Patches and updates, Vivaldi

Vivaldi 1.3

Leave a comment

The people behind the alternative web browser Vivaldi keep hammering away at it, improving features and fixing bugs. With the release of version 1.3, Vivaldi is closer than ever to being a legitimate contender in the current browser war.

Still, Vivaldi has more than its share of problems. Some aspects of the user interface remain visually clunky or difficult to use, including the bookmark editor. There’s still inconsistency in the way links and bookmarks are handled.

I’ve been installing developer snapshot builds of the browser when they become available. In reviewing the change logs for these snapshots, I noticed a surprising number of ‘regression’ bugs being fixed. I understand that developer snapshots are not intended for regular use, and are likely to be rough around the edges, but each of these regressions belies a lack of communication and coherent effort among the developers.

Don’t get me wrong: I’m actually rooting for Vivaldi. I continue to hope that the Vivaldi developers get their act together and produce a version that I can once again consider seriously as a replacement for Firefox.

Opera, Patches and updates, Security, Vista, Windows XP

Opera update for Windows XP and Vista

Leave a comment

Opera is now the only major web browser that still supports Windows XP and Vista. If you’re still using either of those operating systems and browse the web, you should definitely stop using Internet Explorer, Firefox, and Chrome, and switch to Opera. Browsing the web is dangerous enough without the added risk of using a browser that has known security vulnerabilities that will never be fixed.

Note that the most recent Opera version that supports Windows XP and Vista is 36. It wasn’t easy to find older versions on the Opera web site, but I eventually found a page that allows you to download any version by platform.

A recent update to Opera 36 addresses security issues that are specific to XP and Vista. The announcement doesn’t mention the actual new version number, but based on my research, it seems to be 36.0.2130.65.

If you’re using Opera on XP or Vista, make sure you install the new version. It should update itself automatically, but you can also download Opera 36.0.2130.65 directly.

I’ve tried to locate release notes for the new version, with no luck. According to the announcement, several security fixes previously applied to later versions were back-ported to Opera 36.

Microsoft, Patches and updates, Silverlight, Windows

Silverlight 5.1.50428.0

Leave a comment

Silverlight 5.1.50428.0 was released on June 21. Windows systems configured for auto-update should have received the update as soon as it became available. Without auto-update enabled, the new version should have been installed the first time Windows Update was run after June 21. The update is designated KB3162593.

Fortunately, the new version doesn’t fix any security issues. According to the release notes, it “Fixes the DateTime parsing for Norwegian and Serbian cultures.” So, not all that interesting, and certainly not an urgent update.

Edge, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for August 2016

Leave a comment

It’s update time again. This month Microsoft is making available nine updates, affecting Windows, Internet Explorer, Edge, and Office. Five of the updates are flagged as Critical. A total 38 vulnerabilities are addressed with these updates.

The associated bulletin from Microsoft has additional details.

There’s also one new security advisory: Update for Kernel Mode Blacklist.

Internet crime, Security, Things that are bad

Potentially massive breach of Oracle POS software

Leave a comment

The details are still not clear, but there is strong evidence of a breach of Oracle’s MICROS Point Of Sale (POS) software.

This software is used by many popular companies, and could affect as many as 200,000 food and beverage outlets, 100,000 retail sites, and 30,000 hotels. The primary danger to customers of these companies is theft of credit card information.

Affected companies include Starbucks, Sonic, IHOP, Hard Rock Cafe, and Burger King.

Update 2016Aug21: Brian Krebs’ ongoing analysis reveals that the breach may be much larger than originally thought, possibly even affecting Oracle’s corporate network. Oracle remains largely silent on the issue, which is prompting a lot of backlash from MICROS users.

Microsoft, Patches and updates, Windows 10

Windows 10 anniversary edition

Leave a comment

Despite my extreme disappointment with Microsoft’s decision to prevent disabling advertising and privacy-compromising features in the Pro version of Windows 10, I am still running it on my test PC – for now. I don’t need to be running Windows 10 to talk about it, so I’ll be switching my test PC back to Windows 7 or 8.1 in the near future.

The anniversary update, which could fairly be described as Windows 10 Service Pack 1, has arrived. If you’re in the Windows 10 Insider Preview program, you’ve already seen all the changes that come with this update. For those of you not in the Insider program, here’s what the anniversary update includes: Windows Ink, a doodling program for tablets; improvements to the Start page, Start menu, notification center, taskbar, and other user interface elements; Cortana improvements; plus extensions and other improvements for Edge.

If you’re running Windows 10, you can get the anniversary update from Windows Update. You can also clean install it from an ISO image available from Microsoft.

Once the anniversary update is installed, Windows 10 will identify its version as Version 1607; OS Build 14393.10.

I haven’t encountered any new problems since my test PC upgraded itself to the anniversary version.

Before I remove Windows 10 forever from my test PC, I’m going to spend a bit of time looking into the new Pro version restrictions. There’s a small chance that some smart person will find a way around them; if so, I’ll post about it on this site.

Information from Microsoft:

Hardware, Security

Some wireless keyboards are vulnerable to keystroke sniffing

Leave a comment

Security researchers at Bastille tested a variety of wireless keyboards and found several that are vulnerable to keystroke interception and injection techniques.

The researchers developed a specific attack called Keysniffer, and used it to both read user keystrokes and inject their own keystrokes remotely, from as far away as 250 feet. The attack is possible because the affected keyboards don’t encrypt communications with the host computer.

Bastille obviously didn’t test every wireless keyboard out there, but they did provide a list of those they found to be vulnerable.

Java, Patches and updates, Security

Java 8 Update 101

Leave a comment

Oracle released Java 8 Update 101 a couple of weeks ago, and I somehow managed to miss it. The Oracle Critical Patch Update Advisory for July 2016 includes the details, and I’m still subscribed to the Oracle Security Alerts RSS feed, so I can only assume that I failed to notice it. Mea culpa.

The new version includes fixes for at least thirteen security vulnerabilities, as well as several other bug fixes.

Anyone with Java enabled in their web browser should update Java as soon as possible. Hopefully most of you noticed the update and installed it before I did.

Internet crime, Malware, Security

SANS ‘Ouch!’ newsletter for August 2016

Leave a comment

This month’s ‘Ouch!’ (PDF) is about Ransomware, that nasty type of malware that encrypts your data files and (if you’re lucky) allows for their decryption, once you pay a ransom.

It’s definitely a worthwhile read, especially if you’re not familiar with the term. Ransomware is real, and affecting increasing numbers of users.

Also see Ransomware update, recently posted on this site.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.