Monday, January 28, 2013

Data Privacy Day

Data Privacy Day


January 28 is the date set aside annually as Data Privacy Day.  The official Data Privacy Day theme is: Respecting Privacy, Safeguarding Data and Enabling Trust.

 Let us take a closer look at why we would want to safeguard our data and steps we can all take for keeping our data safe.

Data

What information do you store on your computer?
Home computers have rapidly become the storage place not only for personal correspondence but also for financial data, including bank records and government tax return forms.  This information in the wrong hands can, and does, result in identity theft.
What information do you share on social network sites?

Facebook is one of the largest social network sites where people connect with not only friends and family but also acquaintances.  These acquaintances may be people they "met" at other sites, forums or through friends and family.  However, they are only known virtually.

Not only is the information you share on sites like Facebook data, so is your home town, where you went to school, when you graduated, your birth date, address and telephone number as well as names and birth dates of family members.  If this information is public, it is the very information that identity thieves can use.

What about your smart phone?  Do you check in at every location as you go about your daily travels and share it on Twitter or Facebook?  Do you announce and document business or family trips?

Information stored on your computer or shared on social networking sites includes data that needs to be safeguarded to protect your privacy.

Safeguarding Data

The message about having an up-to-date antivirus software and firewall has been well received by home computer users.  When helping with malware removal, it is has been a very long time since I have seen a computer without antivirus software and a firewall.  Computer users are also getting much more conscientious about installing security updates and keeping third-party software updated.

This is all good news, but malware writers are very clever and manage to find a way to infect computers.  In addition to the standard antivirus, firewall, updating what else can you do to safeguard your data?

In addition to keeping your computer and software programs updated, following are a some general suggestions for protecting the data on your computer:
  1. Protect your wireless router with a password.
  2. Don't open e-mail, instant message or Facebook attachments you are not expecting.
  3. Do not click anywhere on a pop-up or warning from a program you did not install.  Use the keyboard shortcut Alt + F4 to close the window.
  4. Pay close attention when installing software.  Do not blindly click through the screens or you may end up with more than you expected.
  5. Whenever possible, only download software programs from the vendor site.  Keep in mind that free is not always free.
  6. Always scan any file you download from the Internet.
  7. Have a back-up plan in place, particularly for documents, pictures and other files that cannot be replaced. 
  8. Use a complex password, not a "dictionary word" or family name.
What about safeguarding the data you share on social networking sites like Facebook?  

Facebook makes it easy to connect and share information with friends and family.  However, it is critical to ensure that you are not openly sharing personal information that could make you a target of identity theft. 

See this excellent guide by Sophos, Facebook Security Best Practice, which not only covers information and setting recommendations but also explains the reasoning for the recommendations. 

Another resource that is helpful for Facebook users is Facecrooks, a source for not only privacy information but also the latest hoaxes that regularly circulate on Facebook.

A few easy steps will keep both the data on your computer as well as the information you share both secure and private.



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, January 18, 2013

Mozilla Firefox 18.0.1 Released



Firefox 18.0.1 was sent to the release channel today by Mozilla to solve several bugs. 

    What's New

    • FIXED -- 18.0.1: Problems involving HTTP Proxy Transactions (Associated bugs)
    • FIXED -- 18.0.1: Unity player crashes on Mac OS X (bug 828954)
    • FIXED -- 18.0.1: Disabled HIDPI support on external monitors to avoid rendering glitches (bug 814434)
    The Release Notes include additional changes and fixed features in version 18.  For a complete note of all fixes, see the Bug Fixes in the link below in References.

    Update

    To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

    If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Monday, January 14, 2013

    MS13-008 Released for Security Advisory 2794220


    Microsoft released an out-of-band security update to address the issue described in  Security Advisory 2794220.

    The update is to address an issue that affects Internet Explorer versions 6, 7 and 8.  Internet Explorer versions 9 and 10 are not affected.  

    This update is critical if you have Internet Explorer versions 6, 7 or 8 installed on your computer.  Windows XP users of IE6 or IE7 should update to IE8 as soon as possible.  Windows Vista and Windows 7 users should be using IE9.

    Note:  The Advance Notice for this update to Internet Explorer versions 6-8 indicated if the Microsoft Fix it was applied, it was not necessary to uninstall it prior to updating IE. 

    The advice provided now is to disable the Fix it after updating as it is no longer required.

