Updates 2020-09-08

Welcome back, Folks!

Today is Patch Tuesday for September 2020.

This Month in Technology

I enjoy the soapbox I’ve taken here in my newsletters over the years, but unfortunately we were struck by a PG&E “Public Safety Power Shutoff” event so lost more than a day this week for Patch Tuesday and haven’t had the time (or Internet access!) to be able to collect this information for this newsletter. 🙁

Now for the good news:

Adobe Flash will be dead in only 113 days.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, and MSRT (~1.5 GB). This includes security updates. A reboot is required.

Apple released an update for Pro Video Formats 2.1.2. Use Apple Software Update to install these updates. A reboot is required.

Adobe Flash Player 32.0.0.414 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 85.0.4183.84 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.9 improves removal process, and adds support for new hardware. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

nVidia 452.06 adds support for newer hardware and improves performances in some games. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.13.82 adds several new privacy controls and display options. This is a security update.
https://brave.com/

Google Chrome 85.0.4183.102 is a security update.

Microsoft Edge 85.0.564.44 is a security update.
https://www.microsoft.com/en-us/edge/business/download

Firefox 80.0.1 resolves several bugs. This is not a security update.
https://www.mozilla.org/en-US/firefox/new/

Firefox ESR 68.12.0 is a security update.
https://www.mozilla.org/en-US/firefox/organizations/all/

Vivaldi 3.3.2022.39 is a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.2.0 resolves several bugs and improves OpenPGP integration. This should be treated as a security update.
https://www.thunderbird.net/en-US/

OutlookAttachView 3.42 adds cell context copy option. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

curl 7.72.0 resolves one hundred bugs, adds zstd decoding, improves failure handling and adds effective method. This is a security update.
https://curl.haxx.se/windows/

Dropbox 104.4.175 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.50.0 updates Storj integration. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.1 resolves several bugs and improves compatibility. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9997 is a security update.
https://nmap.org/npcap/

Prosody 0.11.6 resolves several bugs, and improves reliability and security.
https://prosody.im/download/start

Technitium DNS Server 5.2 resolves several bugs and adds certbot support. This is not a security update.
https://technitium.com/dns/

Zoom 5.2.45120.0906 disables webinar attendance by telephone. They plan to re-enable this feature “in the coming weeks.” This is not a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

Picard 2.4.4 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

3tene 2.0.3 resolves several bugs and adds z-axis tracking to Pro. This is not a security update.
https://en.3tene.com/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.09.03 resolves several bugs. This is not a security update.

PlayStation PS4 7.55 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.012.20043 resolves compatibility issues with some programs. This is a security update.

Adobe DNG Converter 12.4 adds support for new hardware.
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6975
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6973

Adobe Experience Manager 6.5.6.0 and 6.4.8.2 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-56.html

Adobe Framemaker 2019.0.7 is a security update.
https://helpx.adobe.com/security/products/framemaker/apsb20-54.html

Adobe InDesign 15.1.2 is a security update.
https://helpx.adobe.com/security/products/indesign/apsb20-52.html

Atom 1.51.0 improves performance resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.90 adds many new features and controls. This is a major update.
https://www.blender.org/download/

LibreOffice 6.4.6 resolves 70 bugs. This is a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.0.1 resolves over 70 bugs. This is a security update. Remember that this is a beta version of LibreOffice, so should be avoided by most users.
https://www.libreoffice.org/

Nextcloud Desktop 3.0.1 resolves several bugs and adds several new features. This is not a security update.
https://nextcloud.com/

Security Software Updates

One or more of these is likely to be of interest to most people.

Gpg4win 3.1.13 resolves several bugs and improves compatibility. This is a security update.
https://www.gpg4win.org/download.html

RogueKiller 14.7.2 adds several new features and updates libraries. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.29.2 resolves a couple bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.27 adds several new features and resolves more than a dozen bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.1.0.5 resolves a couple bugs and adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 12.2 improves search and display. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

Agent Ransack 2019.2947 adds installer flags for language, ui, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

DesktopOK 7.81 adds 64-bit improvements. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.71 adds option to copy contents of the clicked cell. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

DriverView 1.50 resolves a 64-bit compatibility problem. This is not a security update.
https://www.nirsoft.net/utils/driverview.html

Etcher 1.5.107 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

FileLocator Pro 8.5.2947 adds installer flags for language, UI, and registration, resolves a performance bug with exporting searches that don’t parse content. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

Fing 2.0.1 adds support for new device detection, Wi-Fi heatmap, security details and resolves a bug in Bonjour discovery. This is not a security update.
https://www.fing.com/products/fing-desktop-download-windows

GoodSync 11.3.3 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

Homedale 1.89 improves columns in GUI, and now uses UTF8 for logs. This is not a security update.
https://www.the-sz.com/products/homedale/

HWMonitor 1.42 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 2.32 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7640 improves component controls and settings, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Aomei Partition Assistant 8.9 improves GUI, and resolves several bugs. This is not a security update.
https://www.diskpart.com/

PointerStick 4.66 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.21.1 improves stability, adds several features, and resolves bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.2 resolves several bugs, including a reliability bug in manual saves. This is not a security update.
https://12pd.com/click?rf

TeamViewer 15.9.4 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 2.22 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

Ultimate Boot CD 5.3.9 updates libraries. This is not a security update.
http://www.ultimatebootcd.com/download.html

WinGet 0.1.42241 adds autocomplete. This is not a security update.
https://github.com/microsoft/winget-cli/releases/latest

WinScan2PDF 6.01 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.35 improves logging and export capabilities, and adds max last-modified date for newest file in the folder tree. This should be treated as a security update.
https://wiztreefree.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 14.10.0 resolves dozens of bugs, updates libraries, and improves stability. This is not a security update.
https://nodejs.org/en/

