Windows 9 is Windows 10

October 1, 2014 jrivett Leave a comment

Microsoft has a long history of naming things strangely, and they’re showing no signs of stopping. Despite it being a) logical; and b) already announced, “Windows 9” will not be the name of the next version of Windows. No, it will be “Windows 10”, because 10 is better than 9.

That aside, Windows 9 10 is apparently going to be a lot like Windows 7, at least according to some early prototype reviewers.

On a positive note, it looks like Microsoft is finally starting to realize that they can make users really happy by fixing things that should have worked properly in Windows 95. A good example of this is the file copy/move dialog in Windows 8.x, which is vastly better than in any previous version of Windows. And now the creaky old command window is finally going to be improved in Windows 10.

Update 2014Oct02: According to some sources, the reason ’10’ was chosen over ‘9’ is that a lot of software currently includes code that determines whether a computer is running Windows 95 and 98 by looking at the Windows version and comparing it to “Windows 9”. However, while such code does exist, this is not the recommended method for determining Windows version. If Microsoft is going to make decisions like this based on sloppy, ancient coding practices, we’re in serious trouble.

Chrome, Google, Patches and updates, Security

Chrome 37.0.2062.124 released

September 25, 2014 jrivett Leave a comment

A new version of Chrome for Windows and Mac fixes a single security issue related to RSA signatures. The official announcement for version 37.0.2062.124 provides the details.

Firefox, Patches and updates, Security

Firefox 32.0.3 released

September 25, 2014 jrivett Leave a comment

Another new version of Firefox was released yesterday. Version 32.0.3 fixes one security issue: RSA Signature Forgery in NSS. Firefox users are encouraged to update as soon as possible.

Despite this being a security-related update, there was no proper announcement about the new version from Mozilla.

*nix, Hardware, Internet, Linux, Mac, Patches and updates, Security

Shellshock: a very bad vulnerability in a very common *nix tool

September 25, 2014 jrivett Leave a comment

Linux and other flavours of the Unix operating system (aka *nix) run about half of the world’s web servers. Increasingly, *nix also runs on Internet-enabled hardware, including routers and modems. A huge proportion of these systems also have BASH configured as the default command interpreter (aka shell).

A serious vulnerability in BASH was recently discovered. The full extent of the danger related to this vulnerability has yet to be determined, because the bug opens up a world of possible exploits. As an example, the bug can be demonstrated by issuing a specially-crafted request to a vulnerable web server that results in that server pinging another computer.

Patches that address the vulnerability (at least partially) became available almost immediately for most Linux flavours. Apple’s OS X has yet to see a patch, but presumably that will change soon, although Apple has been oddly slow to respond to issues like this in the past.

Most average users don’t need to worry about this bug, but if you run a web server, or any server that’s accessible from the Internet, you should make sure your version of BASH is updated.

As new information emerges, I’ll post updates here.

References:

Update 2014Sep27: The first patch for BASH didn’t fix the problem completely, but another patch that does is now available for *nix systems. Still nothing from Apple for OS X. Scans show that there are thousands of vulnerable web servers on the Internet. Existing malware is being modified to take advantage of this new vulnerability. Attacks using the BASH vulnerability are already being observed. Posts from Ars Technica, Krebs on Security and SANS have additional details.

Update #2: It looks like there are more holes to be patched in BASH.

Update 2014Oct01: Apple releases a bash fix for OS X, more vulnerabilities are discovered, and either attacks based on bash vulnerabilities are increasing or attacks are subsiding, depending on who you ask.

Update 2014Oct08: Windows isn’t affected, unless you’re using Cygwin with bash. Oddly, Apple’s OS X bash patch is not available via the App Store; you have to obtain it from the main Apple downloads site. A security researcher claims to have found evidence of a new botnet that uses the Shellshock exploit.

Update 2014Oct23: Ars Technica: Fallout of Shellshock far from over

Adobe, Flash, Internet Explorer, Patches and updates

Flash version 15.0.0.167 for Internet Explorer

September 24, 2014 jrivett Leave a comment

Yesterday Adobe released Flash 15.0.0.167 for Internet Explorer on Windows. No other platforms are affected. The new version fixes one specific bug that caused video failures in certain cases.

This is not a security-related update.

Firefox, Patches and updates

Firefox 32.0.2 released

September 19, 2014 jrivett Leave a comment

Another new version of Firefox was released on September 18. There was no formal announcement, and details are sketchy, but it looks like Firefox 32.0.2 fixes one crashing bug.

Java, Patches and updates, Security

Java 8 Update 20 released

September 19, 2014 jrivett Leave a comment

Java 8 is not yet available from the main Java site (java.com), because it’s officially still in the developer testing/acceptance phase. The current end-user version of Java is Version 7 Update 67.

However, you can download Java 8 from the Oracle web site.

The latest version of Java 8 is Version 8 Update 20. It was made available on the Oracle site on September 18. Java 8u20 contains some new features, and fixes numerous bugs, including several security vulnerabilities.

Of particular interest to system administrators is the new Java 8 Advanced Management Console, which includes several tools that should make it easier to monitor and understand Java client systems.

Adobe, Patches and updates, Security

Updates for Adobe Acrobat/Reader

September 18, 2014 jrivett Leave a comment

New versions of Adobe’s PDF document reading software were made available on September 16. Acrobat 11.0.0.9 and Reader 11.0.0.9 include fixes for at least six security vulnerabilities.

Anyone who uses Adobe Reader/Acrobat to view PDF files with dubious origins should install the updates as soon as possible.

Privacy, Security

Goodwill latest victim of retail breaches

September 17, 2014 jrivett Leave a comment

Payment systems at some Goodwill stores were compromised as far back as 18 months ago. The extent of the damage is still being assessed.

All of the affected stores are in the USA. The switch to chip-and-pin from less secure magnetic strip payment cards has been delayed in the USA, which is presumably contributing to the problem.

Firefox, Patches and updates

Firefox 32.0.1 released

September 16, 2014 jrivett Leave a comment

Another new version of Firefox snuck past my radar a few days ago. As usual, there was no announcement from Mozilla. The release notes for Firefox 32.0.1 are a mixture of old and new changes, but the new version does include at least three bug fixes. The Security Advisories (aka Known Vulnerabilities) page doesn’t list any security-related fixes specific to version 32.0.1.

boot13

Windows 9 is Windows 10

Chrome 37.0.2062.124 released

Firefox 32.0.3 released

Shellshock: a very bad vulnerability in a very common *nix tool

Flash version 15.0.0.167 for Internet Explorer

Firefox 32.0.2 released

Java 8 Update 20 released

Updates for Adobe Acrobat/Reader

Goodwill latest victim of retail breaches

Firefox 32.0.1 released

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.