Tuesday, October 29, 2013

Mozilla Firefox 25.0 Released



Firefox

Mozilla sent Firefox Version 25.0 to the release channel.  The update is a stability and feature update with five (5) critical three (3) high and two (3) moderate security updates.

Fixed in Firefox 25

  • MFSA 2013-102 Use-after-free in HTML document templates
  • MFSA 2013-101 Memory corruption in workers
  • MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
  • MFSA 2013-99 Security bypass of PDF.js checks using iframes
  • MFSA 2013-98 Use-after-free when updating offline cache
  • MFSA 2013-97 Writing to cycle collected object during image decoding
  • MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
  • MFSA 2013-95 Access violation with XSLT and uninitialized data
  • MFSA 2013-94 Spoofing addressbar though SELECT element
  • MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

One "new" feature that I do not like is that the "find bar" is no longer shared between tabs.  As a result, if searching for text on multiple tabs, it is necessary to open it on each tab.  As a result, it is necessary to open the find bar manually when searching multiple tabs.

The keyboard shortcut Ctrl + F opens the find bar.  Another option is to install an extension that enhances search options. There are two extensions that I am aware of that include the search all tabs function along with additional functionality:

 What’s New

  • NEW -- Web Audio support
  • NEW -- The find bar is no longer shared between tabs
  • CHANGED -- If away from Firefox for months, you now will be offered the option to migrate another browser's history and settings
  • CHANGED -- Resetting Firefox no longer clears your browsing session
  • DEVELOPER -- CSS3 background-attachment:local support to control background scrolling
  • DEVELOPER -- Many new ES6 functions implemented
  • HTML5 -- iframe document content can now be specified inline
  • FIXED -- Blank or missing page thumbnails when opening a new tab
  • FIXED -- 24.0: Security fixes can be found here

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Saturday, October 19, 2013

WinPatrol™2013 v29.0

WinPatrol 2013

WinPatrol 29.0.2013.0 was released as a "Power to the People" update, incorporating suggestions by users of WinPatrol.

Clickable Links on Alert Screens

WinPatrol v29 has added new clickable links on the alert screens.  As shown in the image below, in addition to the usual options, the alert screen now includes the ability to immediately disable the program from startup, check properties or open the folder.  For stubborn programs that continually add re-add to startup at each update, this is particularly welcome.

WinPatrol Alert Screen

Suppress Continuous Alerts

If, like me, you want to know what changes are made to your computer when installing a new program or Microsoft Updates, you've kept the option to be alerted when changes are made.  However, when faced with multiple alerts for the same update, there is a lot of clicking involved to approve the changes.

WinPatrol 29 now includes the default option to suppress additional alerts after your first response.

WinPatrol Options

New Features to Start, IE Helper and Service Alerts

  • Added Properties information directly from Windows
  • Added Open Folder launching Windows File Explorer to allow user direct access to new file.
  • Added Exit Windows emergency exit in case new users are confused or had WinPatrol installed without their knowledge.
  • Include Disable feature to new Startup Program alert message. This tells WinPatrol to keep track of this file and always remove it anytime it is put back into the startup list.

Enhancements and Bug Fixes

  • Reduce font size for dialogs that display long path names.
  • Confirm MS Shell Dlg font is used to support international system fonts
  • Adjust fonts to provide better handling when resizing main interface
  • Change default position of alert message to upper right corner to be less obstuctive
  • Detect signature file updates without warning McAfee users every day.
  • Confirm all types of changes are checked at the same time when any single change occurs.
  • Allow suppression of multiple alerts during Real-time Infiltration Detection

WinPatrol runs on Windows XP, Windows Vista, Windows 7 and Windows 8, including x64 versions, and can be installed directly over your current WinPatrol.  There is no need to remove your previous version or reactivate WinPatrol PLUS.

Download WinPatrol 29.0.2013.0


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Wednesday, October 16, 2013

Critical Oracle Java Security Update

java


Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.

This is a Critical Patch Update that contains 51 new security fixes for Oracle Java SE.  Oracle indicated that fifty (50) of the Java SE vulnerabilities fixed in this Critical patch Update are remotely exploitable without authentication.

Additional details about the update are available in the Oracle Quality Assurance Blog post, referenced below.  If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

For those people who have desktop applications that require Java and cannot uninstall it, Java can now be disabled in Internet Explorer.  See Microsoft Fix it to Disable Java in Internet Explorer.