SQLite 3.33.0 resolves several bugs, adds support for arbitrary-precision decimal arithmetic, UPDATE FROM, increases maximum database size, and improves integrity checks.
https://www.sqlite.org/download.html

StrawberryPerl 5.32.0.1 is a major update adding new features, bug fixes, libraries and compatibility. This is not a security update.
http://strawberryperl.com/

Visual Studio Code 1.48.2 resolves several bugs. This is not a security update.
https://code.visualstudio.com/

WinMerge 2.16.8 resolves several bugs, improves stability and reliability. This is not a security update.
https://winmerge.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.14-140239 resolves several bugs and adds support for Linux kernel 5.8. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Coppermine Gallery 1.6.09 resolves several bugs. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.11.2 is a security update.
https://dadamailproject.com/

Drupal 9.0.5 resolves a cosmetic bug and changes component registry to avoid flagging for non-existent security vulnerability. This is not a security update.
https://drupal.org/download

HumHub 1.6.3 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

Joomla 3.9.21 is a security update.
https://www.joomla.org/

Nextcloud Server 19.0.2 resolves dozens of bugs and updates libraries. This is not a security update.
https://nextcloud.com/

phpList 3.5.6 adds reply-to support, forwarding improvements, and resolves several bugs. This is not a security update.
https://www.phplist.org/

ScreenConnect 20.10.957.7556 resolves several bugs and adds new user controls. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.5.1 resolves dozens of bugs. This is not a security update.

Autoptimize 2.7.7 is a security update.

Contact Form 7 5.2.2 resolves several bugs. This is not a security update.

Social Post Feed 2.16.1 resolves several bugs. This is not a security update.

Interactive World Map 3.1.8 improves compatibility and resolves several bugs. This is not a security update.

myStickymenu 2.4.4 resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.18 resolves several bugs and improves compatibility. This is a security update.

W3 Total Cache 0.14.4 resolves several bugs and improves compatibility. This is not a security update.

WooCommerce 4.5.1 resolves several bugs and improves compatibility. This is not a security update.

WP Mail SMTP 2.3.1 improves compatibility and resolves several bugs. This is not a security update.

Show IDs 1.1.5 improves compatibility. This is not a security update.

WPtouch 4.3.38 resolves several bugs. This is not a security update.

WordPress Zero Spam 4.10.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-08-11

Welcome back, Folks!

Today is Patch Tuesday for August 2020.

This Month in Technology

I pride myself in my sarcastic wit and infinite patience, but these days I spend so much time shaking my head in such shame for humanity that I’m afraid I’m going to get whiplash.

I’m trying to keep on the topic of technology, but it’s hard when that very technology is being used to silence, stalk, abuse, and defame so many. What’s worse is that when they’re caught they just throw money at those investigating them in order to escape culpability.

Cancel Culture was obvious to authors in the 1930s, but has been ignored over the last decade because those who speak up are themselves cancelled. Richard Stallman explains his position on digital currencies being evil, and how technological tracking will inevitably be used for cancel culture. (Heck, even Bill Maher opposes cancel culture!) Sadly, it may be too late to stop at this point, since cancel culture has now escaped planet Earth to infect the cosmos.

Canon was hacked, Avon was hacked, Intel was hackedGarmin was hacked, Walmart was hacked and is being sued under the CCPA over it, Capital One was finally punished for being hacked, Dave was hackedLedger was hacked, exposing a million accounts and emails, Tor has been hacked (the vulnerabilities have actually been known for *years*), nearly a thousand enterprise VPN servers have been hacked, 62,000 NAS devices have been hacked and infected, and Twitter was hacked (by a Florida teen who exposed Twitter’s “nonexistent” censorship tools). Is it any wonder Twitter was hacked since it took them almost two years to patch an app vulnerability?

A dozen VPN providers used an unprotected and insecure storage to harvest details of over twenty million (20,000,000) users, including payment details and traffic history.

Google is harvesting data from third parties to build rival apps, but it doesn’t stop there – they also “accidentally” enabled their Google Home smart devices to listen 24/7 and record their environments.

A TeamViewer vulnerability allows anyone running a version older than those released *yesterday* to be hacked, and of the 79 Netgear router models that have known security vulnerabilities, Netgear has announced they won’t patch 45 of them – including several AC models that are only 3 years old, and Snapdragon chip vulnerabilities put over a billion Android devices at risk. On the subject of defective hardware, BadPower can light you up!

Microsoft is flagging HOSTS files used to block unwanted telemetry as malicious. Evil extensions continue to be evil. AT&T “accidentally” tells all their customers they have to replace their brand new phones in order to continue to use cell service, Humana (Tricare) “accidentally” told 600,000 US military veterans that they were infected with COVID-19.

Advertisements are evil privacy-erasing monsters, but Ad URLs are worse.

Now for the good(?) news:

Recently, the lockdowns are responsible for more suicides and deaths by overdose than COVID-19. That’s gotta be a silver lining somehow, right?

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, and MSRT (~1.3 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, Safari 13.1.2, Xcode 11.6, iCloud for Windows 11.3, iCloud for Windows 7.20, iTunes 12.10.8 for Windows. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 13.6 and 12.4.8, and iPadOS 13.6 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 6.2.8 and 5.3.8 are security updates. Use the Watch app on your iPhone to install the most current version.

tvOS 13.4.8 is a security update. Use System, Software Update to install the most current version.

Adobe Flash Player 32.0.0.414 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 84.0.4147.110 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.8 resolves issues with NVIDIA removal. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.11.104 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Firefox 79.0 is a security update. Use Menu, Help, About to install the most current version

Firefox ESR 68.11.0 is a security update. Use Menu, Help, About to install the most current version.

