The latest version of Firefox includes a fix for at least one security vulnerability. Stability issues affecting specific display hardware were also resolved, as was an issue involving the display of Google Maps.
There was no announcement for Firefox 37.0.2 on the Mozilla blog. The release notes for version 37.0.2 provide additional details.
Recognizing that millions of people are still using Windows XP, Google has extended support for that O/S in their web browser. That means they will continue to develop fixes for security issues in Chrome running on Windows XP. Anyone still using Windows XP is strongly encouraged to stop using Internet Explorer, which is no longer supported by Microsoft, and use Google Chrome instead.
Nasty malware, hidden inside a phony ad that appeared on the Huffington Post web site, was exposed to thousands of users earlier this week. The Flash-based ad was delivered via Google’s Doubleclick advertising network. And this wasn’t even the largest malvertising exposure this week.
Google had better get to work on fixing this, or it will start eating into their primary revenue source.
Law enforcement and security organizations have once again combined their efforts in taking down another large botnet: Simda. The takedown involved seizing fourteen command and control computers in various locations around the world. At its peak, Simba affected over 700,000 computers worldwide.
The latest version of Chrome includes fixes for forty-five security vulnerabilities. According to the announcement, version 42.0.2311.90 also has improvements in stability and performance.
Starting with this version of Chrome, the old NPAPI technology used for plugins (including Java and Silverlight) is disabled by default. If any of your Chrome plugins still use this technology, you’ll need to enable them when the browser warns you.
Oracle has released Update 45 for Java 8. Anyone using Java should install the update as soon as possible, since it contains fixes for at least fourteen security vulnerabilities.
NOTE: Java 7 is no longer being updated, so if you’re still using it, you should upgrade to Java 8 as soon as possible. If Java is configured to auto-update itself, it will upgrade Java 7 to Java 8 automatically.
Update 2015May14: The final update for Java 7 was 7u79/7u80, released on April 14, 2015.
It’s that time again. This month there are eleven updates from Microsoft, with four of them flagged as Critical, affecting Windows, Internet Explorer, Office and .NET.
Adobe has once again come along for the monthly festivities, today releasing a new version of Flash. Version 17.0.0.169 fixes at least fourteen vulnerabilities in Flash, including one for which exploits have been observed in the wild.
So, time to get busy updating your systems… especially where you’re using Flash in a web browser.
Update 2015Apr19: One of this month’s Windows updates is causing problems for people running Oracle VirtualBox, a popular emulator. The problematic update is KB3045999, also referred to as MS15-038. There’s no word yet from Oracle or Microsoft regarding a fix. Uninstalling the update appears to work, but this is obviously a temporary solution.
Authorities from several countries have successfully neutralized the relatively small, but technically sophisticated botnet Beebone. At least 12,000 computers are still infected with the malware, but it has been rendered toothless through a process known as sinkholing.
What’s a passphrase? It’s a phrase or sentence that you use as a password. Phrases tend to be easier to remember than ordinary passwords, and they are much more difficult to crack.
This month’s Ouch! newsletter (PDF) provides a useful overview of passphrases and their use. Note that while passphrases can be very strong, you should still make sure to use a different one for each site or service. And of course you should use a good, offline password manager like Bruce Schneier’s Password Safe to keep track of them.
The Canadian Radio-television and Telecommunications Commission (CRTC) has handed out steep penalties to three organizations for failing to comply with Canada’s new anti-spam regulations.
Up to this point, there has been some doubt as to whether the CRTC and the Competition Bureau would follow through on the promise of the new law. Doubt no more: the worst offender was a Quebec company called Compu-Finder, which received a whopping 1.1 million dollar fine.
It’s not often that I find a reason to praise the CRTC, but this is one of those times. Nice work, folks! Keep it up.
boot13