Microsoft, Windows 10

Microsoft will finally reconcile version identifiers with Windows 10

Leave a comment

If you’re a regular user and not a developer, you may not have noticed that internal Windows version identifiers have been stuck at 6.x since Vista.

Vista was a disaster, with one of the biggest problems being software compatibility. Programs that worked fine on Windows XP no longer worked on Vista. One reason that happened was that Microsoft bumped the internal version of Windows from 5 (XP) to 6 for Vista. This caused a lot of software to get confused and stop working.

This made Microsoft much more reluctant to make major changes to the internal version number for subsequent releases of Windows. The internal version identifier for Windows 7 is 6.1. For Windows 8, it’s 6.2, and for Windows 8.1, it’s 6.3.

Microsoft also got to work on finding better ways to get around software compatibility issues, and developed the Application Compatibility tools, which include a simple method for tricking software into thinking it’s running on a different version of Windows.

With Windows 10, Microsoft apparently plans to get back to internal version numbers that make sense, and they’re also using this opportunity to finally make the internal version match the external version. Windows 10 will be identified internally as version 10.

Internet crime, Malware, Security, WordPress and other CMS

Warning: avoid using pirated themes on WordPress and other CMS sites

Leave a comment

Anyone who operates a WordPress, Joomla or Drupal site should exercise extreme caution when selecting themes and plugins. You should assume that any commercial theme or plugin offered for free contains malware.

Popular Content Management Systems (CMS), including WordPress, Joomla and Drupal can be customized through the use of themes and plugins. A theme is a collection of styles and other files that modify the default appearance of a CMS. A plugin typically adds specific functionality to a CMS. Many CMS themes and plugins are available for free, but the commercial ones are among the most popular, since they often include more and better features.

As with all commercial software, CMS themes and plugins are sometimes copied and offered for free on pirate sites. Unfortunately, it’s very easy for a theme or plugin to be modified so that any site using it can be compromised and then used for illegal activities.

The people at Fox-It recently published a document describing “CryptoPHP” (PDF) – malware that is showing up on CMS sites with alarming regularity. They traced the source of the malware to thousands of themes and plugins that had been modified to include a single line of PHP code that allows CryptoPHP to infect any site that uses one of those themes or plugins.

Recommendation: if you operate a CMS site, do not use any commercial theme or plugin that is offered for free. Make sure you obtain themes and plugins from the developer/author, or from a reputable source like wordpress.org.

There’s more information over on the Wordfence blog.

Adobe, Flash, Patches and updates, Security

Flash 15.0.0.239 strengthens protection against CVE-2014-8439

Leave a comment

Security vulnerability CVE-2014-8439 was addressed in the October updates for Flash, but recent attacks made it clear that more work was required. Flash 15.0.0.239 provides additional protection against attacks based on CVE-2014-8439.

Anyone who uses Flash is advised to install the new version as soon as possible. Google Chrome and Internet Explorer 10/11 in Windows 8.x will be updated automatically.

Note that if you use Flash in Internet Explorer as well as in other web browsers, you may need to install the new version twice: once using IE and once using another browser.

Internet crime, Spam and scams, Windows

Fake Windows Support companies shut down

Leave a comment

The US Federal Trade Commission, working with law enforcement in Florida, has shut down several companies offering fake computer support services.

The companies involved are PC Cleaner Inc., Netcom3 Global Inc., Inbound Call Experts LLC, Advanced Tech Supportco. LLC, PC Vitalware LLC, Super PC Support LLC, Boost Software Inc., Vast Tech Support LLC, OMG Tech Help, OMG Total Protection, and others.

These scammers made money by tricking Windows users into paying for expensive and unnecessary repairs.

Unfortunately, since this type of scam can be lucrative, similar companies are likely to appear before long, making this yet another game of ‘whac-a-mole‘ for law enforcement.

Internet crime, Security, Tools

Password management software now being targeted

Leave a comment

If you’re not already using password management software, you should be. It’s an extremely bad idea to use one password for more than one service, which makes remembering all those passwords difficult. With a password manager, you only have to remember one password: the one that allows access to all your other passwords.

I’ve been recommending Password Corral for years. Bruce Schneier’s Password Safe is also excellent. These are both desktop programs. I don’t recommend using an online password manager, because there’s always the possibility that the service itself could be hacked.

Unfortunately, even as we collectively get better at keeping ourselves secure, nefarious hackers shift their focus to more fertile ground. Now, it appears that they are targeting password management tools. It’s easy to see why: if a hacker can break your master password, they will have access to all of your other passwords.

Recommendation: if you are using a password management tool, make sure your master password is long and unique.

Update 2014Nov27: A post on the Duo Security blog has additional details.

Patches and updates, Security, WordPress and other CMS

WordPress 4.0.1 fixes security and other bugs

Leave a comment

A critical vulnerability in WordPress 3.9.2 and earlier has been addressed with the release of versions 3.9.3, 3.8.5, and 3.7.5. The vulnerability does not exist in WordPress 4.0. Anyone running WordPress 3.9.2 or earlier should apply the appropriate update as soon as possible.

Several less critical – but still important – security issues have also been addressed in WordPress 4.0.1. WordPress sites that are configured for auto-update should be automatically updated in the next day or so.

Humour

And now some humour (or is it?)

Leave a comment

The Oatmeal is a constant source of amusement for me. I use his ‘TumBeast’ for the ‘404 – not found’ error pages on my company web site. He’s a big fan of Nikola Tesla, and enjoys using ridicule to make his point.

One of my favourite Oatmeal strips is about the agony of trying to fix computer problems: How to fix any computer. Having both experienced and attempted to fix many problems on Windows, Mac and Linux computers, I can confirm that he’s not exaggerating. Well, not much.

Microsoft, Patches and updates, Security, Windows

Microsoft issues special update MS14-068

1 Comment

Two of the updates originally scheduled for release last week for Patch Tuesday were held back. Yesterday one of those updates was released. MS14-068 addresses security vulnerabilities in all versions of Windows. We recommend installing the update as soon as possible.

Brian Krebs has additional details, as does Ars Technica. A post on Microsoft’s Security Research and Defense Blog provides technical details of the vulnerability.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.