    Fix it


    Disable

    Fix this problem
          Microsoft Fix it 50972

    References:



    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Sunday, January 13, 2013

    Advance Notification for Update to Address Security Advisory 2794220

    Security Bulletin
    On Monday, January 14, 2013, Microsoft is planning to release an out-of-band critical security update for the issue described in  Security Advisory 2794220.

    The update is to address an issue that affects Internet Explorer versions 6, 7 and 8.  Internet Explorer versions 9 and 10 are not affected. 

    Although Microsoft has seen only a limited number of customers affected by the issue, the potential exists that more could be affected.  Thus, it is advised that the update be installed as soon as possible. 

    Even with the update, if your operating system is Windows Vista or Windows 7, update to Internet Explorer 9.  For Windows XP, your system will be more secure if you update to Internet Explorer 8.

    If you applied the Fix it released in Security Advisory 2794220, it will not need to be uninstalled before applying the security update.

    References



    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Out-of-Band Oracle Java Critical Security Update Released

    java


     The advice of the U.S. Department of Homeland Security, US-CERT, security software vendors and others advising that Java be uninstalled appears to have spurred the early release of an out-of-band security update for Java SE.

    Ahead of the Critical Patch Update Pre-Release Announcement which had the update scheduled for Tuesday, January 15, 2013, the update for Java version 7 update 11 has been released.

    Edit Note:  Additional vulnerabilities have been found in the latest Java update, which did little other than adjust the settings to the Java Control Panel.  See Java, The Never-Ending Saga for additional information on removing or disabling Java.

    If you uninstalled Java, consider that you really may not need it on your computer.  On the other hand, if there are programs you use or websites that you visit that require Java, it is strongly advised that the update be applied as soon as possible.  

    Java Security Recommendations

    1)  In the Java Control Panel, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

    Java ControlPanel
    (Image via Sophos Naked Security Blog)

    3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

    Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    Download Information

    Download link:  Java Version 7 Update 11

    Verify your version:  http://www.java.com/en/download/testjava.jsp

    Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are:
    • 19 February 2013
    • 18 June 2013
    • 15 October 2013

      References






      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Thursday, January 10, 2013

      Java Zero-Day (Again), Time To Disable/Remove Java

      Remove Java

      Once again there are reports of a Java zero-day vulnerability being actively exploited in the wild.  All versions of Java are impacted, including the most recent release, JRE 7, Update 10.

      With any version of Java installed on your computer, visiting a malicious link can result in a serious malware infection.  Significantly, the exploit is not operating system and, although currently targeting Windows systems, can also run the same code on Mac OS X or Linux.

      Edit Note:  The recent Java update 11 did little other than adjust the settings to the Java Control Panel.  Additional vulnerabilities have been found in that latest Java update.  See Java, The Never-Ending Saga for additional information on removing or disabling Java. 

      Recommendations

      1.  Uninstall Java

      First and foremost, most home computer users do not need Java installed on their computer.  In the past, Java was needed for websites to be properly displayed. However, that is generally not the case now.  I uninstalled Java several years ago and have not had a need for it.

      To remove Java, navigate to Control Panel\All Control Panel Items\Programs and Features (Add/Remove Programs on Windows XP). Select for removal all instances of Java, including:
      Java 7 Update 10 (or earlier)
      Java Auto Updater
      JavaFX 2.2.4 (or earlier)
      Confirm that the folders shown below have also been removed.  If not, delete the folders manually.

      C:\Program Files\Java
      C:\Users\%UserName%\AppData\LocalLow\Sun

      2.  Disable Java

      The update to Java JDK 7u10 includes the option to disable Java in the browser.  Thus, if you have a business need to use Java, play online games or use OpenOffice, disable Java.  All you need to do is uncheck the box "Enable Java content in the browser" in the Java Control Panel.

      Java ControlPanel
      (Image via Sophos Naked Security Blog)

      In the event Java is needed for software installed on your computer, there should be a prompt for it.  In that situation, launch the Java Control Panel and re-check the option to enable Java.  Then, remove the check again when finished.

      References


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, January 08, 2013

      Adobe Flash Player and AIR Critical Security Updates



      Adobe Flash Player was updated to address critical security vulnerabilities.  These updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system.


