Patches and updates, Security, WordPress and other CMS

Critical security fixes for Joomla

December 16, 2015 jrivett Leave a comment

Sites running the popular web Content Management System (CMS) Joomla have been targeted by large-scale attacks recently. Joomla’s developers have responded by publishing a fixed version, Joomla 3.4.6.

Anyone who operates a Joomla-based web site should stop what they’re doing and install the necessary updates immediately.

Update 2015Dec23: Joomla developers discovered that a bug in PHP – the language in which Joomla is developed – would likely lead to more vulnerabilities in Joomla. The PHP bug has been fixed, but that won’t help sites that are running older versions of PHP. Recognizing this, the Joomla developers released another update (Joomla 3.4.7) that addresses the underlying vulnerability.

Chrome, Google, Patches and updates, Security

Chrome 47.0.2526.106 announced

December 16, 2015 jrivett Leave a comment

Two security issues were fixed in the newest version of Chrome, 47.0.2526.106. The full change log is mercifully light for this update, and shows that this is a bug fix release.

Uncategorized

Firefox 43 lands

December 15, 2015 jrivett Leave a comment

Earlier today, Mozilla published an article on their company blog, titled Firefox Gives You More Control Over Your Data in Private Browsing.

I must be getting pretty good at detecting these cryptic Firefox version update announcements, because I spotted this one right away. Sure enough, despite there being no mention of a new version, there’s a link at the bottom of the post which reads Release Notes for Firefox for Windows, Mac, Linux. And the link clearly points to a version 43 folder.

So it’s not exactly a new version announcement, but there were enough hints there to figure it out.

Maybe I should talk about the new version of Firefox.

The ‘announcement‘ only talks about changes to the Private Browsing with Tracking Protection feature, which now has a ‘strict’ setting that may provide better privacy while breaking many popular sites. Not recommended unless you’re truly paranoid and don’t mind being frustrated.

The release notes get into more detail. But there’s not a lot that’s likely to excite much interest. About sixteen security issues were fixed as well, so you should go ahead and update Firefox ASAP.

Adobe, Flash, Google, Security

Adobe’s plans for Flash

December 14, 2015 jrivett Leave a comment

Adobe’s plans to phase out Flash continue. Early in 2016, the software used to create Flash video will be renamed from Flash Professional to Adobe Animate CC. The new software will still be able to produce Flash videos, but it will focus more on HTML5 video.

The ubiquitous and notoriously insecure Flash player – the one that lets you play Flash video in your browser – will continue to be developed and supported by Adobe for at least the next five (and maybe ten) years. But Adobe is making it easier for video producers to move away from Flash and toward HTML5.

Meanwhile, Google has announced that they will start blocking Flash-based advertisements, which should provide the necessary motivation for advertisers to move away from Flash.

References

Adobe, Patches and updates, Shockwave

Shockwave player 12.2.2.172

December 10, 2015 jrivett Leave a comment

According to FileHippo’s release history for Adobe Shockwave Player, Shockwave 12.2.2.172 was released on November 25, 2015.

The official download page for Shockwave confirms that the latest version is 12.2.2.172. Unfortunately, the official release notes for Shockwave show the latest version as 12.2.1.171.

Worse still, Adobe’s Shockwave version checker page tells me this: “Sorry, your computer does not have the latest Shockwave Player installed. Please go to step 2. (Your version:12.2.2.172 Latest Version:12.1.9.159)” It’s trying to tell me that 12.1.9.159 is the latest version (it isn’t) and that the version I’m running (which is in fact the latest version) is both out of date and somehow older than a version which is clearly the older of the two (12.1.9.159 is older than 12.2.2.172).

Hey Adobe: it’s hard enough to keep our software up to date without you sending us mixed messages.

Microsoft, Patches and updates, Security, Silverlight

Silverlight 5.1.41105.0

December 10, 2015 jrivett Leave a comment

The recent updates from Microsoft included one for Silverlight that fixes one security vulnerability. Silverlight’s version was also changed to 5.1.41105.0, as shown on the Silverlight release history page.

You can check whether you have Silverlight installed and which version is running by visiting the Get Silverlight page.

Chrome, Flash, Google, Patches and updates, Security

Chrome 47.0.2526.80

December 10, 2015 jrivett Leave a comment

The newest version of Google’s web browser Chrome includes fixes for at least seven security issues, as well as the latest version of its embedded Flash player.

The change log is a manageable size this time, and reveals that version 47.0.2526.80 fixes a variety of other bugs, but doesn’t add any new features.

Opera, Patches and updates

Opera 34 arrives

December 8, 2015 jrivett Leave a comment

The latest version of the Webkit-based Opera browser is 34.0.2036.25. As usual, there was no proper announcement, just this weird article on the Opera desktop blog. At least the article bothers to point out that there is a new version, referring to it as 34.

The release notes describe some changes that are not likely to excite much interest, and go on to say vaguely that the new version contains ‘Stability enhancements and bug fixes.’

The full change log for version 34 lists numerous bug fixes and improvements. It’s not clear whether Opera 34 includes any security fixes, but I like to think anything like that would have been mentioned in the change log.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Silverlight, Windows

Patch Tuesday for December 2015

December 8, 2015 jrivett Leave a comment

Another month, another pile o’ patches from Microsoft and Adobe. This month Microsoft is pushing out twelve updates, affecting 71 vulnerabilities in Windows, Internet Explorer, Edge, Office, .NET and Silverlight. Eight of the updates are flagged as Critical.

Microsoft has also published a few security advisories since the last monthly update.

Adobe’s chimed in this month with a new Flash (aside: how weird would it be if they didn’t?) The new version addresses at least 78 security vulnerabilities in the veritable piece of swiss cheese we know as the Flash player. The new version is designated 20.0.0.228 on most platforms, but the version designed for use in Firefox and Safari on Windows and Mac is 20.0.0.235.

Boot13, Google, Security, SEO

New: browse boot13.com securely

December 5, 2015 jrivett Leave a comment

You may have noticed that web sites everywhere are moving toward secure browsing. There are a couple of reasons for this. First, Ed Snowden confirmed our fears, revealing that the NSA and partner organizations are snooping on everything we do. Second, Google is pushing for encryption everywhere by penalizing sites that don’t offer secure browsing.

Boot13 may now be browsed securely, by pointing your web browser to https://boot13.com.

A big shout out and thank-you to Let’s Encrypt, an organization that provides free security certificates and related tools to anyone who operates a site or service that can use them. The certificate we’re using on Boot13 was provided by Let’s Encrypt.

References

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.