Google Chrome 84.0.4147.125 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 84.0.522.59 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 3.2.1967.41 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 78.1.0 is a security update. Direct updates are disabled for 78.x so you will need to download and install the update from the Thunderbird website:
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

BrowsingHistoryView 2.41 adds support for local /cfg file. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

Dropbox 103.4.383 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.1 resolves a cosmetic bug. This is not a security update.
https://filezilla-project.org/

FreeFileSync 11.0 improves Google Drive sync and backups, adds WSL symlink support, and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9996 resolves several bugs, including stability/crash problems. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 5.0.2 resolves several bugs and updates libraries. This is not a security update.
https://technitium.com/dns/

WinSCP 5.17.7 is a security update.
https://winscp.net/eng/index.php

Zoom 5.2.42619.0804 resolves several bugs, improves compatibility and hardware support, and adds several new features. This is not a security update.
https://zoom.us/

Line 9.6.0 adds effects stickers. This is not a security update.
http://line.me/update

Media Updates

These are unlikely to be of interest to most people.

3tene 2.0.2 updates libraries, improves compatibility, and resolves several bugs. This is not a security update.
https://en.3tene.com/

iTunes 12.10.8 is a security update. Use Apple Software Update to install the most current version.

darktable 3.2.1 resolves almost 100 bugs, improves lighttable, CSS styles, Color Picker, preferences, and many more. This is not a security update.
https://www.darktable.org/install/

Picard 2.4.1 resolves a dozen bugs and adds support for new formats, improves functions and stability. This is not a security update.
https://picard.musicbrainz.org/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.012.20041 is a security update. Use Menu, Check for updates to get the most current version.

Adobe Lightroom 9.3 is a security update.
https://helpx.adobe.com/security/products/lightroom/apsb20-51.html

Magento 2.4.0 and 2.3.5-p2 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-47.html

Adobe Reader Mobile 20.3 is a security update.
https://helpx.adobe.com/security/products/reader-mobile/apsb20-50.html

Adobe Prelude 9.0.1 is a security update.
https://helpx.adobe.com/security/products/prelude/apsb20-46.html

Adobe Photoshop 20.0.10 and 21.2.1 are security updates.
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html

Adobe Bridge 10.1.1 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb20-44.html

Atom 1.50.0 resolves several bugs and updates libraries. This is not a security update.
https://atom.io/

Blender 2.83.4 resolves dozens of bugs and improves performance. This is not a security update.
https://www.blender.org/download/

LibreOffice Still 6.4.5 is a major update to the stable version of LibreOffice. This build resolves over 100 bugs and improves stability over the previous beta “Fresh” line. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 7.0.0 is beta software. While this is a major update to the beta version of LibreOffice, nearly 200 bugs were resolved over the last few days so you should only use this if you are comfortable using beta software that is very likely to crash. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.8.9 resolves 9 bugs that improve cosmetics after the recent updates. This is not a security update.
https://notepad-plus-plus.org/

Paint.net 4.2.13 resolves several bugs and improves low-quality exports. This is not a security update.
https://www.getpaint.net/

Security Software Updates

One or more of these is likely to be of interest to most people.

DNSQuerySniffer 1.81 adds local /cfg file support and adds Select/Deselect All to column settings. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

Gpg4win 3.1.12 resolves several bugs and improves reliability. This is a security update.
https://www.gpg4win.org/download.html

Hashcat 6.1.1 resolves several bugs and adds support for new algorithms. This is not a security update.
https://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.3 updates core engine and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.29.0 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest

Capture Updates

These are unlikely to be of interest to most people.

SnagIt 2020.1.4 improves cosmetic controls and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.1.0.1 adds support for new encodings, adds output configuration exports, batch reporting, and new output profiles. This is not a security update.
https://www.dvdfab.cn/download.htm

MakeMKV 1.15.2 updates muxer to the latest matroska specification, resolves several bugs and adds drive speed control and standalone sdftool. This is not a security update.
https://www.makemkv.com/download/

PDF Creator 4.1.2 resolves a COM interface error and several other bugs. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.6.780 resolves several bugs and improves cosmetics. This is a security update.
https://1password.com/downloads/windows/

Bitwarden 1.20.1 resolves a crash bug and adds support for Windows Hello or TouchID on macOS to unlock the vault. This is not a security update.
https://bitwarden.com/

CCleaner 5.70.7909 improves compatibility, but is still detected as a “potentially unwanted program” by Windows Defender (and with all the problems CCleaner has had in the last couple years, they could be right).
https://www.ccleaner.com/

CPU-Z Installer 1.93 adds support for newer hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

CurrPorts 2.62 adds ‘Copy Remote Address’ option. This is not a security update.
https://www.nirsoft.net/utils/cports.html

Dell Command Update 3.1.3 improves reliability, compatibility, and stability. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

DesktopOK 7.71 resolves several bugs and adds HTTPS updates. This is a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Eraser 6.2.0.2990 adds exFAT support but doesn’t have a changelog. This should be treated as a security update.
https://eraser.heidi.ie/download/

Etcher 1.5.102 updates libraries, and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

Everything 1.4.1.988 reworks some Lite behavior, ensures volumes are mounted before use, and resolves several bugs. This is not a security update.
https://www.voidtools.com/

FolderChangesView 2.32 adds local /cfg support. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

GoodSync 11.2.8 resolves several bugs and improves reliability. This is not a security update.
https://www.goodsync.com/

Homedale 1.88 adds OWE encryption support. This is not a security update.
https://www.the-sz.com/products/homedale/

IsMyHdOK 2.21 vastly improves SSD support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 2.0.0.7596 resolves several bugs and adds new settings options. This is not a security update.
https://www.ntlite.com/download/

PointerStick 4.25 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.20.1 resolves several bugs. This is a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.1 adds import from Edge and resolves several bugs. This is not a security update.
https://www.roboform.com/

Sysmon 11.11 fixes a bug that prevented USB media from being ejected. This should be treated as a security update.
https://live.sysinternals.com/

TaskSchedulerView 1.56 improves compatibility for devices where the Remote Registry service is disabled. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TeamViewer 15.8.3 is a security update.
https://www.teamviewer.com/en/download/windows/

