This security vulnerability is being actively exploited. Stop using Firefox under Windows until patched.
“Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle”
More info:
Emergency Bulletin: Firefox 0 day in the wild. What to do. – Wordfence blog
Firefox 0day in the wild is being used to attack Tor users – Arstechnica
Security
Patch Tuesday
Windows Updates
They’re ready if you are. Install’em at your own risk. Thanks for the heads up Arthur!
Microsoft Security Bulletin Summary for November 2016
Windows 10 and Windows Server 2016 update history
Adobe Flash Updated
APSB16-37 Security Updates Available for Adobe Flash Player
Downloads for:
Firefox
Internet Explorer
Patch Tuesday
Time To Run Windows Update? Not Anymore.
Windows 7 and Windows 8.1 users. I did not think I would ever say this. I am recommending that users NOT install Windows updates as they come out any more. As many of you have heard Windows 7 and 8.1 have gone to a “rollup model”. This means all the updates rolled into one. No more picking and choosing. Although there is some guidance for IT guys running WSUS it is not 100% clear how this is going to hit home users. I think the issue is going to take months to sort out and frankly Microsoft has completely lost my trust.
I’ve always run Windows Update manually. Up until today I ran it as patches came out. Now, I will be waiting a week or so and watching to see what the fallout is.
Windows 10 users. By installing Win10 you basically signed into the mess that has become Windows Update. You can of course disable Automatic Updates. You can do so by disabling the Windows Update service, or via Group Policy (this only works for “feature” updates), or by using software such as O&O ShutUp10. I haven’t tried this myself.
Adobe Flash & Reader Updated
APSB16-32 Security Updates Available for Adobe Flash Player
Download for Internet Explorer
Download for Firefox
I’ve been watching to see if/when Google Chrome will be updated for this. Nothing as of this writing. Watch here.
APSB16-33 Security Updates Available for Adobe Acrobat and Reader
Download Adobe Reader or update from within the program (Help > Check for updates).
Thursday Random Stuff…
Must Read: Online Trackers Follow Our Digital Shadow By ‘Fingerprinting’ Browsers, Devices
Not kidding. This is a must read. Read it twice, pass it along.
FYI – I use Privacy Badger as mentioned in the article.
Google Chrome 53.0.2785.143
“The stable channel has been updated to 53.0.2785.143 for Windows, Mac, and Linux. This will roll out over the coming days/weeks… This update includes 3 security fixes.”
Download
7-Zip 16.03
7-Zip is a free file archiver with a high compression ratio.
What’s new after 7-Zip 16.02:
– Installer and SFX modules now use some protection against DLL preloading attack.
– Some bugs were fixed in 7z, NSIS, SquashFS and RAR5 code.
Download and info (be sure to download the right one x86/x64)
[Read more…] about Thursday Random Stuff…
Monday Random Stuff…
“I think you have to be 8 different kinds of stupid to put your house or car on a network.” – TweakHound
Ransomware’s next target: Your car and your home
“The concept of today’s ransomware is to lock your data to ransom. But what we’re showing here is that the data is almost irrelevant — it’s the device we’re locking up: connected medical devices, home routers, cars; it’s the device,”
*edit 1728hrs – Rich G. provided a link to this article: Don’t Connect Your Phone To Rental Cars
“The researchers bought an infotainment system on eBay and hacked it to discover that MirrorLink’s two security methods could be overcome since (a) bypassing information was already published online and (b) passwords were stored in unencrypted plaintext. The result was that hackers could “eavesdrop on and inject” malware into the vehicle’s brain, the Controller Area Network, which could pose both a privacy risk as well as a personal safety risk.”
Ultimate Windows Tweaker 4.2.1 for Windows 10
“We’ve released version 4.2.1 to fix this bug related to privacy settings.”
Download
I use this for minor tweaks. Stay away from the Performance tab. Most of you TweakHound regulars already know this.
Speaking of which…
OMG
In the last week or so few Geek type sites have reviewed and approved of some tweaking software that claims to speed up or optimize your PC (different sites, different software).
No…
Just…
No.
Tor Browser Critical Update
A critical vulnerability was patched. This vulnerability still exists in Firefox proper and will be patched tomorrow.
Download Tor Browser
Firefox 49 is actually up on the mirrors but has not been officially released.
Download 32-bit(en-US)
Download 64-bit(en-US)
Download other systems and languages (copy/paste the appropriate link, substitute “49.0” for “48.0.2”)
Release Notes
Patch Tuesday
Microsoft Security Bulletin Summary for August 2016
Includes Win10 cumulative update KB3176495. Link not live yet: https://support.microsoft.com/en-us/kb/3176495
AMD Crimson Edition 16.8.1 Hotfix Drivers out too. These are NOT WHQL if that makes a difference to you.
Adobe Flash Updated
Thanks to reader Tim Cole for the heads up.
Adobe Flash has been updated. This means Google Chrome has been updated (Help > About Google Chrome) as well as Internet Explorer for Windows 8.1 and 10 (run Windows Update).
Download Flash :
Flash for IE
Flash for other browsers
Main download page
– – – – – – – – – –
Download Google Chrome
Patch Tuesday
Time to run Windows update. All supported Windows versions and MS Office have updates.
Windows 7 users, just run Windows Update and walk away…
Microsoft Security Bulletin Summary for June 2016
Patch Tuesday
Time To Run Windows Update
Updates for all currently supported Microsoft OS’s.
Microsoft Security Bulletin Summary for May 2016
Includes Cumulative Update for Windows 10 Version 1511 (KB3156421)
“This update includes quality improvements and security fixes. No new operating system features are being introduced in this update.”
Adobe Flash Updated
APSA16-02 Security Advisory for Adobe Flash Player
I expect Google Chrome and Win10 to get these updates soon.
Download:
Flash for IE
Flash for other browsers
Main download page
Adobe Reader Updated
APSB16-14 Security Updates Available for Adobe Acrobat and Reader
Download Adobe Reader or update from within the program (Help > Check for updates).
7-Zip 16
My favorite archiver/extractor. Download and Info
What’s new after 7-Zip 15.14:
– 7-Zip now can extract multivolume ZIP archives (z01, z02, … , zip).
– Some bugs were fixed.
You’re Preachin’ To The Choir ARS!
The connected car may be the dumbest idea ever, but it’s not going away (How long before every new car for sale is connected—and hackable?)
A View From The Other Side
Cult Of Mac has and interesting take on Win10: Microsoft can’t even give away Windows 10
Time To Run Windows Update
Got Windows? Got Updates!
Microsoft Security Bulletin Summary for April 2016
MS16-037 Cumulative Security Update for Internet Explorer (3148531)
MS16-038 Cumulative Security Update for Microsoft Edge (3148532)
MS16-039 Security Update for Microsoft Graphics Component (3148522)
MS16-040 Security Update for Microsoft XML Core Services (3148541)
MS16-041 Security Update for .NET Framework (3148789)
MS16-042 Security Update for Microsoft Office (3148775)
MS16-044 Security Update for Windows OLE (3146706)
MS16-045 Security Update for Windows Hyper-V (3143118)
MS16-046 Security Update for Secondary Logon (3148538)
MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527)
MS16-048 Security Update for CSRSS (3148528)
MS16-049 Security Update for HTTP.sys (3148795)
MS16-050 Security Update for Adobe Flash Player (3154132)