New version of Google Chrome fixes several vulnerabilities

Google has released a new version of its Chrome web browser: 20.0.1132.57, for Windows, Mac and Linux. The new version includes several security fixes, an update to Flash player and some stability/bug fixes.

The details of this new version are in the Google Chrome Releases blog.

Chrome typically updates itself with minimal fuss when it detects that a new version is available. You can also download the current version from the Chrome site.

Google Calendar alerts no longer working for Rogers cell phones

UPDATE 2012Jul24: It’s working again. The list of carriers has also changed, and there are now two separate entries for Rogers. Not sure what that’s about, but in any case, it’s now working again for me.


A couple of weeks ago I stopped receiving alerts from Google Calendar.

An otherwise excellent free service, I’ve been using Google Calendar for all my scheduling needs for several years. I was thrilled to find that it could send SMS text messages to my cell phone to remind me about appointments. I used this feature extensively, until it suddenly stopped working recently.

I’ve been working with Rogers tech support to resolve this, and we have come to the conclusion that the problem is between Google and Rogers. According to Rogers, they haven’t received any SMS messages from Google for my account recently. I’m able to both send and receive text messages from the phone.

Google’s support for its Calendar service consists – as with most of its other services – of help forums. The usual pattern is that someone posts a problem, then gradually more users find the original problem report and add their comments or ‘me toos’. Eventually, someone at Google takes notice and responds, usually to say that they are working on the problem. At some point the problem may end up being resolved. The key is to be patient. One of the reasons Google is able to offer so many wonderful free services is that they don’t spend much on support.

After struggling with this problem for a while, I posted a new problem report on the Google Calendar help forum. So far, there has been no response from Google, although several other users have chimed in with their observations.

Recently, someone posted a workaround on my problem report. It involves using Fido as the carrier instead of Rogers. Surprisingly, it does work, after a fashion, so that’s what I’m doing now. Using Fido as the carrier involves a bit of setup. When you send the verification code, you’ll receive a message telling you to subscribe to the ‘Fido email to SMS service’. Reply ‘Yes’ as instructed. After a few minutes you will receive confirmation. You will also receive notification of a new message, to which you must reply ‘Read’ in order to actually read. The first message should contain your verification code for Google Calendar. From then on, your Google Calendar alerts will arrive like that: a message telling you that you have a message, then the message itself. It’s not exactly slick, but it does seem to work reliably. I’m not sure whether any new charges will apply.

Patch disables Sidebar & Gadgets on Vista and Windows 7

One of the updates in the July 2012 Patch Tuesday collection was actually a ‘Fix-It’ that simply disables the ‘Sidebar’ and ‘Gadgets’ features of Windows Vista and Windows 7.

This drastic step was taken by Microsoft to address the general vulnerability of the Sidebar and Gadgets. Anyone who uses these features must choose between a) disabling them; and b) continuing to use them and risking the security of their computer.

The details are in Microsoft Security Advisory 2719662.

The Tech Support Phone Call Scam

The latest SANS OUCH! newsletter (PDF) covers an increasingly-common scam in which the scammer calls their victim on the phone and talks their way into accessing the victim’s computer.

Here’s an except from the newsletter:

“You receive a phone call from a person claiming to be from a computer support company associated with Microsoft or another legitimate company. They claim to have detected your computer behaving abnormally, such as scanning the Internet, and believe it is infected with a virus. They explain they are investigating the issue and offer to help you secure your computer. They then use a variety of technical terms and take you through confusing steps to convince you that your computer is infected, scaring you into ultimately buying their product.”

SANS is a computer security company based in the USA. They publish several excellent newsletters, including OUCH! You can subscribe to any of these lists for free at http://www.sans.org/newsletters/.

July 2012 Patch Tuesday is here!

Windows computers configured for auto update should receive these patches in the next 24 hours. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. For the technical details, here are links to all eleven of this month’s bulletins:

MS12-043 – Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) – Version: 1.0

MS12-044 – Critical : Cumulative Security Update for Internet Explorer (2719177) – Version: 1.0

MS12-045 – Critical : Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) – Version: 1.0

MS12-046 – Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) – Version: 1.0

MS12-047 – Important : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) – Version: 1.0

MS12-048 – Important : Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) – Version: 1.0

MS12-049 – Important : Vulnerability in TLS Could Allow Information Disclosure (2655992) – Version: 1.0

MS12-050 – Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) – Version: 1.1

MS12-051 – Important : Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) – Version: 1.0

Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution – Version: 1.0

Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.0

Atwood optimistic about Windows 8

Jeff Atwood raves about Windows 8 on his (awesome) blog, Coding Horror.

One rather surprising observation is that Windows 8 appears to start, shut down and generally run faster than Windows 7. Equally surprising is that the hardware requirements for Windows 8 are actually lower than for Windows 7.

I remain unconvinced, although to be fair I haven’t yet used it. The new Metro user interface alone is going to make Windows 8 a tough sell for me.

Windows 8 will be on store shelves in late October.

Google’s ‘Blocked Sites’ feature still not working

Google’s site blocking feature was announced on the official Google blog on March 10, 2011. It allows users logged into their Google account to avoid seeing search results from specific sites.

Most users began noticing a new link on their Google search results pages, offering to ‘Block all example.com results’ when the user returns to the results page immediately after clicking a result link. A site blocking management page allowed users to add and remove blocked sites directly.

Unfortunately, many users (including myself) are finding that these features are no longer working. In my case, the option to block results from a site on the search results page has stopped appearing, and although the existing blocked sites still appear to affect my search results, I can no longer add new blocks on the management page.

The problem may be related to Google’s push to switch over to secure HTTP for all of its services – at least for logged-in users. Other reports indicate that the new ‘Search Plus personalized results format’ may have broken this feature.

Some sites are reporting Google’s official stance on this issue as “we’re working on a fix but it may take a while.” I have been unable to verify this.

Computers infected with DNSChanger will lose Internet access on July 9, 2012

DNSChanger is a nasty piece of malware that – according to the FBI – still infects more than four million computers worldwide.

When the FBI arrested the people responsible for creating and controlling DNSChanger, they realized that taking down the servers controlling the malware would interrupt Internet access for computers still infected. So they left the DNSChanger servers up, but disabled the malware’s ability to spread further. They issued warnings to the general public, stating that they intended to shut down the DNSChanger servers on July 9, 2012. That day is approaching.

To avoid having your computer essentially cut off from the Internet on Monday, you should use one of the many available DNSChanger detection sites to determine whether your computer is infected. In the unlikely event that your computer is found to be infected, instructions and tools for removal of DNSChanger are available.

Advance notification of July 2012 updates from Microsoft

Microsoft has released its monthly “head’s up” for the Windows and Office updates scheduled to arrive on July 10, 2012.

There are nine bulletins/updates in total, ranging in impact from Important to Critical, affecting Windows (XP and newer) and Office (2003 and newer). One of the critical updates affects only Internet Explorer 9. Another addresses the Windows XML Core Services (MSXML) vulnerability that has been exploited increasingly in recent weeks. A total of 16 vulnerabilities will be addressed by these updates. An updated version of the Malicious Software Removal Tool is also included. A system restart will be required.

Windows computers configured for auto update should start seeing these patches in the early hours of July 10. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible after July 10. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. Microsoft no longer provides a web-based resource for system administrators to download offline updates.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.