Explorer, .NET, Office, Windows Server and Silverlight.
The Microsoft Security Research Center as usual provides a more friendly overview of this month’s patches, while the SANS Internet Storm Center provides a wealth of technical details.
Two bulletins from Adobe fix security vulnerabilities in Adobe Reader/Acrobat and Robohelp.
Flash 11.9.900.117 includes a long list of bug fixes. Chrome will be updated silently to match the new version of Flash. An update for Internet Explorer 10 on Windows 8 is also on the way.
Development continues on the new Webkit-based version of the Opera web browser. Version 17 was announced today. This version adds pinned tabs, startup options and custom search engine support.
Purists can still download the classic version 12.x Opera. It remains to be seen how many of the features lost in the transition from the Presto-based browser will be added to the Webkit-based browser. So far there’s plenty missing, including bookmarks, the sidebar and proper tab control.
Yesterday, Google announced another update for its Chrome web browser.
Version 30.0.1599.69 fixes two bugs that were introduced in the previous version.
Next Tuesday, October 8, will see patches from Microsoft (for Internet Explorer, Windows, .NET, Office and Silverlight) and Adobe (for Reader/Acrobat).
Included in the patches from Microsoft will be a fix for the recently-discovered security flaw affecting all versions of Internet Explorer.
Additional details:
Ars Technica recently posted an interesting summary of usage stats for operating systems and web browsers on desktop, laptop, and mobile computing platforms.
Here are a few highlights:
Google announced Chrome 30.0.1599.66 on Tuesday. This version fixes a whopping 50 security vulnerabilities, many of which were reported via Google’s Vulnerability Rewards Program. The new version also includes many performance and stability improvements.
The latest version of the new Webkit-based Opera fixes a problem with password migration. The pre-Webkit version of Opera is still available and (in my opinion) a superior web browser.
Any time something catches the attention of huge numbers of Internet users, there’s a possibility that nefarious persons will try to make money from it. A famous actor has their phone hacked, a celebrity dies, or a whistleblower exposes the extent of NSA snooping, and the spam in your inbox suddenly has a new flavour… or worse.
Zscaler and other security researchers are reporting an increase in ransomware threats that are built on recent revelations of the NSA’s activities.
Ransomware works like this: you visit a web site that has been compromised and is serving malicious code. The code infects your computer, after which it becomes impossible to use your computer. Instead you see a full page threat from what appears to be the NSA, claiming that you have participated in unlawful activities (usually downloading copyrighted materials). You are told that you can pay up or face legal action.
If this happens to you, do not follow any of the instructions shown by the ransomware. Hire a professional to remove the malware or reinstall your operating system.
How to determine whether a warning is fake and ransomware:
boot13