TraceRouteOK 1.77 resolves several bugs and improves GUI. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

USBDeview 3.00 adds several new timestamp columns that can be read when running elevated, and renames the other timestamp fields. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

USB Oblivion 1.13.0.0 adds ability to clean the Partition Diagnostic journal. This is not a security update.
https://www.cherubicsoft.com/en/projects/usboblivion

WifiInfoView 2.62 improves local /cfg file behavior. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.88 improves compatibility with multifunction devices. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.4 resolves several bugs and improves fastboot. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

AutoHotkey 1.1.33.02 resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Node.js 14.8.0 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://nodejs.org/en/

Node.js v12 12.18.3 updates libraries and resolves dozens of bugs. This should be treated as a security update.
https://nodejs.org/en/

Redemption 5.24.0.5736 adds several new methods and properties, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 11.11.0 adds Scheduling and validation, makes Open Discussion Lists always available, significantly improves active troubleshooting, and resolves compatibility with StopForumSpam. This is not a security update.
http://dadamailproject.com/

Docker Desktop 2.3.0.4 improves cross-platform compatibility, installation troubleshooting, and WSL 2 support. This is not a security update.
https://www.docker.com/products/docker-desktop

Drupal 9.0.3 resolves over 100 bugs. This is not a security update.
https://drupal.org/download

HumHub 1.6.2 resolves dozens of bugs. This is not a security update.
https://www.humhub.com/en/download

MailEnable 10.31 improves logging, and resolves over 30 bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 19.0.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

OpenCart 3.0.3.6 adds PayPal extensions and removes Openbay Pro. This is not a security update.
https://www.opencart.com/

OpenPetra 2020.06 adds consent storage for compatibility with legal requirements,
https://www.openpetra.org/

ScreenConnect 20.8.29574.7520 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Autoptimize 2.7.6 resolves several bugs. This is not a security update.

BuddyPress 6.2.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2.1 resolves several bugs. This is not a security update.

Social Post Feed 2.16 resolves a couple bugs. This is not a security update.

Register IP – Multisite 1.8.2 resolves a cosmetic bug and improves compatibility. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.16 improves compatibility and resolves two bugs. This is not a security update.

W3 Total Cache 0.14.3 resolves several bugs. This is not a security update.

WooCommerce 4.3.2 resolves several bugs. This is not a security update.

WP Add Custom CSS 1.1.6 updates code editor and improves compatibility. This is not a security update.

WordPress Zero Spam 4.9.12 is the latest in a series of fixes to the 4.0 rewrite. Over a hundred changes and many new features and controls are added. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-07-14

Welcome back, Folks!

Today is Patch Tuesday for July 2020.

This Month in Technology

Apple has formally announced that they’ll be switching to ARM processors on their new hardware. While Apple asserts that “most apps will just work,” the truth is that if it’s not a 64-bit app or it hasn’t been updated in more than a year, chances are not only won’t work on ARM but will never work on ARM. If you were here when they switched from PowerPC to Intel you remember the issues were long and wide. You’ll likely need a VM to make many of your apps work.

Piracy doesn’t pay, except for those creating the pirated apps.

Macs are still getting infected through fake “Flash update” malware, even on Catalina. From the comments, “Which is worse, a real Flash installer or a fake one? It’s a toss-up.”

Microsoft was caught breaching user trust, again, by hijacking your data from other browsers and importing into their forced update to their new Edge browser without your permission.

Mozilla switched to a 4-week cadence for major updates in March. This has resulted in even less time for beta testing and the expected release+1 security updates.

Google Chrome is planning to hide everything in a URL other than the domain name. Google, the most popular purveyor of information and also the self-appointed gatekeeper to what is true and false, believes that having the complete URL is bad for you.

Google resolved a major email spoofing vulnerability through customer services, shortly before allowing a core domain name for their Blogger service to expire.

Slack vulnerability allowed hackers to distribute malware to victims devices.

What is it going to take before you stop copying passwords on your phone?

Everyone knows Facebook is always listening. Now the courts have finally considered their web widgets “Wiretaps.” Others are, too. They’re also designing systems to be able to trigger recording of all background noise from external queues. In states like California, Facebook is already violating the all-party consent requirements by recording audio 24/7. Maybe they’ll eventually acknowledge that it’s bad and stop? Ouch. Sorry, I hurt myself laughing there. Oh, and the Facebook Messenger app allowed you to be infected with persistent malware. If you have a website with Facebook integration, you need to take action now to comply with the CCPA.

Airlines are perfectly happy to violate the Americans with Disabilities Act – and treat you like a terrorist – if you have medical conditions.

Bitdefender Antivirus allowed any website you visited to run code on your device. Apache’s Guacamole remote support client allows attackers to take over the entire enterprise. Backdoors in operating systems, why not backdoors in encryption software?

Surprise: phishing still works. Even by text. …and launching a service that relays content to third-parties will ensure it is abused. Honeypots (systems designed to be opened for abuse to see how attacks take place) demonstrate four previously unknown zero-day vulnerabilities.

Nintendo, Plex, Honda, Samsung, Oxford University, University Of Pittsburgh Medical Center, UCSF, anyone banking with various Chinese banks, Night Lion Security, 79 different Netgear router models, hundreds of online retailers, and it won’t be long before IoT vulnerabilities can be used to provide big game hunting for rare species.

June Patch Tuesday updates from Microsoft broke Outlook and other apps for some users.

Selective enforcement means you’re a publisher, says AG Barr of Section 230 of the CDA. There’s no better way to prevent the abuse of Section 230 to censor voices you disagree with.

Now for the good news:

Starlink is coming. LEO internet access could provide up to 1 Gbps Internet access from space. Testing will begin in the next weeks and will gradually move south as satellites take place.

For now, you can cut your internet bill by taking advantage of the free Xfinity Wi-Fi hotspots through the end of the year.

