Adobe, Patches and updates, Security, Shockwave

Shockwave 12.1.8.158

Leave a comment

The latest version of Adobe Shockwave is 12.1.8.158, which was actually released on April 22. The release notes don’t even mention it.

You can check the version of Shockwave on your computer by going to the Windows Programs and Features control panel, where it appears as Adobe Shockwave Player. Alternatively, you can check your browser’s add-ons: in Firefox, Shockwave appears in the Plugin list as Shockwave for Director. You can also check the installed version and install the latest version on the Shockwave Player Help page.

Firefox, Patches and updates, Security

Firefox 38.0 released

Leave a comment

Another stealth release from our friends at Mozilla, Firefox 38.0 fixes at least thirteen security issues.

Other changes in this release include tab-based preferences, as well as HTML5 enhancements and improvements to developer tools.

If you’re tired of waiting for Mozilla to issue proper release announcements, you can always get your Firefox news from another source, like the CERT alerts blog.

Update 2015May14: Two days later, and Firefox still isn’t updating itself. I’m not sure if there’s a problem with Mozilla’s update process, or if it’s just sluggish. According to Mozilla:

By default, Firefox is set to automatically update itself but you can always do a manual update. Here’s how:
1. Click the menu button, click help (question mark icon) and select About Firefox.
2. The About Firefox window will open and Firefox will begin checking for updates and downloading them automatically.

What I’m finding is that while the About box may be checking for updates, it’s not finding one, or in any case even if it finds one, it’s not downloading anything. It just says ‘Firefox is up to date’.

In any case, since this release contains fixes for security issues, I’m going to install it manually from the main download page. That page correctly identifies that I’m running an older version and offers a link to download the new version.

Update 2015May14: Via the official #firefox IRC channel, I was just informed that once again, a new version of Firefox is causing crashing problems. Version 38.0 has been pulled from release, and we can expect a fixed version 38.0.1 later this week.

Adware, Chrome, Google, Internet crime, Malware, Spam and scams

Google’s efforts to clean up ad injection on the web

Leave a comment

A recent post on the Chrome blog discusses Google’s recent efforts to clean up the growing problem of ad injection on the web.

From the post: “Ad injectors are programs that insert new ads, or replace existing ones, into the pages you visit while browsing the web.” If you’re seeing a lot of advertising on all the sites you visit, and much of it seems unrelated to the site, your computer may be running one or more ad injectors.

Ad injectors are unwanted software that is surreptitiously installed on victims’ computers through a variety of tricks, including “marketing, bundling applications with popular downloads, outright malware distribution, and large social advertising campaigns.”

The ad injection ‘ecosystem’ is complex, and at any given time there are thousands of injection campaigns affecting web surfers.

To combat this problem, Google has identified and removed 192 apps – identified as contributing to ad injection systems – from the Chrome Web Store. Improvements in the Chrome Web Store and Chrome itself help to protect against ad injection software. And Google is reaching out to advertising networks, to assist them in eliminating ad injection. Most importantly, Google’s AdWords network policies have been tweaked, to make it more difficult for the perpetrators of ad injection schemes to promote malicious software.

Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Microsoft updates for May 2015

Leave a comment

It’s the second Tuesday of the month, so Microsoft is pushing out another set of updates. This month there are thirteen updates, addressing about 50 vulnerabilities in Windows, Internet Explorer, .NET, Office, and Silverlight. Three are flagged as Critical.

As always with security updates affecting Windows, you should install these as soon as possible.

Two of the updates (MS15-044 and MS15-049) affect Silverlight. Once you install these updates, your version of Silverlight should be 5.1.40416.0, which you can confirm on the Get Silverlight page. Installing from that page will also update Silverlight to version 5.1.40416.0. That’s also the only way you can get the latest version if you’re using Windows XP.

Adobe, Chrome, Flash, Google, Patches and updates, Security

Security updates for Adobe Flash and Reader

Leave a comment

Updates for Flash and Reader/Acrobat, released earlier today by Adobe, address a variety of security vulnerabilities “that could potentially allow an attacker to take control of the affected system.”

Flash 17.0.0.188 includes fixes for at least eighteen vulnerabilities, all of which have been flagged as Critical.

Adobe Reader/Acrobat version 11.0.11 addresses seven Critical vulnerabilities.

Anyone still using Flash in a web browser should update Flash as soon as possible. If you use Adobe Reader to open PDF files from unknown sources, you should update Reader as soon as possible. As usual, newer versions of Internet Explorer will auto-update, as will Chrome (to version 42.0.2311.152).

Internet, Internet crime, Malware, Security, Spam and scams, WordPress and other CMS

Recent surge in spam likely due to Mumblehard botnet

Leave a comment

If you noticed more spam than usual in your inbox in recent months, you’re not alone. You may also have noticed that using your email client to block the sender is typically ineffective. That’s because the spam is coming from thousands of different domains, each corresponding to a different compromised web server.

This is the work of the Mumblehard botnet, which was observed sending mass spam starting about seven months ago by ESet researchers. The Mumblehard code has existed on the web for at least five years, but seems to have started its spamming activities on a large scale only in the last year or so.

Computers infected with Mumblehard are typically Linux web servers. It remains unclear exactly how servers become infected, but researchers suspect that unpatched WordPress and Joomla vulnerabilities provide the key.

Internet, Patches and updates, Security, WordPress and other CMS

WordPress 4.2.2 and critical theme updates

Leave a comment

A new version of WordPress addresses several critical security issues. Version 4.2.2 also fixes some non-security issues that were introduced in WordPress 4.2.

The vulnerabilities fixed in WordPress 4.2.2 are being actively exploited on the web, so anyone who operates a WordPress site should immediately check whether the new version has been auto-installed, and if not, install it.

Another vulnerability was recently discovered in the Twenty Fifteen theme that comes packaged with newer versions of WordPress. An updated version of the theme that addresses the issue is now available.

Uncategorized

YouTube no longer uses Flash by default

Leave a comment

If you’ve been trying to live without Flash, because of its never-ending security vulnerabilities, take heart. YouTube now shows videos using HTML5 instead of Flash by default. YouTube will still use Flash in browsers that don’t support HTML5, but all the major browsers do now support it.

Flash use is still pervasive on the web. But this change by YouTube – arguably the biggest user of Flash up to now – is going to reduce Flash usage enormously.

Note that while YouTube started experimenting with this change some time ago, it’s only recently shown up in Firefox, with version 37.

If YouTube was the only place you were using Flash, you should be able to completely disable Flash in your browser now.

Google, Internet

Google pushing for mobile-friendly web sites

Leave a comment

Google wants the web to be easier to view on mobile devices. To encourage web site owners to make their sites mobile-friendly, Google is now ranking mobile-unfriendly sites lower on mobile searches.

In other words, if you run a web site that fails to meet Google’s mobile-friendly requirements, that site will now appear lower down in Google’s search results, when the search is performed on a mobile device.

There’s no reason to panic, however. Mobile-friendliness is only one of numerous factors that determine where a site ranks in Google search results.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.