      Update Information

      The newest versions are as follows:
      Windows XP, Windows Vista, Windows 7:  11.5.502.146
      Windows 8:  11.3.378.5
      Macintosh:  11.5.502.146
      Linux: 11.2.202.261

      Release date: January 8, 2013
      Vulnerability identifier: APSB13-01
      Priority: See table below
      CVE number: CVE-2013-0630
      Platform: All Platforms

      Flash Player Update Instructions


      Flash Player for Windows, Macintosh and Linux

      Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

      Notes:
      • Adobe AIR 3.5.0.880 and earlier versions for Windows, Adobe AIR 3.5.0.890 and earlier versions for Macintosh and Adobe AIR 3.5.0.880 for Android.  See Determine version | Adobe AIR runtime
      • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
      • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
      • Uncheck any toolbar offered with Adobe products if not wanted.
      • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
      • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
      Adobe Flash Player for Android

      The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

      References







      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Adobe Reader Critical Security Update

      Adobe
      Adobe released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh.  Also released were security updates for Adobe Reader 9.5.1 and earlier 9.x versions for Linux.

      These updates address critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

      Release Details

      • Release date: January 8, 2013
      • Vulnerability identifier: APSB13-02
      • Priority Rating: See table below
      • CVE numbers: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
      • Platform: All

      Update or Complete Download


      References




      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Microsoft Security Bulletin Release for January 2013


      Microsoft released seven (7) bulletins addressing 17 vulnerabilities in Microsoft Windows, Office, Developer Tools and Windows Server.

      Two bulletins are identified as Critical and five as Important.  

      Bulletin NumberBulletin TitleBulletin KB
      MS13-001Vulnerability in Microsoft Windows 2769369
      MS13-002Vulnerabilities in Microsoft Windows 2756145
      MS13-003Vulnerabilities in System Center 2748552
      MS13-004Vulnerabilities in .NET Framework 2769324*
      MS13-005Vulnerability in Microsoft Windows 2778930
      MS13-006Vulnerability in Microsoft Windows 2785220
      MS13-007Vulnerability in Microsoft Windows 2769327

      *If you have problems with .NET Framework updates, it is recommended that you install this update separately with an shutdown/restart.

      Support

      The following additional information is provided in the Security Bulletin:

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Mozilla Firefox 18.0.0 Released With Critical Security Updates



      Firefox 18 was sent to the release channel today by Mozilla.  Included in the update are twelve (12) critical, seven (7) high and one (1) Moderate security update.

      Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.  Included in the update is the revocation in trust of two TURKTRUST certificates.

      Security Updates Fixed in Firefox 18

        MFSA 2013-20 Mis-issued TURKTRUST certificates
        MFSA 2013-19 Use-after-free in Javascript Proxy objects
        MFSA 2013-18 Use-after-free in Vibrate
        MFSA 2013-17 Use-after-free in ListenerManager
        MFSA 2013-16 Use-after-free in serializeToStream
        MFSA 2013-15 Privilege escalation through plugin objects
        MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
        MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
        MFSA 2013-12 Buffer overflow in Javascript string concatenation
        MFSA 2013-11 Address space layout leaked in XBL objects
        MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
        MFSA 2013-09 Compartment mismatch with quickstubs returned values
        MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
        MFSA 2013-07 Crash due to handling of SSL on threads
        MFSA 2013-06 Touch events are shared across iframes
        MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
        MFSA 2013-04 URL spoofing in addressbar during page loads
        MFSA 2013-03 Buffer Overflow in Canvas
        MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
        MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
        MFSA 2012-98 Firefox installer DLL hijacking

          What's New

          • NEW -- Faster JavaScript performance via IonMonkey compiler
          • NEW -- Support for Retina Display on OS X 10.7 and up
          • NEW -- Preliminary support for WebRTC
          The Release Notes include additional changes and fixed features in version 18.  As with previous versions, the update includes a long list of Bug Fixes, referenced below.

          Update

          To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

          If you do not use the English language version, Fully Localized Versions are available for download.

          References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Friday, January 04, 2013

          WinPatrol® 2013 Update, v26.1.2013


          I asked and Bill did it! 
          I confess thousands have requested a WinPatrol feature that I never added until this week when asked for it. :)


          Yes, WinPatrol now has a minimize option.  Although it is certainly easy enough to click on another program to change focus, too often when helping people with WinPatrol, I caught myself closing WinPatrol Explorer, only having to relaunch it again.  I asked Bill if he would consider adding a minimize button.  As shown in the above screen clip, 
          Bill came through.  Thank you, Bill.

