Adobe Flash is one of those browser plugins that a lot of people can not live without, with Java being a close second. Problem with Flash (and Java) is there are major security exploits that are being discovered daily. Adobe just release an updated for Flash last week and already has plans on releasing another update this week to patch an exploit just discovered in the last fix. Some people such as Grand Stream Dreams blogger Claus have opted to do away with Flash (and other Adobe products) on some their systems: Taking Flash Player out to the Bins. Unfortuantly,…
Security Alerts
Read More
Mozilla released an update to the Firefox 37 branch on Monday, April 20th with the Firefox 37.0.2 release. This update addressed these issues: Google Maps may render incorrectly in some cases Stability fixes for select graphics hardware and feature sets Mozilla Foundation Security Advisory (MFSA) 2015-45: Memory corruption during failed plugin initialization Depending on their update settings, users will be prompted to update within the next 24-48 hours. Users can also manually update by going to the Firefox Help Menu and selecting About Firefox and follow the prompts to update. Alternatively users can also down and manually install the update…
From the Mozilla Security Blog: First things first: If you are reading this post on a recent Lenovo laptop, please click the lock icon in the URL bar, then click “More Information…”. If you see “Verified by: Superfish, Inc.”, you are infected with Superfish, and you should follow these instructions to remove it. The Superfish adware distributed by Lenovo has brought the issue of SSL interception back to the headlines. SSL interception is a technique that allows other software on a user’s computer to monitor and control their visits to secure Web sites — however, it also enables attackers to…
Claus at grand stream dreams, linked in his recent Anti Virus Software Updates blog posts an interesting article about issues Windows users were having with high CPU load. The culprit as it turns out was an optional (though installed by default) of avast! antivirus (both free and premium versions) called avast NG. The article (which has been Google Translated from another language) includes step-by-step instructions on how to uninstall the unwanted components (warning: restart required to complete the removal) as well as screenshots (in a another language). On my three systems (generic Windows 7 Desktop, HP Windows 7 Laptop and Gateway Windows 8.1),…
This is a really good idea as all too often people end up installing extensions (knowingly or unknowingly) which end up making unwanted and undesired changes to their Firefox browser. I don’t think it is going to have that big of a negative impact as this will be a way to prevent the bad extensions from being installed. Problems I could see though would be folks running a fresh install or profile and trying to install an add-on that has been abandoned by the developer. Extensions that change the homepage and search settings without user consent have become very common, just…
Google researchers announced recently of the POODLE (Padding Oracle On Downgraded Legacy Encryption) Attack which hackers take advantage of sites (around 0.3%) still using the outdated (introduced in 1996) SSLv3 security protocol. Mozilla has announced that SSLv3 will be disabled, unfortunately it won’t be until Firefox 34 which will be released on November 25th. However, user can (and are urged to) install the SSL Version Control extension which will disable SSLv3 on the fly. I would not be surprised though if Mozilla pushes out Firefox 33.1 update to have SSLv3 disabled in the coming days or weeks. Google Chrome is already testing changes to disable…
If you are still one of the nearly 39% still using Windows XP you have been warned. Microsoft will end support April 8, 2014….may be…they been trying since 2010 to get users and businesses to move away from Windows XP. Now Microsoft is urging businesses “to modernize their IT infrastructure by upgrading to the more secure, more “modern” Windows 8.” I don’t think so. If Microsoft is going to really due away with XP support (as well as IE6) businesses are going to move to Windows 7 or even Linux. These options are cheaper than re-training everyone how to use…
There is an email going around claiming to be from Oracle (the makers of Java) that contains a link and/or attachment to download a Java update. Clicking the link or opening the attachment can result in malware being installed on your system. If you get one of these emails, discard it, it is not real. Bottom line, Oracle is not sending out emails to let Java users know there is an update. If you are not sure you have the most recent version of Java, you can go to Oracle’s site and check. via eweek
Normally, I don’t re-post from my Firefox Blog, but these browsers plugin vulnerabilities affect other browsers (such as Chrome & Safari) besides Firefox. Dangerous vulnerability in latest Java version Version: Java 7 Update 10 Issue: Can be used for Cyber attacks (even on fully patched Windows machines) Recommend Action: Browser plugin should be disabled or sandboxed (see Work Around below)) Work Around: For those who MUST have Java, use Firefox 17 is or newer. The Java plugin will be installed but ‘sandboxed’. The plugin will not execute/run until the user gives permission ‘click to play‘ on a per site basis. The user will…