Updates 2020-02-20

Welcome back, Folks!

It’s not Patch Tuesday, but security updates from Google, Mozilla, Apple and Adobe have triggered an out-of-cycle update.

This Month Week in Technology

According to one of Tumblr’s engineers, Apple’s iOS is adware.

Even great computers are no match for the human brain in perceiving what the typical human consider obvious. Exploiting this fact, evildoers are extorting Google Adsense users by threatening to fraudulently click ads in violation of the Adsense terms unless they get paid off.

If your site is still running an older version of TLS or SSL it’s about to get spanked by the browsers and search engines. Upgrade your HTTPS security policies to use only the latest methods (even if older devices can no longer visit your site).

This month brings even more Bluetooth design and implementation vulnerabilities, and reassurance that keeping your mouth shut may eventually pay off, a relatively minor bug in Firefox allows CSS to be abused to (slowly) extract data from secure sites, and a change to the CCPA (California Consumer Privacy Act) now allows business to keep certain information you’ve requested to be removed so they can…prove…it was…removed…huh? LOL

Finally, a scientific study demonstrates that sound-bite socialization and catch-phrase culture have ruined our ability to have an educated conversation. The real question should be, is anyone surprised?

Let’s Get Busy

The typical computer should see approximately 600 MB of updates. Let’s get started.

watchOS 6.1.3 and 5.3.5 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Logitech Options 8.10.84 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.116 is a security update. Use Menu, Help, About to install the current version.

Firefox 73.0.1 resolves several crash bugs. This is not a security update. Use Menu, Help, About to install the current version.

Vivaldi 2.11.1811.38 is a security update. Use Menu, Help, About to install the current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

FreeFileSync 10.20 adds email notification support, HTML logging, sync error detection, and more. This is not a security update.
https://www.freefilesync.org/download.php

IPNetInfo 1.95 adds improved command-line support. This is not a security update.
https://www.nirsoft.net/utils/ipnetinfo.html

WinSCP 5.17 resolves several bugs and adds new features. This is not a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

MyPaint 2.0.0 is a major new update with new layer and compositing features, new brush controls, and dozens more. This is not a security update.
http://mypaint.org/downloads/

Picard 2.3 resolves dozens of bugs and improves reliability. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.02.12 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice Still 6.3.5 resolves about 85, including stability and reliability fixes. This is not a security update.
https://www.libreoffice.org/

Paint.net 4.2.10 resolves several bugs, notably with those using MSI deployment (yay!). This is not a security update.
https://www.getpaint.net/

Adobe Media Encoder 14.0.2 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html

Adobe After Effects 17.0.3 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html

Adobe FrameMaker 2019.0.5 resolves several bugs. This is not a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6851
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6849

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.3 resolves a compatibility bug. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.7.4 adds support for new encodings and resolves a crash bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.7 resolves several bugs and improves compatibility. This is not a security update.
https://12pd.com/click?rf

Cygwin 3.1.4 resolves a couple bugs and improves compatibility with symlinks and junctions. This is not a security update.
https://cygwin.com/

Etcher 1.5.79 improves user experience. This is not a security update.
https://www.balena.io/etcher/

GoodSync 10.10.24 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

PointerStick 3.81 resolves several bugs and improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Developer Updates

These are unlikely to be of interest to most people.

Node.js 13.9.0 resolves over 200 issues. This is not a security update.
https://nodejs.org/en/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.4-136177 resolves several bugs and improves EFI support. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Nextcloud Server 18.0.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

HumHub 1.4.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

myStickymenu 2.3.5 updates license rates and terms. This is not a security update.

Postie 1.9.43 begins the migration of shortcodes into the main module. This is not a security update.

Raw HTML 1.6.2 resolves a compatibility bug. This is not a security update.

Redirection 4.7 adds domain relocation with exceptions, site aliases, www/wwwithout controls, and content-type. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.12 improves Blogger and Facebook compatibility. This is not a security update.

Sucuri Security 1.8.24 resolves two bugs. This is not a security update.

WooCommerce 3.9.2 resolves several bugs. This is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

AdSense-Specific Ransom Attacks

Good morning, everyone!

Are you seeing an unexpected spike in your AdSense earnings? It’s most likely intentional click fraud with a side of ransom.

Last night I discovered a new botnet that uses an initial “warning” in the user-agent of the first request to a site, then parses the content of the site and submits “clicks” to your AdSense account.

A similar botnet was discovered last month that used Firefox 27 as it’s user-agent. Blocking Firefox 27 is very easy: it’s very outdated and insecure, has a built-in updater, and it’s users should have been forced to upgrade by now. However, this new variant of that botnet no longer uses Firefox for it’s user-agent. Well, not ONLY Firefox.

Only the initial request from the botnet will send the ransom message as it’s user-agent string. If you don’t view your logs you might never realize you’ve fallen victim to their attack. This will be quickly followed thereafter by dozens or even hundreds or thousands of requests that parse random page content and “click” the AdSense ads. After the first request the botnet will use random legitimate user-agent strings, which makes it impossible to block on user-agent alone. This is designed to skew your AdSense click ratio via intentional click fraud. Even though you, as a publisher, are not directly involved in the click fraud, Google may punish you for the click fraud by terminating your publisher relationship with them.