          Bug fixes include the" First Detected" Date for Active Tasks and when hiding the Scotty System Tray icon.

          Additional new features include the following:

          Delayed Start List Option:  
          "Run As Adminstrator" for any programs launched by WinPatrol in Delayed Start list.




          Restart Windows 8 to Advanced Repair/Restore mode:  
          Note:  This feature is only available with WinPatrol PLUS.

          Right-click on any file with WinPatrol and select "Restart Windows for Repair in Safe Mode."

          Although the latest version update includes Windows 8 features, WinPatrol runs on Windows XP, Vista and Windows 7, Windows 8 including x64 versions.

          Go here for additional information about the update and to download WinPatrol.

          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Thursday, January 03, 2013

          Security Advisory 2798897 Released, Certificate Trust List Updated

          Security Advisory
          Microsoft released Security Advisory 2798897 to provide notification regarding a a fraudulent digital certificate issued by TURKTRUST Inc.

          TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was used to issue a fraudulent digital certificate to *.google.com.

          Actions:

          Windows Vista and newer:

          With up-to-date security updates, your computer was protected with the installation of Microsoft Knowledge Base Article 2677070, released on June 12, 2012.

          The update provides an automatic updater feature which includes a mechanism that allows Windows to specifically flag certificates as untrusted. With this feature, Windows checks daily for updated information about certificates that are no longer trustworthy.  In the past, movement of certificates to the untrusted store required a manual update.

          If you have not installed KB 2677070, it is strongly advised that you do so as soon as possible.

          Windows XP and Windows Server 2003

          Because the automatic updater feature is not applicable to Windows XP and Windows Server 2003, it is necessary for users of these systems to manually check for updates.

          References:




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Security Bulletin Advance Notice for January 2013

          Security Bulletin
          On Tuesday, January 8, 2013, Microsoft is planning to release seven (7) bulletins addressing twelve (12) vulnerabilities.

          Two bulletins are identified as Critical and address vulnerabilities in Microsoft Windows, Office, Developer Tools and Microsoft Server Software.  The five remaining bulletins are rated Important and will address issues in Microsoft Windows, .NET Framework and Microsoft Server Software.

          As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

          References



          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Tuesday, January 01, 2013

          2013 - Microsoft MVP, Pay it Forward, #WWFD

          MVP

          How well I remember the January 2006 e-mail congratulating me on being presented with the Microsoft® MVP Award.  I knew that I had been nominated but, at the time, had no idea how the award cycle worked so the award came as a complete shock.

          Recalling that first award, it arrived following a particularly difficult time in "real life", resulting in a sort of personal renewal to dig in and continue with renewed enthusiasm.

          Once again, I have been faced with a troublesome time -- this an event that had a profound effect on our local community, the Christmas Eve shooting of four volunteer firefighters from the neighboring West Webster Fire District (#WWFD) when volunteer firefighters Mike (Chip) Chiapperini and Tomasz Kaczowka lost their lives and Theodore Scardino and Joseph Hofstetter were seriously injured.

          Since the Christmas Eve tragedy, one thing aside from the coming together of the "Brotherhood" that stood out was the support of people not only in the local community but also across the U.S. and Canada.  There was a resounding repetition locally and throughout the U.S. and Canada of unselfish occurrences of "Pay it forward" as people attempted to demonstrate appreciation to local and visiting firefighters, first responders, police and others in public service.  Hundreds upon hundreds of people volunteered their time to the community during this trying time.

          What I continued to reflect on as the end of 2012 approached was not only those who volunteer in our community but also how many people volunteer time and expertise to help others in both life-threatening situations and in every day life.  I couldn't help but feel that I wasn't doing my part.

          When I received the e-mail this morning recognizing my volunteer efforts in Consumer Security, helping people with infected computers, it slowly dawned on me.  Perhaps I am doing some good, freely helping others.

          Although I don't put my life on the line, it is an incredible honor that my volunteer contributions have again been recognized by Microsoft® with the award as 2013 Microsoft MVP:
          "Dear Corrine Chorney,

          Congratulations! We are pleased to present you with the 2013 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Consumer Security technical communities during the past year."
          Let the heroes of West Webster and around the world, the "random acts of kindness" serve as inspiration and challenge to you to Pay it Forward in 2013, volunteering or helping others in some small way.

          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...