Java 8 Update 20 released

September 19, 2014 jrivett Leave a comment

Java 8 is not yet available from the main Java site (java.com), because it’s officially still in the developer testing/acceptance phase. The current end-user version of Java is Version 7 Update 67.

However, you can download Java 8 from the Oracle web site.

The latest version of Java 8 is Version 8 Update 20. It was made available on the Oracle site on September 18. Java 8u20 contains some new features, and fixes numerous bugs, including several security vulnerabilities.

Of particular interest to system administrators is the new Java 8 Advanced Management Console, which includes several tools that should make it easier to monitor and understand Java client systems.

Adobe, Patches and updates, Security

Updates for Adobe Acrobat/Reader

September 18, 2014 jrivett Leave a comment

New versions of Adobe’s PDF document reading software were made available on September 16. Acrobat 11.0.0.9 and Reader 11.0.0.9 include fixes for at least six security vulnerabilities.

Anyone who uses Adobe Reader/Acrobat to view PDF files with dubious origins should install the updates as soon as possible.

Privacy, Security

Goodwill latest victim of retail breaches

September 17, 2014 jrivett Leave a comment

Payment systems at some Goodwill stores were compromised as far back as 18 months ago. The extent of the damage is still being assessed.

All of the affected stores are in the USA. The switch to chip-and-pin from less secure magnetic strip payment cards has been delayed in the USA, which is presumably contributing to the problem.

Firefox, Patches and updates

Firefox 32.0.1 released

September 16, 2014 jrivett Leave a comment

Another new version of Firefox snuck past my radar a few days ago. As usual, there was no announcement from Mozilla. The release notes for Firefox 32.0.1 are a mixture of old and new changes, but the new version does include at least three bug fixes. The Security Advisories (aka Known Vulnerabilities) page doesn’t list any security-related fixes specific to version 32.0.1.

Internet, Privacy, Security

This month’s Ouch! newsletter: using the Cloud

September 10, 2014 jrivett Leave a comment

In the wake of the recent exposure of supposedly private celebrity images comes this timely look at Cloud (web-based) storage (warning: PDF). The article covers all the basics, including what you should look for in a Cloud provider, and how to keep your Cloud-based data secure (hint: use a strong password). Recommended reading for anyone currently using or considering using the Cloud for data storage.

Chrome, Flash, Google, Patches and updates, Security

Chrome 37.0.2062.120 released

September 10, 2014 jrivett Leave a comment

Chrome 37.0.2062.120 was announced yesterday. The new version includes the latest Adobe Flash, and fixes several security vulnerabilities.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for September 2014

September 10, 2014 jrivett Leave a comment

This month’s crop of updates from Microsoft includes four security bulletins, addressing 42 CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. The update for Internet Explorer is Critical, and should be installed ASAP.

From Adobe, we get another new version of Flash, 15.0.0.152. The new version addresses memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557), a security bypass vulnerability (CVE-2014-0554), a use-after-free vulnerability that could lead to code execution (CVE-2014-0553), memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555), a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548), and a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559). Anyone still using Flash, especially within a web browser, should update immediately.

Google Chrome and Internet Explorer on Windows 8.x will be updated automatically to include the new version of Flash.

Patches and updates, WordPress and other CMS

WordPress 4.0 released

September 7, 2014 jrivett Leave a comment

A new version of WordPress was announced on September 4.

WordPress 4.0 has some new features, but nothing groundbreaking. Mostly this version is about tweaking existing features to make them more useful: for example, media embedding is now slightly easier. The official change log has the complete list of changes.

WordPress 4.0 doesn’t include any security fixes, so there’s no need to rush your site updates.

Adobe, Microsoft, Patches and updates, Security, Windows

Advance notification of Microsoft and Adobe updates

September 7, 2014 jrivett Leave a comment

Microsoft and Adobe plan to release software updates on September 9.

There will be four bulletins from Microsoft, affecting Windows, Internet Explorer, and .NET. One of the updates is rated Critical.

There’s not much detail on the upcoming Adobe updates, but they will affect Reader/Acrobat.

Internet crime, Malware, Security, Spam and scams

CryptoWall ransomware growing

September 4, 2014 jrivett Leave a comment

Not to be confused with its bigger, better-known rival, CryptoWall seems to be thriving in the wake of CryptoLocker’s demise. CryptoWall has infected at least 625,000 computers in the past five months.

boot13

Java 8 Update 20 released

Updates for Adobe Acrobat/Reader

Goodwill latest victim of retail breaches

Firefox 32.0.1 released

This month’s Ouch! newsletter: using the Cloud

Chrome 37.0.2062.120 released

Patch Tuesday for September 2014

WordPress 4.0 released

Advance notification of Microsoft and Adobe updates

CryptoWall ransomware growing

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.