Unfortunately, the release notes for Shockwave on the Adobe site haven’t been updated since 2007, so it’s difficult to know for sure what’s different about this version. However, given Adobe’s reputation, it’s safe to assume that running an older version of Shockwave will make your computer less secure.
Then again, since Shockwave apparently includes an old, unsecure version of Flash, you might want to consider removing Shockwave from your computer completely, unless you absolutely require it. Another alternative is to configure your browser to prompt for activation whenever Shockwave media is encountered. See the instructions for doing this in Firefox elsewhere on this site.
At least seven security issues were fixed in version Firefox 30.0, released yesterday.
The release notes for version 30.0 show several other changes in this release, but only one is worth mentioning. A new ‘Sidebars’ toolbar button was added, presumably based on complaints that version 29 made it more difficult to toggle the bookmark sidebar on and off. But toggling the sidebar still requires two clicks as opposed to the single click that was required before version 29. So that’s not exactly progress.
For those of you keeping score, the release notes pages for Firefox are still a mess.
I’ve been using Feedly as my main RSS feed reader for several months now, having tried several other alternatives to the now-defunct Google Reader.
Unfortunately, as I write this, Feedly is down. A Denial of Service (DoS) attack began when the site’s operators refused to pay extortionists to avoid the attack.
Feedly staff are working with their Internet Service Provider to mitigate the attack and hope to have service restored soon.
Another new version of Flash was released today. Version 14.0.0.125 closes six security vulnerabilities found in previous versions.
If Flash is enabled in your web browser, you should update it as soon as possible.
As usual, the embedded Flash in Internet Explorer on Windows 8.x is updated via Windows Update, while the embedded Flash in Chrome will update itself automatically.
This month there are seven bulletins, with related patches affecting Internet Explorer, Windows and Office. A total of sixty-six security vulnerabilities are fixed with these updates.
Note that Microsoft is recommending upgrading to the latest version of Internet Explorer. IE 11 contains security features not found in previous versions and is therefore somewhat more secure than those older versions. Anyone still using Internet Explorer would do well to follow this advice.
Two new vulnerabilities were recently discovered in widely-used security software OpenSSL and GnuTLS.
The OpenSSL vulnerability is not as dangerous as the infamous Heartbleed bug, but can allow attackers to pull private information from communications between unpatched systems, including passwords.
The GnuTLS vulnerability can be used by malicious persons to execute arbitrary code on devices accessing specially-crafted web pages.
As with Heartbleed, these vulnerabilites mainly affect servers, although client software and operating systems that use the GnuTLS and OpenSSL libraries are also at risk. Patches are expected to be made available soon.
The new vulnerability is similar to one that was discovered, then patched, in the major browsers several years ago. The new technique uses a different approach to accomplish the same thing.
Browser developers are working on fixes for this vulnerability, but in the meantime, anyone concerned about their browser history potentially being revealed should get into the habit of clearing their history frequently. Alternatively, you could switch to a privacy-oriented browsing solution such as the Tor Browser Bundle.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13