Let’s Get Busy

Now back to our regularly scheduled program.

Patch Tuesday this month is huge. The typical computer should see roughly 1.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, DNS Server, Office, Servicing Stack, and MSRT (~900 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.403 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.119 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Crucial Storage Executive 6.04 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive

Daemon Tools Lite 10.13.0 improves activation and creation and use of bootable disk images. This is not a security update.
https://www.daemon-tools.cc/products/dtLite

Intel Driver and Support Assistant 20.7.26 adds support for new hardware and improves application detection. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 451.67 resolves several bugs and improves compatibility. This is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.10.97 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 84.0.4147.89 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.64 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 78.0.2 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.10.0 is a security update. Use Menu, Help, About to install the most current version.

SeaMonkey 2.53.3 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/

Vivaldi 3.1.1929.45 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.41 adds an option to copy the preview content and resolves a bug in the cfg switch. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 68.10.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.6 resolves dozens of bugs, including 2FA and stability issues. This is a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.6 resolves several stability bugs. This is not a security update.
https://www.trillian.im/

curl 7.71.1 resolves several sanitation issues. This should be treated as a security update.
https://curl.haxx.se/windows/

Dropbox 101.4.434 doesn’t provide a useful changelog so should be treated as a security update.
https://www.dropbox.com/

FileZilla Client 3.49.0 resolves a several bugs. This is not a security update.
https://filezilla-project.org/

FreeFileSync 10.25 adds support for Google Drive Shared Drives and Shortcuts, resolves several bugs, and improves user interface. This is not a security update.
https://www.freefilesync.org/download.php

Npcap 0.9995 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

PuTTY 0.74 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Technitium DNS Server 5.0.1 is a major update that refactors how blocklists are stored and resolves several bugs. This is not a security update.
https://technitium.com/dns/

Zoom 5.1.28656.0709 is a security update.
https://zoom.us/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.07.09 resolves several bugs and improves compatibility. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Camera Raw and DNG Converter 12.3 adds support for new hardware. This is not a security update.
Mac: https://supportdownloads.adobe.com/detail.jsp?ftpID=6955
Win: https://supportdownloads.adobe.com/detail.jsp?ftpID=6957

Adobe Download Manager 2.0.0.529 is a security update.
https://helpx.adobe.com/security/products/adm/apsb20-49.html

Adobe ColdFusion 2016.16 and 2018.10 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html

Adobe FrameMaker 2019.0.6 doesn’t provide a changelog so should be treated as a security update.
Win32: https://supportdownloads.adobe.com/detail.jsp?ftpID=6963
Win64: https://supportdownloads.adobe.com/detail.jsp?ftpID=6965

Adobe Genuine Service 7.1 is a security update. (Point this one out the next time someone says pirating Adobe software can reduce the security of your computer.)
https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html

Adobe Media Encoder 14.3 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-36.html

Adobe Creative Cloud Desktop Application 5.2 is a security update.
https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html

Magento SUPEE-11346 (for Magento v1) is a security update.
https://www.magentocommerce.com/products/downloads/magento/

Adobe Audition 13.0.7 is a security update.
https://helpx.adobe.com/security/products/audition/apsb20-40.html

Adobe Premiere Rush 1.5.16 is a security update.
https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html

Adobe Premiere Pro 14.3 is a security update.
https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html

Adobe Illustrator 2020 24.2 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb20-37.html

Adobe After Effects 17.1.1 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-35.html

Adobe Campaign Classic 20.2 is a security update.
https://helpx.adobe.com/security/products/campaign/apsb20-34.html

Artweaver 7.0.6 resolves several bugs. This is not a security update.
https://www.artweaver.de/

Atom 1.49.0 resolves several bugs. This is not a security update.
https://atom.io/

Blender 2.83.2 resolves over 1250 bugs, adds improves performance and stability across several features and adds viewport denoiser. This is not a security update.
https://www.blender.org/download/

Krita 4.3.0 adds several new watercolor effects with brush presets and gradient map and palettizer filters. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.4.5 resolves over 100 bugs. This is beta software so should be avoided in favor of the “Still” version (LibreOffice stable). This is not a security update.
https://www.libreoffice.org/

Nextcloud Desktop 2.6.5 resolves several bugs. This is not a security update.
https://nextcloud.com/

Notepad++ 7.8.8 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Reader DC 20.009.20074 resolves several bugs. This is not a security update.
https://get.adobe.com/reader

Security Software Updates

One or more of these is likely to be of interest to most people.

Bitmessage 0.6.3.2 is a security update.
https://github.com/Bitmessage/PyBitmessage/releases/latest

DrWeb CureIt! 14.07.2020 should be treated as a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

Hashcat 6.0.0 adds 51 new algorithms, CUDA support, GPU emulation, improved auto-tuning and more. This should be treated as a security update.
http://hashcat.net/hashcat/#downloadlatest

RogueKiller 14.6.1 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/

TinyWall 3.0.7 adds support for WSL, whitelisting from network shares, improves detection of short-lived processes, and resolves several bugs. This is not a security update.
https://tinywall.pados.hu/

uBlock Origin 1.28.2 improves syntax highlighting in My Filters and asset viewer, resolves several bugs, and replaces the default filterlists with a new composite list.
https://github.com/gorhill/uBlock/releases/latest

VT-CLI 0.8.0 doesn’t provide a changelog so should be treated as a security update.
https://github.com/VirusTotal/vt-cli/releases/latest

Wireless Network Watcher 2.22 updates the internal MAC database and improves the CFG switch. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.26.1 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

SnagIt 2020.1.3 adds support for direct publication through TechSmith Knowmia, adds transparency support for color replacement, and resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.7 adds support for new encodings, adds several new conversion tools, presets, and bug fixes. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 4.3.1 updates libraries. This should be treated as a security update.
https://ffmpeg.org/ffmpeg.html

HandBrake 1.3.3 resolves several bugs. This is not a security update.
https://handbrake.fr/

IsoBuster 4.6 adds a bunch of new features and format supports. This is not a security update.
https://www.isobuster.com/download.php

PDF Creator 4.1 resolves several bugs and improves watermark support. This is not a security update.
https://www.pdfforge.org/pdfcreator

Utility Updates

These are unlikely to be of interest to most people.

