Internet, Internet crime, Security

Web-based password manager LastPass hacked

Leave a comment

One of the more popular online password managers has been hacked. LastPass’s servers were breached and user data stolen, including hashed user passwords, cryptographic salts, password reminders, and e-mail addresses.

According to LastPass staff, your passwords are still secure, because only the encrypted versions were obtained. Analysts have confirmed that the risk to LastPass users is minimal, mostly due to safeguards employed by the service.

Still, if you use LastPass, you should immediately change your master password. You will in fact be prompted to do so when you log in.

Although LastPass had effective safeguards in place, the fact that they were hacked (again) leaves me wondering whether it’s ever a good idea to use any Internet-based password manager. I strongly recommend using an offline password manager like the excellent Password Corral or Password Safe. Both are freeware.

Ars Technica and Brian Krebs have more details on the hack and its implications for users.

Internet, Security, WiFi

VPN doesn’t make open WiFi completely secure

Leave a comment

Public WiFi access points (APs) are extremely convenient. They’re also not very secure. Most WiFi APs are configured to use encryption, which is why you need a password to access them. Most also use strong encryption, in the form of WPA2. That sounds good, but if you’re at all concerned about security, it’s not enough.

Even with strong WiFi encryption, anyone who has the WiFi password and is within range of an AP is sharing the network with everyone else using that AP. That means they can use network sniffing tools to see all the traffic on that network. If you sign in to any web-based service (such as web mail, or your bank site), and that service doesn’t also provide encryption, your username and password can be obtained very easily.

Savvy public WiFi users know this, and use VPN (Virtual Private Network) software to further encrypt their network communications. VPN adds a layer of encryption that is dedicated to your computer and makes your communication indecipherable, even to the hacker at the next table.

Unfortunately, even with VPN software, your communications on a public WiFi network are vulnerable. That’s because – in a typical (i.e. default) setup – there’s a delay after you connect to the AP and before the VPN kicks in. During this delay, you are exposed.

To be truly secure, even with a VPN, you need to apply limitations on what your computer can do over public WiFi – especially what it can do during periods when the VPN is not yet active. Unfortunately, this can get complicated. The guides linked below should help.

Microsoft, Patches and updates, Windows 10, Windows 7, Windows 8.x

Windows 10 upgrade process now running on Windows 7 & 8 desktops

5 Comments

There’s a new process running on my Windows 8.1 desktop. I first noticed it just now, when I logged in for the first time after installing the June updates from Windows Update. Microsoft has confirmed that this new process was installed via the optional/recommended Windows Update KB3035583, which sports the somewhat misleading title “Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1”.

The process name is GWX.exe. It appears in the notification area (aka system tray) as a white Windows logo. Right-clicking this icon shows the following options:

  • Get Windows 10 – pops up a dialog with some explanatory text (see below).
  • Reserve your free upgrade – pops up a dialog that says ‘Great, your upgrade is reserved!’ (see below)
  • Go to Windows Update – does exactly that
  • Get to know Windows 10 – opens a browser window and navigates to the Windows 10 FAQ

Reserve your free upgrade

On my computer, just before the upgrade reservation dialog appeared, another dialog flashed briefly on the screen. That dialog seemed to show information about the compatibility of the computer with Windows 10. All I managed to see was a bit of text that said something like ‘Windows 10 will work on this PC’.

Here’s the upgrade reservation dialog:

Get Windows 10 - Upgrade Reserved

In case you can’t read that, it says:

Once it’s available on July 29th, Windows 10 will be downloaded to your device. You’ll get a notification when it’s ready to install — install right away, or pick a time that’s good for you.

As you can imagine, I was somewhat alarmed at seeing this, since it seems to be telling me that I’ve agreed to upgrade my Windows 8 computer to Windows 10, or at least that Windows 10 will be automatically downloaded to my computer. I don’t actually want either of those things to happen; at least not that soon, and certainly not automatically. So I skipped the email confirmation step and simply closed the dialog, hoping that canceled the ‘reservation’.

Unfortunately, that didn’t seem to help. The notification icon’s menu changed from ‘Reserve your free upgrade’ to ‘Check your upgrade status’. Selecting that option just performs the compatibility check and shows the upgrade reservation dialog again.

Get Windows 10

Selecting this option displays another dialog, this one consisting of a series of five panels that explain ‘How this free upgrade works’. This again confirms that Windows 10 will automatically download when it becomes available. That’s a 3 GB download, which is apparently unavoidable at this point. Thankfully, I will apparently be given an opportunity to decide at that point whether I want to actually install Windows 10.