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Java ControlPanel
(Image via Sophos Naked Security Blog)

3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

Download Information

Download link:  Java Version 7 Update 45

Verify your version:  http://www.java.com/en/download/testjava.jsp

Notes:
  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
  • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
  • 14 January 2014
  • 15 April 2014
  • 15 July 2014
  • 14 October 2014

References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, October 14, 2013

Improvement to Windows 7 SP1 Disk Cleanup


Included with Microsoft Updates on the last Patch Tuesday was KB 2852386, an optional update.  This update changes the Disk Cleanup wizard to provide the ability to delete superseded Windows updates in Windows 7 SP1, reducing the space used by the WinSxS ("Windows Side by Side") folder.

Normally, superseded Windows updates can be removed with the installation of a Service Pack.  However, since Windows 7 SP1 was released over two years ago, the size of the C:\Windows\Winsxs folder has grown significantly since SP1. 

As seen in the image copy of WinSxS Properties on my Windows 7 computer, before running Disk Cleanup, it is a very large folder at over 17 GB with over 73,000 files and 18,000 folders.

WinSxS Properties
Before Disk Cleanup

Important Notes

  1. Disk Cleanup needs to be run as Administrator.
  2. Windows Update Cleanup is checked by default under Clean up system files.  If you have had problems with Windows Updates in the past, you may not want to include the Windows Update Cleanup option when running Disk Cleanup.
  3. If you do not see the option for Windows Update Cleanup under Clean up system files, either the wizard did not detect Windows updates that are not needed on the computer or KB 285238 has not been installed yet.
  4. After running the Disk Cleanup wizard, you may not be able to roll back to a superseded update.  In that situation, it will be necessary to manually install the superseded update.
  5. The superseded update files will not be removed until the computer is restarted.  Windows will configure Windows updates on shutdown and Cleanup on startup.  Do not turn off your computer during that process. 

Results

Results will vary depending on the Microsoft programs installed on your computer.  In my case, with a lot of Microsoft programs installed and fully updated, there is a significant difference.  Comparing the before image of WinSxS Properties from my computer with the results after running Disk Cleanup:  14,684 files and 3,507 folders have been superseded since installing SP1.  Net gain:  6.9 GB!

WinSxS Properties
After Disk Cleanup


Illustrated screen images of the step-by-step process are available in the TechNet article referenced below.

References: 



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Saturday, October 12, 2013

CryptoLocker Ransomware


CryptoLocker is one nasty piece of malware! 

To put it simply, CryptoLocker encrypts the files on the computer and holds them for ransom.  There is only one private key available to unencrypt the public key and it is stored on a secret server with a time bomb set to destroy the key if the ransom isn't paid by the deadline.  Depending on the version, the ransom is $100 to $300 with a deadline for payment of between ~72 to 100 hours.

Techies interested in "deep dive" information on CryptoLocker are encouraged to see the additional references below.

Update:  Grinler published a comprehensive CryptoLocker Guide and FAQ, added to the references below.  (15OCT2013)

Update 2:  Grinler's guide has been updated with new information. Of particular interest it the information about CryptoPrevent.

CryptoPrevent is a free utility by
FoolishIT LLC that automatically adds the suggested Software Restriction Policy Path Rules (listed in the guide) to your computer. The added Software Restriction Policies are to prevent CryptoLocker and Zbot from being executed in the first place.  (21OCT2013)

Cure

The trojan can be removed from the computer but, other than paying the ransom (not recommended), there is no known way of recovering access to the encrpted files.

The reason it is not recommended that the ransom be paid is that there have been reported instances of the ransom being paid but the decryption key did not work.

As pointed out by "Grinler" in his forum post in the Cryptolocker Hijack program discussion at Bleeping Computer, the only reliable recovery is System Restore or reliable backups.  In the unfortunate event your computer does get infected with CryptoLocker, Grinler's post includes instructions on "How to restore your encrypted files from Shadow Volume Copies"

Prevention

  • Keep your computer updated (antivirus software as well as both Microsoft security and third-party programs).  
  • Be extra cautious about email attachments.  
  • Review critical files and store backups of anything that cannot be replaced offline.  
  • If you are in a position to do so, purchase a Malwarebytes Anti-Malware PRO license for the malware execution prevention and blocking of malware sites and servers that it provides.  A license is currently a one-time fee of $24.95 for one computer.

Additional Information

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, October 08, 2013

Microsoft Security Updates for October 2013


Microsoft released eight (8) bulletins.  Four of the bulletins are identified as Critical with the remaining four bulletins rated Important.