1Password for Mac 7.6 is a security update.
https://1password.com/downloads/mac/

1Password for Windows 7.6.778 resolves dozens of bugs and improves reliability, adds notifications of website compromise, and improves accessibility. This is a security update.
https://1password.com/downloads/windows/

8GadgetPack 33.0 resolves several bugs, improves high-DPI support, removes defunct widgets. This is not a security update.
https://8gadgetpack.net/

AS SSD Benchmark 2.0.7316.34247 resolves a device access bug. This is not a security update.
https://www.alex-is.de/PHP/fusion/downloads.php?cat_id=4

Autoruns 13.98 now shows the Windows Defender binary as a signed binary. This is not a security update.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

Beyond Compare 4.3.5.24893 improves integration and compatibility, and resolves several bugs. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

Bitwarden 1.19.0 improves password concealment, adds soft delete and vault timeouts. This is not a security update.
https://bitwarden.com/

Cygwin 3.1.6 adds support for new socket options, resolves several bugs. This is a security update.
https://cygwin.com/

DesktopOK 7.48 adds SSL to automatic update capability. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.101 resolves several bugs, improves UI, and updates libraries. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.5 resolves several bugs and changes licensing…again. This is not a security update.
https://www.goodsync.com/

MS ISO Downloader 8.38 adds support for new images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

NTLite 1.9.0.7539 adds controls for Target release, Store pinning, Fast Startup, Fast User Switching, Hardware-accelerated GPU scheduling, Shutdown menu, Variable refresh rate, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

PowerToys 0.19.1 resolves dozens of bugs and stability issues. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

Rufus 3.11 improves compatibility and adds several keyboard shortcuts to toggle behaviors. This should be treated as a security update.
https://rufus.ie/en_IE.html

Sysmon 11.10 now captures ADS content into logs, introduces an is-any filter condition, and fixes several bugs. This is not a security update.
https://live.sysinternals.com/

Sigcheck 2.80 adds an option for specifying a trust GUID for signature verification and now shows certificate signing chains. This is not a security update.
https://live.sysinternals.com/

SimpleWMIView 1.41 adds cell-copying and case-sensitivity filtering. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TeamViewer 15.7.7 resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WifiInfoView 2.61 updates the internal MAC addresses list. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.81 resolves several bugs and improves rotation support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.3 resolves several bugs. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Android Studio 4.0.1.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio

AutoHotkey 1.1.33.01 resolves several bugs and adds encoding, warnings, and version requirement options. This is not a security update.
https://www.autohotkey.com/download/

Godot 3.2.2 makes over 800 changes, adding C# support for iOS, 2D batching for GLES2, re-architecture of the Android plugin system, DRLS support and ENet integration, and better handling of Variants. This is not a security update.
https://godotengine.org/

Java 8u261 is a security update.
https://www.java.com/en/download/manual.jsp

Node.js 14.5.0 resolves dozens of bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

Node.js v12 12.18.2 resolves several bugs and updates libraries. This is not a security update.
https://nodejs.org/en/

SQLite 3.32.3 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

DB Browser for SQLite 3.12.0 improves table editing, conditional formatting, and multi-threading, as well as dozens of other improvements and bug fixes. This is not a security update.
https://sqlitebrowser.org/

Visual Studio Code 1.47.1 is a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.12-139181 resolves over a dozen bugs and improves hardware compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

PPSSPP 1.10.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

Apache Tomcat 10.0.0-M7, 9.0.37, and 8.5.57 are security updates.
https://tomcat.apache.org/

Coppermine Gallery 1.6.08 improves installation and compatibility. This is not a security update.
https://coppermine-gallery.net/

Dada Mail 11.10.3 improves AWS signature v4 support. This is not a security update.
https://dadamailproject.com/

Drupal 8.8.8 and 8.9.2 are security updates.
https://drupal.org/download

Drupal 9.0.2 resolves dozens of bugs. This is not a security update.
https://drupal.org/download

Joomla 3.9.20 is a security update.
https://www.joomla.org/

phpList 3.5.5 is a security update.
https://www.phplist.org/

ScreenConnect 20.7.29305.7496 resolves several bugs and improves compatibility. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.4.2 is a security update.
https://wordpress.org/

Autoptimize 2.7.3 resolves several bugs. This is not a security update.

BuddyPress 6.1.0 resolves several bugs. This is not a security update.

Contact Form 7 5.2 improves compatibility and resolves several bugs. This is not a security update.

Email Log 2.4.2 resolves several bugs. This is not a security update.

myStickymenu 2.4.3 resolves several bugs. This is not a security update.

Raw HTML 1.6.3 resolves a warning. This is not a security update.

Theme My Login 7.1.1 resolves several bugs. This is not a security update.

W3 Total Cache 0.14.2 resolves several bugs. This is not a security update.

WooCommerce 4.3.0 adds template caching, PHP warnings, improves accessibility, and resolves dozens of bugs. This is not a security update.

WP Mail SMTP 2.2.1 resolves several bugs and improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-06-09

Welcome back, Folks!

Today is Patch Tuesday for June 2020.

Windows 10 v2004 has been released. Don’t be the guinea pig! Make sure you’ve installed v1909 recently so you won’t be forced into the new build before they work out the bugs. I don’t see a lot of differences between v2004 and v1909 that most people would benefit from, anyway, but these releases tend to take a couple months to work out most of the bugs. For example, many Windows policies are erased during the upgrade which can result in local accounts being forced into using inescapable Microsoft accounts for users that don’t understand that “skip for now” is an option.

