boot13Yesterday, Google announced version 26.0.1410.43 of their web browser, Chrome. The new version includes several fixes for security vulnerabilities, as well as improvements to the integrated spelling checker.
Windows 7 Service Pack 1 now being pushed via autoupdate
If you’re running Windows 7 and have autoupdate enabled, Service Pack 1 is no longer a choice. SP1 will be installed automatically whether you want it or not. If you have a good reason to avoid SP1 (although I can’t think of one), your only option is to disable autoupdates.
Google Reader to be retired on July 1, 2013
Google’s excellent feed reader service is being retired in July. Visitors to the Reader site are seeing this message:
Clicking the ‘Learn more’ link takes you to a Google Support page that offers some assistance in exporting Reader settings. Google’s explanation for the change is, frankly, lame.
I recognize that Reader was a free service, so I’m not going freak out about all the cool stuff Google seems intent on shutting down, but Reader was a big part of my daily news intake, and I’ll miss it.
Techdirt’s Mike Masnick just posted his thoughts about this. As usual, he hits the nail on the head. I’m one of those people who has become almost entirely dependent on Reader and now I’m going to be scrambling to find an alternative.
Update: I’ve settled on RSSOwl as a replacement for Reader. It’s fast, powerful and flexible. So far, so good.
Ouch! newsletter for March: Social Network safety
This month’s Ouch! newsletter (PDF) from SANS explains the security risks involved in using various kinds of social media, and provides tips for staying safe.
Chrome 25.0.1364.172 released
Another new version of Google’s web browser was announced today.
The new version includes the latest version of Flash (11.6.602.180), as well as some other stability improvements.
Flash 11.6.602.180 released
A new version of Flash was announced today. Version 11.6.602.180 fixes several security (and other) bugs and adds a few new features. The security issues are described in the associated security bulletin: APSB13-09. The rest of the changes are covered in the release notes for 11.6.602.180.
Patch Tuesday for March, 2013
Yes, it’s that time again. Time to update all your Windows computers, or at any rate helplessly watch as auto-update randomly siphons away your computer’s resources at the most inopportune times.
This month’s crop of updates includes a total of seven bulletins, which address vulnerabilities in Internet Explorer, Outlook, Visio, Silverlight, SharePoint, OneNote and Windows driver technologies.
This month’s bulletins:
- MS13-021 – Critical : Cumulative Security Update for Internet Explorer (2809289)
- MS13-022 – Critical : Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
- MS13-023 – Critical : Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
- MS13-024 – Critical : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
- MS13-025 – Important : Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
- MS13-026 – Important : Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
- MS13-027 – Important : Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
If you can’t get enough about these patches, there’s more technical stuff over at the MSRC blog.
Java Zero-day exploit status
Like the “__ days since the last accident” signs that are common in workplaces, the Java Zero-day Countdown web site provides a quick check on Java’s current security issues.
Recall that a zero-day exploit/attack/threat is “an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on ‘day zero’ of awareness of the vulnerability.” [from Wikipedia]
Java has been hit by a stream of such attacks in recent months, and despite new security-tightening features added by Oracle (Java’s developer), there’s no end in sight. Java’s ubiquity makes it a prime target for the perpetrators of malicious hacks.
Maybe some day Oracle will tighten Java’s security to the point where sites like the Java Zero-day Countdown aren’t necessary. Until that happens, it’s a good way to get a quick overview on current threats to Java.
New Linux PC, running 64-bit Ubuntu 12.04
When my main game server died recently – a row of capacitors went bad on the motherboard – I took it as a sign that it’s time to build a powerful new server. But instead of running Windows, I decided it was time to take the next step in switching my systems over to Linux.
I’ve been running an Ubuntu Linux server for a while, mainly to help educate myself in Linux administration. It’s at least partially a production server: it runs the centralized syslog logging service for the local network, and it runs the email services for my self-hosted web sites. But it’s nowhere close to being able to run a Linux client GUI: a 688 MHz Celeron CPU and a paltry 384 MB of RAM.
The new PC is running an Intel Core i7-3770K on an ASUS P8Z77-V LGA 1155 Intel Z77 Intel Motherboard, with 8GB of DDR3 SDRAM. The case is a real beauty, a Corsair Obsidian Series 550D Black Aluminum / Steel ATX Mid Tower: big, quiet fans; detachable vent covers; removable filters on all intakes; no-tool installation of drives; hidden cable routing; foam insulation; silicon fan, power supply and drive mounts; one-touch removal side panels; and removable drive bays. Highly recommended.
I had some trouble installing Ubuntu from my USB thumb drive, so I finally gave up and installed a $5 DVD drive and installed from there without any trouble.
By default, Ubuntu 12.04 runs the Unity desktop GUI. It’s probably a good choice for novice computer users, since it hides a lot of technical details and is fairly simple. It’s too simple for my taste, however. So now I’m installing KDE. I’ll post more as the work continues.
Advance notification of March Patch Tuesday from Microsoft
March 12th will see a new batch of updates for Windows, Office, Internet Explorer and other Microsoft software. This month there will be seven bulletins, four flagged as Critical.
Patches will become available at around 10am PDT on March 12. PCs configured for auto-updates will see the patches during the following day or so.
Technical details are available in the complete bulletin at TechNet.