Another panel trumpets the fact that the Start menu is back in Windows 10. Thanks a lot, Microsoft. How about adding it back to Windows 8, you know, like you promised? Other panels mention Cortana and the new web browser in Windows 10.

Also on this dialog is a small ‘hamburger’ menu at the top left. Clicking it shows a menu that includes an option to ‘Check your PC’ (see below). Running that shows the compatibility checker that I previously observed flashing past when I clicked the ‘reserve’ option.

Another option on that menu is ‘View confirmation’. Clicking that shows yet another dialog, and this one includes a ‘Cancel reservation’ link. As you can imagine, I clicked that link. After confirming my decision, it was indeed canceled (hopefully). The notification icon’s menu reverted to ‘Reserve your free upgrade’ in any case.

Check your PC

According to the compatibility checker: ‘This PC can be upgraded but there may be some issues.’ It goes on to say:

  • Windows Media Center will be uninstalled during the upgrade. It isn’t available in Windows 10.
  • You’ll need to reinstall language packs after the upgrade is complete.
  • These apps will need to be reinstalled after the upgrade: Microsoft Network Monitor 3.

Details and limitations of the free Windows 10 upgrade

Much has been made of this free upgrade. Clearly, Microsoft wants to get everyone to upgrade to Windows 10. Especially if you’re running Windows 7 or 8, apparently. But if Microsoft was really serious about this, they would offer the free upgrade to users of Windows XP and Vista as well.

Here’s what you need to know about the reservation and upgrade:

  • You only have until July 29, 2016 to take advantage of this offer.
  • This is a full version of Windows, not a trial or introductory version.
  • When you reserve, you can confirm your device is compatible with Windows 10. Between reservation and when your upgrade is ready, the files you need for the upgrade will be downloaded to your PC to make the final installation go more quickly.
  • The only requirements are that a) your device is compatible, and b) you’re running genuine Windows 7 Service Pack 1 (SP1) or Windows 8.1 (Update).
  • There’s no obligation and you can cancel your reservation at any time.
  • Get Windows 10 is an app that’s designed to make the upgrade process easy push users to install Windows 10. It checks to make sure your device is compatible, and it reserves your free upgrade; it also has information to help you learn about the features in Windows 10. For devices running Windows 7 SP1 or Windows 8.1 Update with Windows Update enabled, the app shows up automatically as a Windows icon in your system tray at the bottom right-hand side of your screen.
  • The easiest way to get the free upgrade is to reserve, but you can upgrade even if you don’t reserve. Just open the Get Windows 10 app to schedule your upgrade.
  • You can get a free upgrade for each of your eligible Windows devices. Again, ‘eligible’ means ‘legally obtained and licensed’.
  • PCs that cannot run Windows 10 will not see the Get Windows 10 app before July 29, 2015. After July 29, 2015, the icon in the system tray will start to appear.
  • When you upgrade, you’ll stay on like-to-like editions of Windows. For example, Windows 7 Home Premium will upgrade to Windows 10 Home.

Getting rid of the upgrade app

Needless to say, I’d like to remove the Get Windows 10 app from the Windows startup process on my computer. If I want to upgrade, I’ll do it in my own time, thank you very much. I don’t need Microsoft constantly yelling at me to upgrade. Removing the app involves uninstalling update KB3035583 via Control Panel > Programs and Features.

Related articles

Update 2015Jun12: The KB3035583 update first became available from Windows Update in April 2015. I only started seeing it after I installed the June updates because I explicitly selected it from the list of optional updates, thinking it was actually something else. Mea culpa.

Adobe, Flash, Patches and updates, Security

Flash 18.0.0.160 fixes 13 security issues

Leave a comment

The latest Flash release from Adobe is version 18.0.0.160. According to the associated security bulletin, this update addresses at least thirteen security vulnerabilities.

Several other bugs, unrelated to security, were also resolved. See the release announcement and release notes for details.

The new version also includes a somewhat streamlined installation process: users will no longer be prompted to restart their browser after Flash installation. The previous version will continue to function until the browser is restarted.

As usual, Chrome will be automatically updated to use the new Flash, and Internet Explorer 10 and 11 on recent versions of Windows will get the new Flash via Windows Update.