If you’re running any commercial version of Windows 10 prior to v1809 (build 17763) then it’s no longer supported and you will not receive operating system security updates. Upgrade to v1909 ASAP to maintain security updates for your device. Don’t install v2004 yet, since it’s now in what most people would call the “public beta.” Download v1909 for your system using the ISO Downloader, mount the ISO, then use the setup.exe file to install. Change the option on the first page of the installer to DISABLE checking for updates until after the installation is completed.

This Month in Technology

You could have probably used an egg timer to measure the time between the Orwellian release of GACT – Google/Apple Contact Tracing, which we were assured time and time again would never be used for anything other than COVID-19 tracking – and when it was used to track and arrest protesters. The current version of GACT can be disabled by turning off Location and Bluetooth on your devices. This will not be the case in the next iteration due within the next month.

The number of security vulnerabilities discovered in popular open source projects more than doubled in 2019. The horror! The fear! Well, this is actually a good thing. Vulnerabilities aren’t created by evil third-parties or hackers. They’re created by the original developers. They’re baked into the programs and libraries that the developer created – generally through failure of imagination or insufficient testing. The hackers and other third-parties only discover them and report them to the developers. Think of it like someone testing all the car doors in a parking lot to see if a car is unlocked. The “discovered” (read “reported”) vulnerabilities are what happens when the guy checking doors tells the car owner that he left the doors unlocked, so they can lock their doors. Unfortunately, whether they’re discovered or not the vulnerabilities do exist. Bad people may have already checked those doors and stolen everything out of your car long before the vulnerabilities were reported to the developers. Seeing these numbers go up makes me smile – the whole world is better for it. 🙂

The recent attacks on Microsoft logins using Google and Amazon URL redirection to steal authentication keys are not the only phishing methods currently being widely deployed. Attackers are also sending fake VPN configurations to users, which would allow direct man-in-the-middle attacks to proceed against all sites and services the victim used with their device.

My position on most services and features in any operating system or device is “default deny.” Turning off unused and unwanted features ensures that they can’t be abused and effect greater control over your device or your network. The #CallStranger UPnP protocol vulnerability allows malicious scripts from any website to hijack your internal network and perform network scans, DDoS attacks, or foothold attacks against your internal devices, including the vulnerable router that has UPnP enabled. Disabling UPnP and using manual network assignment would prevent this and any future UPnP vulnerabilities from having any effect.

The IAB has released a framework to aid in compliance with the CCPA.

The Free Thought Project provides several alternatives to the current law enforcement crisis that can help prevent the riots and protests we’re seeing now in many major metropolitan areas.

REAL science for the win. I wonder if the MSM outlets that have been vilifying Hydroxychloroquine will ever retract their statements? Sorry, that’s facetious since we all know that the MSM never acknowledges their failings. Will the arbiters of “truth” at Twitter and Facebook concede that their censorship was actually in the name of bad science? Of course not.

A major attack against Ajit Pai’s elimination of Net Neutrality comes in the form of AT&T paying itself for zero-rating HBO Max data on their networks. This will likely spring back up the Net Neutrality battle in the FCC.

The next Y2K is coming. CA Certificates are the parent certificates of the ones that provide TLS/SSL security for websites. The first of several to expire within the next year expired a few days ago causing service disruption for automated processes that depended upon the expiring authority certificates. Roku, Stripe, Sectigo, Fortinet and many, many more. Four separate root certificates expire within the next year and a dozen in the next 5 years. Be prepared for this to happen several more times in the near future.

Now for the good news:

Linux LTS Kernel 4.19 and 5.4 will be supported for 6 years. This will have a huge impact on the effective life of IoT devices.

Let’s Get Busy

Now back to our regularly scheduled program.

Thanks to the unstopping barrage of updates pushed during “weekly update quarantine”, Patch Tuesday this month is very light. The typical computer should see roughly 1 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, Microsoft Store, hardware security, and MSRT (~800 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.387 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.97 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.9.80 is a security update. This version removes the “accidental” hijacking of affiliate links. Use Menu, Help, About to install the most current version.
https://brave.com/

Microsoft Edge 83.0.478.45 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Npcap 0.9993 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.06.05 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.8.7 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Framemaker 2019.0.6 is a security update.
https://www.adobe.com/products/framemaker.html

Adobe Experience Manager 6.4 and 6.5 are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.25 resolves several bugs, adds APNG support, adds option to disable tasks, and adds new URL metadata field. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.0 adds support for new encodings, improves default bit-rate and ripper modules, and resolves a SRT export bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Etcher 1.5.97 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

PowerToys 0.18.2 resolves an elevation bug and several other bugs. This should be treated as a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.0 improves data synchronization, and resolves bugs in import. This is not a security update.
https://www.roboform.com/

USB Oblivion 1.12.2.0 adds support for unknown USB devices and resolves a bug related to old hardware. This is not a security update.
https://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 5.55 resolves a language selection bug and improves the scan integration. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

SQLite 3.32.2 improves VFS and PostgreSQL compatibility, adds IIF() support, improves the import command, and several other improvements. This is a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.10-138449 adds support for Linux kernel 5.7, resolves several bugs, and improves Wayland compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 2.3.0.3 upgrades the Linux kernel and resolves several bugs. This is a security update.
https://www.docker.com/products/docker-desktop

Akismet 4.1.6 resolves a race condition. This is not a security update.

Postie 1.9.53 adds a filter for postie_subject. This is not a security update.

WP Mail SMTP 2.1.1 adds a filter to set global reply-to address and improves documentation. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Do Not Reuse Passwords

Password security is a growing field and the old conventional wisdom of using a “strong” password and changing it frequently has lead to people using the same “strong” password on many different websites, resulting in their complete identity being hijacked when any one of those sites is compromised.