The updates address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight.

The updates to Windows and Internet Explorer require a restart.  For those people who run into problems with .NET Framework updates, it is recommended that the update be installed separately with a restart between other updates.

The Critical update for Internet Explorer addresses the publicly disclosed issue described in Security Advisory 2887505.  From the MS13-080 Update FAQ:
"If I applied the automated Microsoft Fix it solution for Internet Explorer previously described in Microsoft Security Advisory 2887505, do I need to undo the workaround before or after applying this update?

No. Customers who implemented the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," previously described in Microsoft Security Advisory 2887505, do not need to undo the Microsoft Fix it solution before or after applying this update.

Note
 Although it is not necessary to undo the Microsoft Fix it solution, customers can follow the steps in Microsoft Knowledge Base Article 2879017 to undo the Microsoft Fix it solution."


Critical:
  • MS13-080 -- Cumulative Security Update for Internet Explorer (2879017)
  • MS13-081 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
  • MS13-082 -- Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
  • MS13-083 -- Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)

Important:
  • MS13-084 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
  • MS13-085 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
  • MS13-086 -- Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)  
  • MS13-087 -- Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Support

The following additional information is provided in the Security Bulletin:

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Adobe Flash Player Update

Adobe Flashplayer

Adobe has released updates for Adobe Flash Player for Windows, Macintosh and Linux. 

The "Release Notes", indicate that there are no impacted deliverables in the update. Both Flash Player and AIR updates include new functionality and important bug fixes. 
With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 Preview are also updated.  Windows RT must obtain the update from Windows Update.

Update Information

The newest versions are as follows:
Windows and Macintosh:  11.9.900.117
Linux: 11.2.202.310

Adobe AIR:  3.9.0.1030

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install Google Drive.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

Notes:
  • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Adobe Reader Security Update

Adobe
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows.  These updates address a regression that occurred in version 11.0.04 affecting Javascript security controls. 

Adobe Reader and Acrobat X (10.1.8) and earlier versions for Windows are not affected, and all versions of Adobe Reader and Acrobat for Macintosh are also not affected by this vulnerability.

Release date: October 8, 2013
Vulnerability identifier: APSB13-25
CVE number: CVE-2013-5325
Platform: Windows

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Enable "Protected View"

    Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

    To enable this setting, do the following:
    • Click Edit > Preferences > Security (Enhanced) menu. 
    • Change the "Off" setting to "All Files".
    • Ensure the "Enable Enhanced Security" box is checked. 

    Adobe Protected View
    Image via Sophos Naked Security Blog
    If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

    References




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, October 03, 2013

    Security Bulletin Advance Notice for October 2013

    Security Bulletin
    On Tuesday, October 8, 2013, Microsoft is planning to release eight (8) bulletins.  Four of the bulletins are identified as Critical with the remaining four bulletins rated Important.

    The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505

    The updates to Internet Explorer and Windows will require a restart.  For those people who run into problems with .NET Framework updates, it is recommended that the update be installed separately with a restart between other updates.

    Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.

    As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Tuesday, October 01, 2013

    2013 U.S. and Canadian Cyber Security Awareness Month #NCSAM

    #NCSAM

    Cyber Security Awareness Month is observed in the United States and Canada.  The purpose is to increase public awareness of cyber security.  The theme for the 2013 National Cyber Security Awareness Month (NCSAM) is Our Shared Responsibility.

    There are many areas to consider when discussing cyber security.  The area I consider most dangerous is Identity Theft.  Identity Theft occurs when someone uses your personal information without your knowledge.  With your personal information, thieves are able to open credit cards and bank accounts, set up mobile service, make online purchases and more, destroying your credit in the process.

    Let's examine what we can do to protect ourselves from Identity Theft.

    Prevent Identity Theft

    A few items to consider to protect your personal information include:
    • Only provide your Social Security Number when absolutely necessary.  
    • Never publicly post your address, phone number, driver’s license number, social security number (SSN) or student ID number.
    • Shred documents that contain personal information.
    • Use a strong password to protect your banking, credit card as well as accounts where you make online purchases or make payments.
    • Use a unique password at each site.
    • Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.
    • Keep your computer updated with both Microsoft Security Updates as well as third-party software such as Adobe and Oracle Java products.

    What cyber security tips do you have?  Share your favorites in the comments and be sure to check the additional resources provided below.

    Resources:


    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...