Better Safe Than Sorry

Critical Opera flaw - patch NOW!

If you use Opera and do not automagically update your installation you a) should ;) and b) need to manually update NOW to fix a gigantic security hole. After the update you better be running version 10.53 to be safe.

 

 

 

 

German Gov't Warns About Firefox

First they warned about IE. Now the German authorities are warning users to beware of a Firefox exploit that will only be fixed with the release of version 3.6.2 towards the end of this month. Details from the Beeb here. Time to use Opera!

Adobe is the Winner!

Microsoft Word has been dethroned as the most likely point-of-entry for rogue software.

Files based on Reader were exploited in almost 49 per cent of the targeted attacks of 2009, compared with about 39 per cent that took aim at Microsoft Word. By comparison, in 2008, Acrobat was targeted in almost 29 per cent of attacks and Word was exploited by almost 35 per cent.

So, either use an alternative such as Foxit Reader or for a quick 'n dirty fix: Open Adobe Reader, click onEdit, Preferences, JavaScript, and uncheck the enable JavaScript box.

Opera 10.50 Released

You know it, you love it. More likely you have never heard of it. It's an Internet browser and does the same thing as Internet Explorer, Firefox or Safari except Opera renders it faster. It's also very safe and customizable. Download it here: http://www.opera.com/browser/download/, install it and give it a try.

Adobe .PDF Reader Critical Fix

Adobe has announced a patch for its Reader that is a must have as always.

It appears Adobe's software is highly unsafe and worse, breaks quickly giving the evil-doers more time to exploit the openings. Oops.

Details at Krebs on Security. And, Aviv Raff On .NET has apparently found the horrible Adobe Download Manager will re-install the evil

bits so make sure you un-install it as well. Firefox users should disable or un-install the Adobe Download Manager Extension/Add-on.

OpenOffice.org 3.2 Available

OpenOffice.org 3.2 is a welcome release if it reduces the sluggish start up time that has always plagued the OpenOffice.org productivity suite. While the present Quickstarter application reduces start up times it is itself a process hog that interferes at times with other programs.

The lack of Extensions is also maddening. Firefox and Opera are chock full of 'em.

It's available here.

Government warnings about IE

When goverments warn about the dangers of using Internet Explorer you can be sure it's time to seek out a alternative application - a safer surfer.

There is, in no particular order, Firefox, Opera and Chrome as well as other browsers.

Do yourself and others a favour by not using Internet Explorer. It's a security hole.

Why, it's like the Adobe Reader of browsers ;)

Go here for links to two of the afore mentioned browsers or you can search for other browser options.

Adobe Reader Critical Vulnerability

It appears the ever popular Adobe Reader (version 9.1.3 and earlier) has a gaping hole that could allow bad people to take over Windows installs. This problem as popped up before. One way to mitigate (but not eliminate) the threat is to disable Javascript in Adobe reader and/or change your browsers behavior to download .pdf files as opposed to view them. You also might want to try the free alternative called Foxit Reader which has a better record when it comes to security issues. Just sayin' . . .

.pdf Fixes Released

Adobe has released a newer fixed version of its Reader application that addresses previously documented problems. Those wishing to upgrade a previous release will have to wait until March 18th.

Those using the popular alternative, Foxit Reader, should upgrade their installed version by using the upgrade link under the help menu:

FoxitReader doing its thing:

Success!

Adobe Reader Vulnerability

Evil-doers are actively exploiting a security hole in Adobe Reader. Users need only open a rogue .pdf file to have their system taken over.

Since Adobe doesn't plan to patch the problem until March 11th, 2009 users should either disable Javascript within Adobe Reader (Choose "Edit", "Preferences", "Javascript", and uncheck the box beside "Enable Acrobat Javascript") or use an alternative to Adobe Reader called Foxit Reader which is available here: http://www.foxitsoftware.com

Opera 9.62 released

The latest version of the safest browser around has been released. You are advised to download and install to patch two security holes that could be used for, among other things, cross-scripting attacks. It is available here: http://www.opera.com/download/

Opera Upgraded to 9.60

Time time to visit http://www.opera.com and download the latest and greatest version 9.60 of the most secure browser.

Patch your Flash NOW

Foxit Reader Security Upgrade

Foxit Reader, a free alternative to Adobe's Acrobat software used for reading .PDF files, has been upgraded. These upgrades recent security holes. Please take the time to download the upgrade from here.

Foxit Reader Upgrade Available

Foxit Reader, a free alternative to Adobe's Acrobat software used for reading .PDF files, has been upgraded. These upgrades plug several security holes. Please take the time to download the upgrade from here.