HaveIBeenPwned (HIBP) is a service that collects data dumps from when websites are hacked and uses the data to provide a service to alert users whenever their accounts are compromised. It’s like a central clearinghouse for account monitoring. Unfortunately, by the time accounts are listed in HIBP it is often years after the account has been hacked and the hackers that originally took the account information have had that entire period to make use of your account details. Many websites store their passwords in plain text, and many of the others that do use password hashing algorithms to store only a mathematical representation of the password and not the password itself neglect to use properly salted hashes, which means that those hashed passwords can often be compared with rainbow tables to effectively convert them to their plain text equivalent. Seeing the passwords that people – still today – continue to use is destroying my hope in humanity. For example, “123456” is used by almost 1% of business professionals for their online social interactions. Dead serious.

The trends on these exposed passwords show that there are very common patterns and weak password consideration is the rule of the day. Few people, and by few I mean I could probably count them on one hand, actually do passwords right. It’s time to take your own security seriously, because the evidence shows that many of those you do business with do not.

Here’s the Problem

Weak passwords you’ve used on service x (Yahoo, for example) will be dumped along with all the other passwords on that hacked service. Those same weak passwords will be tested on service y and service z. And everywhere else. This process is called “password stuffing.”

If you reuse even part of your passwords then you open yourself up to being targeted either randomly or by evil people you may already know. “Script kiddies” live and die by their ability to make an example out of people who they feel have done them harm. You could also become the victim of automated scanners that consume the usernames and passwords from these dumps then try them on every known system from Facebook to Gmail to email to banking services. The passwords will be munged in order to test similar or stylistically equivalent passwords. For example, of the LinkedIn hack, almost 2.5 million accounts (or about 1.5%) used some variant of the site name in their password. Those same accounts probably use some variation of the site name in most of their passwords. This can safely be assumed to be done everywhere, meaning that if you use “linkedin123456” for LinkedIn, there’s a good chance that your Facebook password is “facebook123456”.

So when over a million people used “123456” as their LinkedIn password, not only did it expose that as a very commonly used password, but it demonstrated that those million-plus email addresses tied to those weak passwords were used by people that didn’t take security seriously. If you use a weak password anywhere, chances are good that you use weak passwords elsewhere, if not everywhere. If something as quick and easy as changing a password isn’t done, then you also probably neglect your hardware and software. You’re using older and insecure programs. You’re exposing all of yourself with a single simple decision that you think will make your life easier.

It doesn’t. Reusing even part of a password only makes life easier for whoever attacks you. They can stay in their momma’s basement and spend all day throwing your account details at different sites until they get in. When they do, it doesn’t hurt them, it hurts you. Two or three hijacked accounts, or variations on your passwords from multiple dumps show how you think, and the style and scope of password complexity you use.

Again referring to the 2012 LinkedIn hack, there were over 26,000 variations of passwords that included “12” or “2012” in the password. From this we can imply that users will seed their passwords with the year they changed it. The same accounts are probably still using the same patterns with “2019” or “2020” today.

“Different” !== Strong

Usually these dumps are sold on the black market or used by the original hacker for a while before they’re inevitably released publicly. The data is out there so it’s necessary to use defensive passwords.

You can’t just change a number at the end of your password and possibly think that it’s going to make a difference in your security. The delay it might impose against an organized attacker is less than a single second. You can’t create a strong password by typing random characters on your keyboard. You just can’t. The predictive value of muscle memory, social and cognitive signals, and even keyboard bias result in a relatively small set of potential values for manually-generated passwords.

1337-sp34k offers no additional protection.

Using a strong password is no longer a suggestion. To be secure in the current world you must use a strong, unique, randomly-generated password for any and all sites and services. Failing to do so will result in that password being used as the seed to corrupt your digital life later on. Maybe not today, maybe not tomorrow, but soon, and for the rest of eternity.

The rules used to be pretty simple, but were still never observed:

  • DO NOT use a series of numbers and a word or two. (123badpassword)
  • DO NOT use a word or two and a series of numbers. (badpassword123)
  • DO NOT use a word with numbers breaking it up. (1bad2password3)
  • DO NOT use the site name or URL as any part of the password. (mylinkedinpassword)
  • DO NOT use keyboard sequences like “qwerty” or “123456”.
  • DO NOT use any word or name related to you or your life (pets, family, friends, musicians).
  • DO NOT use dates or other simple patterns.

Unfortunately, these rules are still ignored, and even if they were followed to a T, these rules are no longer sufficient for creating a passwords or passphrases manually. Today, any password you can remember is not a good password. It’s time you put the effort into proper password management.

Fortunately, the new rules are actually simpler:

But my browser remembers my passwords!

All modern browsers (Chrome, Firefox, Edge, Safari) have password management built-in. You can use that in order to generate strong passwords and, while short, they’ll be unique for each site. Unfortunately, since these passwords are stored in the browser they can be extracted by any malicious software that manages to make it onto the device or compromise your browser Sync account, where password managers generally use much stronger encryption.

Websites are still catching up to the reality of password managers

Long passwords, 300 characters or more, are not a problem for your password manager, but they’re probably a problem for the site. BofA limits your password to 20 characters. Yahoo limits your password to 128 characters. Facebook allows much longer passwords, but only requires 6 characters and character case isn’t treated as significant so entropy is significantly reduced, especially for shorter passwords.

Some websites and app logins don’t allow you to copy & paste in the password field which means that they often don’t play well with password managers. Others (like AT&T and Yahoo) refuse to allow certain characters in passwords, so randomly generated passwords have to be manually munged instead of allowing them to be truly random.

Nevertheless, failing to use a password manager means that you’re not using random passwords at all, and are likely reusing passwords to your own peril.

The solution is to get a password manager now and immediately start working to migrate your accounts to it. Almost every password manager today offers password analysis to warn you of weak, reused, and known compromised passwords so you can prioritize changing the passwords for those accounts.

What’s your favorite password manager?