DO NOT PAY THE RANSOM! As with all blackmail, paying the ransom would only encourage further attacks against you. A great example is the series of ransom-ware Trojans that hijack your content and encrypt it so that the user no longer has access to their own files. A warning appears demanding $x be sent to the attacker, and if you do send the money a second (and subsequently third, fourth and even fifth) amount is demanded, while never actually releasing your content.

We’re acting quickly to block all identifiable instances of the click fraud/ransom attacks, but you should take the time to personally contact Google to let them know that you’re aware of the new botnet that may be attacking your sites. This will ensure that you are not blindsided by Google should they determine that your account is manipulating clicks. Google has exactly one punishment for all slights: termination of your account. Don’t let it happen to you.

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2013-08-13

Hi, Folks!

It’s Patch Tuesday! Not too much this month, but it’s almost exclusively security updates. Let’s get right to it.

Microsoft released 8 updates for Windows, Internet Explorer, and Exchange. This includes security updates. A reboot is required. IMPORTANT: Make sure you also install the “optional” root certificate update!
http://update.microsoft.com/

Apple released updates for OS X and a variety of printer drivers. Use the Apple Software Updater to get the most current versions.

Adobe AIR 3.8.0.870 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone or kindle – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 9.10.0.1629 enables images compression by default, and adds digital signing of PDFs. This is not a security update.
http://www.bullzip.com/products/pdf/info.php#download

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 23.0 is a security update. This version also improves content sanity for security, various diagnostic and performance improvements, and several developer features. Use Help, About to install the most recent version.

Google Chrome 28.0.1500.95 is a security update. Use Menu, About to install the most current version.

HTTrack 3.47.22 adds punycode support, corrects several crashes and other bugfixes. This is a security update.
http://www.httrack.com/page/2/en/index.html

SeaMonkey 2.20 is a security update. Use Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 17.0.8 is a security update. Use Help, About to install the most current version.

NK2Edit 2.75 adds several new switches for sanity, output preference and automation. This is not a security update.
http://www.nirsoft.net/utils/outlook_nk2_edit.html

OutlookAttachView 2.56 is a cosmetic update. This is not a security update.
http://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Yahoo Messenger 11.5.0.228 does not provide a changelog, so should be treated as a security update.
http://messenger.yahoo.com/download/

BrowsingHistoryView 1.36 is a cosmetic change only. This is not a security update.
http://www.nirsoft.net/utils/browsing_history_view.html

Evernote 4.6.7.8409 provides bug fixes for editing notes across various Evernote clients. This is not a security update.
http://www.evernote.com/

FileZilla 3.7.3 is a security update.
http://filezilla-project.org/

Google Earth 7.1.1.1888 now enables controllers by default, and updates the LEAP API to 0.8.1. This is not a security update.
http://earth.google.com/index.html

Nmap 6.40 adds several new detections, provides bugfixes, and feature improvements. This is not a security update.
http://nmap.org/

PuTTY installer 0.63 is a security update.
http://www.chiark.greenend.org.uk/~sgtatham/putty/

uTorrent 3.3.1 Build 30003 improves automatic updating. This is not a security update.
http://www.utorrent.com/downloads

WinSCP 5.1.6 is a security update.
http://winscp.net/eng/index.php

Codec Updates

One or more of these are likely to be of interest to everyone.

ADVANCED Codec Package 4.2.2 updates included codecs. To install the update, you must uninstall and reinstall the application. This is not a security update.
http://shark007.net/win7codecs.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.5.2.4214 adds the ability to create a print contact sheet, video DVD verification, updated libraries, and minor bugfixes. This is not a security update.
http://cdburnerxp.se/

VLC Media Player 2.0.8 corrects several stability and performance issues. This is a security update.
http://www.videolan.org/vlc/download-windows.html

Winamp 5.65 updates libraries, bug fixes and more. This is a security update.
http://www.winamp.com/media-player/en

Game Updates

These are unlikely to be of interest to most people.

EA Origin 9.3.1.4482 adds group chat, improved notifications, installation and download improvements. This is not a security update.
http://www.filehippo.com/download_origin/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Digital Editions 2.0.1 is a security update.
http://www.adobe.com/products/digital-editions/download.html

Adobe Drive 5.0 is a major version update with workflow and performance improvements. This is not a security update.
http://www.adobe.com/downloads/updates.html

Adobe Bridge 6.0.1 is a reliability update. This is not a security update.
http://www.adobe.com/downloads/updates.html

Dynamic Link Media Server 7.0.1 is a bugfix release. This is not a security update.
http://www.adobe.com/downloads/updates.html

Blender 2.68a corrects 14 bugs including crashes, and reliability bugs. This is not a security update.
http://www.blender.org/download/get-blender/

Notepad++ 6.4.5 corrects a bug in file history. This is not a security update.
https://12pd.com/click?npp

OpenOffice 4.0.0 is a major update, providing over a thousand bugfixes, improvements and features. This is a security update.
http://www.openoffice.org/download/