Lessons Learned

It seems G-Archiver, a third-party tool for backing up Google's Gmail, was/is sending usernames and passwords back to evildoers. The lessons here are simple: Always check online to see if the software you are thinking of using is safe. A simple search should confirm if others have any concerns regarding security, privacy, function or usefulness. Secondly, consider trying open-source software when possible. Since these applications are constantly examined by users for problems you tend to be protected in part from hassles that effect proprietary applications.

How to kill ActiveX

ActiveX is generally a gross security problem waiting to happen within Internet Explorer. Having the ability to kill certain (A few? Some? All but what you really need?) ActiveX controls is detailed by Microsoft here. Or you could use Opera or Firefox in place of Internet Explorer.

RealPlayer Exploit

User of Internet Explorer under Windows are vulnerable to drive-by downloads simply by visiting an evil Web page. As usual, it is an unknown and unpatched ActiveX component that is causing the problem. Note that both Microsoft Outlook and Outlook Express clients are also at risk. Best practices? Uninstall RealPlayer, use an alternative browser such as Firefox or Opera and use another email client such as Thunderbird or Penelope. Those who just can't part with RealPlayer should visit http://service.real.com/realplayer/security/en/ and (when available) download and install the patch. Ryan Naraine over at ZDNet.com has a great write up with info and fixes.

AOL AIM IM BUST

Clear as mud, eh? Internet Service Provider AOL has been informed that its IM client has a flaw that makes it possible for evil attackers to remotely execute malicious code on users computers. Those using Internet Explorer are especially vulnerable. Best practices? Try an alternative such as Pidgin (formerly GAIM).

OpenOffice.org Virus Spreads

A virus written in numerous scripting languages that can affect Windows, Linux, and Mac OS X computers is slowly spreading via infected OpenOffice.org documents. Best practice is, of course, to never accept documents as attachments in email if you were not expecting them. Inform the sender that it is always best to announce attachments before sending. Having a good Anti-Virus and firewall is also an excellent idea just in case nasties end up on your system. Better safe than sorry!

Yahoo Messenger Critical Upgrade

Yahoo Messenger has released an upgrade to fix a known security hole that would allow attackers to execute code on your PC. Please upgrade to version 8.1.0.401 from here: http://messenger.yahoo.com/download.php

Opera 9.21 Released

It's fast, it's secure, it's got widgets and it seems to play any and all media files without choking right out the box - no fiddling with file associations, etc. - nope, just works. Check out the list of features here: http://www.opera.com/products/desktop/

Pidgin 2.0.0 Released

Are you an Instant Messaging freak job? If so, you should be using Pidgin (formerly GAIM) Instant Messaging client. The advantage is that Pidgin can connect with other IM clients such as Yahoo, ICQ, MS Messsenger or AOL AIM so even if your friends all use different IM clients you only have to use one.

Eudora Morphs Into Penelope

Some old (six months) news for those who use an email client cobbled together anywhere but Microsoft. The venerable email client from the early 1990's, Eudora, is no longer being upgraded, patched or otherwise looked at by its creator, Qualcomm. From the ashes comes a new open-source email client dubbed, Penelope, which appears based on the Mozilla branded engine that now powers Thunderbird.

Google: 1 in 10 Websites Unsafe

Especially if you use Internet Explorer as opposed to Firefox or Opera. The chance of being nailed by a "drive-by download" is almost non-existent when using any browser other than Internet Explorer. Do yourself a favour and try a safer alternative.

Flaw Allows Critical Windows Exploit

"Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code," sez Microsoft in its advisory. Using any version of Windows, including Vista, and Internet Explorer could lead to catastrophe merely by viewing a web site. Simply viewing an .html page as displayed by most email clients such as Outlook Express could lead the same result. Best Practices? Consider using another browser such as Opera or Mozilla Firefox and/or another email client such as Thunderbird.

Time to upgrade Opera to 9.10

A recent security hole in any version of Opera prior to version 9.10 should spur you slowpokes into upgrading. If you haven't tried Opera browser you should. Opera is the most secure browser of the big three (Internet Explorer & Mozilla Firefox being the other two) running under Windows. Other features include Opera Voice (voice commands for the browser), & Widgets (mini displays of info you choose) and BitTorrent (ask your teenagers...!). Try it - love it or hate it, there is always Firefox ;-)

Yahoo IM client flaw is patched

If you use Yahoo! Messenger IM client you should immediately upgrade to fix a highly critical breach that opened up. Visit Secunia at: http://secunia.com/advisories/23401/. Yahoo! has the information here.

MS Word Flaw

Don't accept Microsoft Word .doc attachments via email or Instant Messaging unless you are expecting it and you know the sender. Instead, try Openoffice.org why doncha?

Norton Anti-Virus Flaw

A recent update to Norton AV has pooched more than a few machines. If your Norton has been acting up the workaround is here. Perhaps it's time to consider an alternative application?