boot13A post on the Duo Security blog reminds us to use unique and complex passwords for every online resource. And since most people can’t remember all those passwords, use password management software to keep track of them. I use Password Corral.
Google Chrome 28.0.1500.95 released
Version 28.0.1500.95 of Google’s web browser fixes several security vulnerabilities. The details are available in the official announcement.
The back-room wrangling that dictates your online experience
Okay, so this isn’t exactly news, in the sense of being new. But it is interesting. And it most definitely does matter, to anyone who uses the Internet.
If you’ve ever wondered why Youtube videos are suddenly buffering, or why that download is taking so long, you probably assumed that the server was overloaded, or your Internet provider was having infrastructure issues. But there may be a deeper cause.
A handful of organizations – mostly commercial in nature – provide the backbone of the Internet: the network hardware that makes up the core of the net. Since its inception, these organizations have engaged in negotiations about how they move data amongst themselves. When the commercial web got off the ground, these negotiations began to involve large amounts of money. As with all negotiations, all parties try to get what they want for the least amount of effort and expense. The difference is that in these negotiations, when one party is unhappy with the results, they can make their feelings known by downgrading the service they provide.
All of these negotiations happen without much fanfare, and the fights ebb and flow according to changing technology and the rise and fall of the fortunes of individual companies. The net effect for Internet consumers is inexplicable changes in Internet speeds.
Ars Technica has a terrific overview of this process and its ramifications. It’s a long read, but well worthwhile. Maybe you can read it while you’re wating for that Youtube video to finish buffering…
Canada’s new anti-spam law
Canada is late to the game when it comes to anti-spam laws, but with the recent passing of the “Canadian Anti-Spam Legislation” (CASL), it’s about to get a lot harder for spammers to do their work here (yes, I’m in Canada).
As with other anti-spam laws, the focus of CASL is consent. The following activities will become illegal with the new law: sending a commercial electronic message to a recipient without the recipient’s consent; installing software on a recipient’s computing device without their consent; and altering electronic messages during transmission without the recipient’s consent.
Other activities that will become illegal with the new law include: collection of personal information through access to computing devices; and harvesting electronic addresses from the Internet through automated methods for the purposes of building bulk email recipient lists.
There is no set timeline for enforcement of CASL to begin, but it should be within a few months, and certainly by the end of 2013. Once the law becomes official (comes into force), immediate compliance is expected. However, there will be a three year transitional period during which consent may be assumed for existing relationships.
Several different agencies will be involved in enforcement of the new law: the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner.
Additional highlights:
- Any commercial electronic message is assumed to be illegal, although there are exceptions.
- Potential recipients of commercial electronic messages cannot be added to recipient lists automatically. Explicit consent to receive such messages must be given by the potential recipient. In other words, commercial email list subscription must be “opt-in” instead of “opt-out”.
- Software must not be installed automatically on customer computers. This part of the law is meant to curtail the forced installation of unwanted software along with other (wanted) software.
The new law will present serious challenges to commercial organizations, so it would be wise for all such organizations to begin assessing its impact immediately. Penalties will typically take the form of very steep fines: up to ten million dollars.
An official FAQ for the new law is available.
New version of Chrome: 28.0.1500.72
A single minor fix is the only reason for this new version of Google’s web browser. It also seems to include the latest Flash, although given the way Google software updates itself, that may have happened silently between 28.0.1500.71 and 28.0.1500.72.
Microsoft says “your privacy is our priority” (unless the NSA is involved)
Over at TechDirt, a post by Tim Cushing details a recent leak published by The Guardian, showing that Microsoft values your privacy, unless the NSA comes calling. When the NSA asks for your ‘private’ information, Microsoft is happy to hand it over. This means that nothing you say on Skype, Outlook.com, Skydrive or Hotmail is safe from prying eyes.
Microsoft is quick to point out that nothing they’ve done is illegal, but that’s really the problem, isn’t it?
Updates for Flash
Version 11.8.800.94 of Flash was announced today. As always, “[t]hese updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.” For a more complete change list for this version, see the Flash Player 11.8 Release Announcement on the Flash Runtime Announcements page.
A patch for Internet Explorer 10 that includes a new version of Flash (also 11.8.800.94) was released by Microsoft today as well.
An update for Flash in Chrome should also become available from Google in the near future. The new version of Flash in Chrome will be 11.8.800.97.
New version of Chrome announced
Another new version of Google’s Chrome web browser was announced today.
Version 28.0.1500.71 of Chrome fixes several bugs and security vulnerabilities. It doesn’t seem to include the latest version of Flash, however.
Patch Tuesday for July 2013
It’s that time again. This month there are seven bulletins: “six Critical and one Important, addressing 34 vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, GDI+ and Windows Defender.”
The MSRC blog post has additional details.
Windows 8.1 available to manufacturers in late August
On July 8, at the Worldwide Partner Conference in Houston, Microsoft executives announced that Windows 8.1 will be released to manufacturing in late August. Still no word on when the update will become available to consumers in retail stores or through other channels.
Another question that remains is whether Windows 8.1 will be available through Windows Update or Windows automatic updates. If so, will it be a forced update, or will it be optional? In the past, Windows Service Packs (which are the closest analog to the 8.1 update) were available via Windows/auto update and – at least initially – not forced.