Scribus 1.4.3 adds QR barcode support, Haiku OS support and new professional Color Tools. This is not a security update.
http://wiki.scribus.net/canvas/Download

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.3.5 adds a number of new distributions, improved OSX support, improved performance and other fixes. This is a security update.
https://bitmessage.org/

DNSQuerySniffer 1.06 is a cosmetic update. This is not a security update.
http://www.nirsoft.net/utils/dns_query_sniffer.html

KeePass 1.26 adds preloading via command line, database repair warning, and a number of improvements including DEP and ASLR compatibility. This is a security update.
http://keepass.sourceforge.net/

SmartSniff 2.07 corrects a cosmetic bug. This is not a security update.
http://www.nirsoft.net/utils/smsniff.html

Stinger 12.0.0.485 adds support for newer malware. This is not a security update.
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Wireless Network Watcher 1.66 is a cosmetic update. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

Wireshark 1.10.1 improves logging, trace and updates protocol support. This is not a security update.
http://www.wireshark.org/

Capture Updates

These are unlikely to be of interest to most people.

Open Broadcaster Software 0.542 Beta corrects several security and performance bugs. This is a security update.
http://obsproject.com/

VideoCacheView 2.52 improves support for Chrome, and adds support for YouTube MPEG-DASH files.
http://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.8.4 improves performance, reliability with mastering issues, audio selection and minor bugfixes. This is not a security update.
http://www.makemkv.com/download/

Utility Updates

These are unlikely to be of interest to most people.

Autoruns 11.70 adds a new option to have it show only per-user locations. This is a security update.
Disk2vhd 1.64 now supports disk sizes of up to 2 TB. This is not a security update.
Process Explorer 15.40 now shows WMI providers hosted in Wmiprvse processes, includes an autostart option and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems. This is a security update.
http://sysinternals.com/

CCleaner 4.04.4197 improves software detection and cleaning. This is not a security update.
https://12pd.com/click?ccleaner

Defraggler 2.15.741 improves performance, adds file type and modified date to display, and other fixes. This is not a security update.
https://12pd.com/click?defraggler

Recuva 1.48.980 adds UDF support, improves LFN support and several drive performance improvements. This is not a security update.
https://12pd.com/click?recuva

BlueScreenView 1.52 improves research with quick-search functionality. This is not a security update.
http://www.nirsoft.net/utils/blue_screen_view.html

NetworkTrafficView 1.75 adds protocol grouping. This is not a security update.
http://www.nirsoft.net/utils/network_traffic_view.html

NirCmd 2.75 adds moverecyclebin, suspendprocess, resumeprocess parameters, etitle support for find, and the ability to read Unicode files from clipboard. This is not a security update.
http://www.nirsoft.net/utils/nircmd.html

USBDeview 2.25 adds the ability to cycle devices, device control via Instance ID, and improved UAC support. This is not a security update. http://www.nirsoft.net/utils/usb_devices_view.html

WakeMeOnLan 1.52 adds cosmetic improvements. This is not a security update.
http://www.nirsoft.net/utils/wake_on_lan.html

WhatIsHang 1.20 adds 64-bit support, cosmetic improvements, and improved reporting. This is a security update.
http://www.nirsoft.net/utils/what_is_hang.html

WirelessKeyView 1.67 modifies application behavior to trigger fewer security alerts. This is not a security update.
http://www.nirsoft.net/utils/wireless_key.html

TeamViewer 8.0.20202 improves mobile support and provides bugfixes. This is not a security update.
http://www.teamviewer.com/en/download/windows.aspx

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.8.1 corrects a couple dozen bugs, including stability and reliability. This is not a security update.
http://tortoisesvn.net/downloads

Web Package Updates

These are likely to be of interest only to web developers.

MailEnable 7.50 provides compatibility fixes to installer, improved language support, and a fix for script handling. This is not a security update.
http://www.mailenable.com/

phpMyAdmin 4.0.5 is a security update.
http://www.phpmyadmin.net/home_page/news.php

SMF 2.0.5 is a security update.
http://download.simplemachines.org/

Dada Mail 6.5.2 fixes a send logging bug. This is not a security update. h
ttp://dadamailproject.com/download/

Drupal 7.23 is a bugfix release. This build also provides significant changes to the image API. Don’t forget to run update.php after updating the code! This is not a security update.
http://drupal.org/download

WordPress 3.6 is a major update that provides a more streamlined approach to uploads, embedding, autosave, revisions, post locking, updates included libraries, and more. This is not a security update.
http://wordpress.org/

BuddyPress 1.8.1 is a minor bugfix release. This is not a security update.

Contact Form 7 3.5.1 is a bugfix release. This is not a security update.

Developer 1.2.2 adds WP-CLI and removes Grunion Contact Form. This is not a security update.

Front-end Editor 2.3.1 updates included libraries and translations. This is not a security update.

Ultimate TinyMCE 4.8.1 fixes a download issue. This is not a security update.

W3 Total Cache 0.9.3 adds a variety of new features, improved plugin compatibility, performance and more. This is a security update.

WPtouch 1.9.8 improves Adsense support, fixes admin bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/