Security Garden

Wednesday, April 16, 2014

Import Yahoo or other IMAP Mail to Outlook

Tweet This
For almost two years, I've read complaints by users of Yahoo email about a host of complaints, including difficulties with password resets, problems logging in, loss of features, spam filters not working, and more.

Tired of the problems with Yahoo email?  The Outlook Team has a simple solution.  Finally, Yahoo and many other IMAP-enabled email can be imported to your account. 

The steps are really simple.  Just go to your Inbox and click the "gear" icon in the upper right, selecting Options.  Next, click "Import email accounts" and select the option for Yahoo.

When the window below opens, merely choose from where you want to import your account.  Expand the Option link to select how you want to import your email.

Import Yahoo to

While the import is being completed, you can learn more about forwarding Yahoo mail from the linked Yahoo KB Article, Automatically forward emails with Yahoo Mail.

Import Yahoo mail

When the process is complete, you will receive an email in your Inbox.

Import complete

Now you can get all of your email in one place!  With rules, it is easy to direct mail to specific folders.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Oracle Java Critical Security Update

Tweet This


Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. 

This is a Critical Patch Update that contains 37 fixes for Java, 35 of which Oracle indicated can be exploited by an attacker without the need for authentication.  Additional details about the update are available in the Java Release Notes, referenced below.

Oracle reported that Java SE does not include OpenSSL and, therefore is not affected by HeartBleed and CVE-2014-0160.  For Oracle products that are affected, see the reference linked below.

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

For those people who have desktop applications that require Java and cannot uninstall it, Java can now be disabled in Internet Explorer.  See Microsoft Fix it to Disable Java in Internet Explorer.

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Java ControlPanel
(Image via Sophos Naked Security Blog)

3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

Instructions on removing older (and less secure) versions of Java can be found at

Download Information

Download link:  Java Version 7 Update 55

Verify your version:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
  • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 15 July 2014
  • 14 October 2014
  • 20 January 2015
  • 14 April 2015


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, April 08, 2014

Microsoft Security Bulletin for April, 2014

Tweet This

Microsoft released four (4) bulletins.  Two of the bulletins are identified as Critical with the other two as Important.

The security update provided through MS14-017 addresses the Microsoft Word issue described in Security Advisory 2953095.  If the Fix it solution was installed on your computer, install the update first and then disable the Fix it.

Disable Fix it


  • MS14-017 -- Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
  • MS14-018 -- Cumulative Security Update for Internet Explorer (2950467)
  • MS14-019 -- Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
  • MS14-020 -- Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)


Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Included in the update is detection for Win32/Ramdo and Win32/Kilim

Windows XP and Windows 8.1

As has been widely publicized, support ends for Windows XP and Office 2003 today.  Thus, this will be the last security updates for those products.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Also note that effective after today, technical assistance for Windows XP will no longer be available.  This includes automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download.  Note, however, that definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.

Windows 8.1 users note: Windows 8.1 users: It's time to move to Windows 8.1 Update


The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...