In Microsoft parlance, ‘mainstream’ support includes requests for feature changes, certain free support options (eg. phone support), and non-security updates. Now that Windows 7 is in the ‘extended’ support phase, Microsoft will no longer be changing the O/S, except to fix security issues.
In other words, there’s no need to panic. Windows 7 will continue to get security updates until 2020.
The latest version of Firefox fixes several security issues and other bugs. Firefox 35 also includes improvements to the new search interface and the built-in ‘Hello’ chat feature.
Anyone who uses Firefox should install the new version as soon as possible.
The latest version of Google’s web browser includes the latest version of Flash (16.0.0.257) as well as some other bug fixes. Anyone using an older version of Chrome should update to version 39.0.2171.99 as soon as possible.
As usual, Google Chrome will update its embedded Flash automatically, and updates for the embedded Flash in Internet Explorer on Windows 8.x will be available via Windows Update.
Anyone using a web browser with Flash enabled should install the new Flash as soon as possible.
Update 2015Jan13: One of the updates in this batch is the source of some ill-will between Microsoft and Google. Google reported a Windows 8.1 vulnerability to Microsoft on October 13, and in keeping with its disclosure policies, made the vulnerability public 90 days later. By the time Microsoft got around to developing a fix, it was too late to make the patch available before the 90 day delay would end. Microsoft apparently asked Google to wait for the patch to be released on January 13, but Google stuck to its policy. Now Microsoft has publicly expressed its displeasure with Google. Information Week has additional details.
Despite the demise of CryptoLocker, ransomware is still prevalent, mostly in the form of CryptoWall, now in its ‘improved’ 2.0 version.
Security researchers recently deconstructed CryptoWall 2.0 and shared their findings in a post on a Cisco security blog.
The researchers discovered that the malware uses a variety of techniques to obfuscate itself on target systems. It’s also able to infect both 32 and 64 bit Windows systems. And it can detect whether it’s running on a virtual machine, making it more difficult to analyze. The command and control servers are apparently in Russia.
A Windows computer can become infected with CryptoWall in a variety of ways, including as part of an e-mail ‘phishing’ attack, through a malicious website, via malicious PDF files, or in a spam e-mail disguised as an ‘Incoming Fax Report’.
Malicious hackers are increasingly using compromised, consumer-grade routers to amplify the power of their DDoS attacks. Ordinary users are often unaware that their network devices can be compromised, and even less likely to recognize any actual compromise.
Adding to the problem is the slow pace – or utter lack – of security updates from device manufacturers. Even when updates are made available, users are unlikely to know about them, and in most cases don’t possess the skill required to install them.
There’s a related post on Brian Krebs’ blog. Scroll down to ‘ROUTER SECURITY 101’ for some useful recommendations. At the very least, log in to your router’s admin interface and check for any available security updates.
In a recent post on the MSRC blog, Microsoft announced that the monthly “heads up” we’ve come to expect a few days before each Patch Tuesday will no longer be made available to the public. The advance notifications will only be for Premier support customers.
The vulnerability exists in a particular piece of software called RomPager. This software is embedded in the firmware of the affected routers.
Routers typically provide a mechanism for updating their firmware, but router manufacturers are often slow to provide updates, and the update process can be problematic, especially for regular users.
As a result, this problem is likely to hang around for years, and will not be completely eliminated until all of the affected routers are updated or replaced.
If you’re like a lot of other typical users, you may believe that nothing on your computer makes it a worthwhile target for malicious hackers. You may even feel that this means you’re relatively safe from hackers. Think again.
To a malicious hacker, the Internet is a vast, mostly untapped ocean of computing resources, ready for them to compromise and put to work in numerous ways to help them and hurt you.
Brian Krebs created and posted the image below to remind people of all the ways their computers can be secretly used for nefarious purposes. Although the post is a couple of years old, it’s still relevant.
Hackers can use your computer for dozens of nefarious activities.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13