Opera, Patches and updates

Opera 30 released

Leave a comment

It’s been over a year since I last posted about a new version of Opera. I’ve been much less interested in that browser since the developers switched to the WebKit engine. Combined with the total lack of anything resembling new version announcements, the result is that I’ve missed a year’s worth of new versions.

Opera 30 was released today, with the usual lack of a formal announcement. I only learned of the update because I ran FileHippo’s update checker. There was a post on the Opera blog that coincided with the arrival of the new version, but the post says nothing about a new version, and only mentions the current version in passing.

In any case, the changes in Opera since version 22 are numerous, as you can see below. The good news is that there is now a bookmark sidebar. The bad news is that bookmarks don’t actually appear in the sidebar, but in the main window. Still, it’s progress. At least it’s better than Chrome in this regard.

Changes since Opera 22

  • Stability enhancements.
  • Fixes and enhancements for how Opera handles plugins.
  • Heart menu – Add or remove currently viewed pages to Speed Dial, Stash, or the bookmarks bar from a single place on the combined search and address bar.
  • New user-interface element added for allowing blocked content in a secure session.
  • Hover your mouse over a tab to preview its contents.
  • On Windows, the chrome has been improved to better distinguish private windows.
  • Fixes and enhancements for how Opera handles HiDPI on Windows.
  • A bookmark manager allows you to collect and organize your favorite content, including a thumbnail preview for visually recognizing pages.
  • Web notifications let developers deliver native alerts or status information to their users.
  • A PDF viewer displays documents directly in the webview, without the need for installing an extension. The built-in PDF viewer will only be enabled if no other PDF handlers are in use.
  • Memory and loading improvements for the start page.
  • Enhancement for the Opera tile icon on Windows 8.
  • Share bookmarks from the bookmark manager anywhere a URL can be sent. Opera provides external access to select bookmarks or an entire bookmark folder for an extendable 14-day period.
  • Opera now imports data from other browsers. Import bookmarks, cookies, history, and passwords from Opera 12, Google Chrome, Firefox, Internet Explorer, or Safari.
  • Preview pages before printing to either software or hardware printers without the need of the system dialog.
  • A new tab menu helps you find tabs in a list view once a large amount have been opened. Look for the button on the far right of the tab bar.
  • Opera internal pages, like Bookmarks, Speed Dial and Discover, now have a new navigation at the bottom of the start page.
  • Opera’s print preview has been restyled.
  • Context menus and issues with empty bookmark folders in the bookmark manager have been tweaked and fixed.
  • Enhanced support for Pepper Flash Player (PPAPI) solving issues with Chromium’s discontinuation of Netscape Plugin Application Programming Interface (NPAPI) plugins like Adobe Flash Player.
  • Sync bookmarks between your computer and your phone or tablet.
  • Bookmark suggestions now appear when typing in the combined search and address bar.
  • The bookmark manager has been improved. It now includes batch operations and a tighter sidebar.
  • A new look for the start page and Speed Dial.
  • View a revamped history page directly from the start page.
  • View the tabs you have open on other devices.
  • Quickly see which tab is playing sound with the audio indicator in the tab bar.
  • Customize your keyboard shortcuts.
  • Use mouse gestures to open links in a new tab or window or in a background tab.
  • View and manage the Speed Dial start pages of your other devices in the bookmark manager.
  • New functionality with the extensions sidebar. View sidebar extensions available at addons.opera.com/.
  • Access recently-closed, synced, and currently open tabs in the tab menu. Enable tab previews and a new tab cycler.
  • Better manage bookmarks and bookmark folders using a trash folder in the bookmark manager. Restore bookmarks if you accidentally remove them or clear them from your browser for good.
  • Opera now syncs your browsing preferences and settings.
  • HTML5 video media source extensions support for high-definition screens.
Internet, Spam and scams, Tools

Avoid Hola’s free VPN service

Leave a comment

In the wake of Snowden’s revelations, many people have started using VPN services to encrypt their online activities. Until recently, one popular choice was Hola’s free VPN.

Researchers have discovered that Hola is selling access to the resources of its users, creating what has been described as a botnet, which may have been used for malicious activities.

Hola has been scrambling to deal with the public backlash over this news, but so far all they’ve done is retroactively update their FAQ, adding statements about what Hola can do with your computer if you’ve installed their software.

Recommendation: avoid Hola completely. This kind of deceptive behaviour should not be encouraged. If you’ve been using Hola, check your level of exposure using this handy tool.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.