Welcome back, Folks!
Today is Patch Tuesday for January, 2021.
This Month in Technology
By now you’re probably very aware with the SolarWinds “hack” since it was 24/7 news only a month ago, though mostly conjecture. We now know they were hacked over a year before a third-party (FireEye) pointed it out to them, and the malware remained on their servers weeks after it was identified.
What we’ve learned of it over the last month is a rich reminder of do’s and don’ts:
- Don’t trust multi-factor authentication – it’s not nearly as effective at preventing logins as you’ve been lead to believe.
- Don’t take over devices you can’t exploit quickly – don’t expose yourself wideband for 0.2%.
- Do use a strong, unique password for everything – never something as absurd as “solarwinds123“.
- Do modify your firewall to eliminate automatic whitelists for government IP addresses.
- Do regular checkups – you never know what you’re going to find.
Don’t worry, though, they’ve hired a political hack to CYA!
Austin City, the City of Cornelia, City of Ellensburg, Independence City (Kansas), Chatham County (North Carolina), Huntsville City Schools (Alabama), Jefferson County (Kentucky), Subway, Intel’s Habana Labs, Microsoft, FireEye, the United Nations, Maryland’s GBMC HealthCare, the US Dept of Justice, Nissan, Livecoin, Spotify, IndiGo, various Israeli companies, the US Judiciary case file system, and many gaming companies have all been hacked.
Security issues or backdoors were found in Zyxel firewalls, Typo3, Android Bluetooth, Glassdoor, Nintendo 3DS, Microsoft 365, Google Titan security keys, Signal App cryptography, Starbucks mobile, and terabytes of secrets and databases have been dumped online.
Point-of-sale hardware has a “service mode” with a default password, malware is fingerprinting and mapping networks using the MAC address, Smart Doorbells are still a bad idea, Gionee has been infecting their own budget smartphones for kickbacks, and Google is still the easiest way to hack Google.
Ticketmaster hacked their competition 7 years ago and is only now paying a fine for it, Twitter is being fined almost half a million Euros for its breach handling, and Sabre Corp has now settled with 27 states over data breach.
WhatsApp won’t let you use it if you don’t want it to have your data tied to the rest of Facebook. The bigger you are, the bigger the target is on your back.
The “secure communication” tool Telegram tells everyone your precise location if you enable location support. One of my favorite browser extensions, The Great Suspender, changed hands in 2020 and the new publisher has recently been caught using it to distribute malware under the guise of analytics. Shopify, BigCommerce and other large sales platforms are being targeted with a card skimmer.
Mozilla (creator of Firefox and Thunderbird) wants the entire Internet to be used to censor certain publishers (that’s a bad thing), which is sad since they recently dropped support for PWAs (that’s a good thing).
Speaking of censorship and cancel culture, a potential new federal banking rule could put an end to the social/financial terrorism employed by cancel culture devotees. However, Big Tech censorship is at an all-time high in the wake of “riots” that were tame for the last year.
Corellium is protected by Fair Use and Tim Cook is going to have to testify more than a mere 4 hours about how his elimination of competition and closed ecosystem aren’t “really” a monopoly.
Ledger Wallet, T-Mobile (yet again), Amazon partner Juspay, Ubiquiti, Nintendo, 21 Buttons, Sangoma Technologies, Dental Care Alliance, Koei Tecmo, and Apex Laboratory all suffered data leaks/breaches.
Zoom, however, willingly shared their US user data with China.
Facebook’s recent Instagram hack exposed a massive click farm.
Google has had several service outages in the last month, as has Apple and even #Slack.
WinZip is vulnerable to a MitM attack (dude, no SSL, really?!).
Google broke SMS on many Android devices, your RAM can be used to exfil data from your device, Apple iPhone assembly plant Wistron in India has been suspended after a riot causes $60 million in damages. That may be a good thing, though, since the Apple MagSafe chargers can deactivate pacemakers.
macOS Preview is damaging PDFs (again).
Apple has removed the ability to download combo updates for Big Sur. This is going to cause serious security problems for the vast majority of the world that doesn’t have Bay Area bandwidth available to them.
In a good move, Apple has upset Facebooks advertising ecosystem by preventing certain data collection and use on their latest platforms, even Google is trying to figure out how to get around the new privacy requirements.
Why don’t I trust government? It’s hard to pick just one reason, but this month has many examples. Government employees tasked with preserving election data call for its mass deletion, or “accidentally” delete the security log files, while ignoring hundreds of pages of evidence and “moving the goalposts.”
The FBI has been hiding Seth Rich’s laptop while claiming they didn’t have it, public schools are purchasing hacking tools to get the data off student’s phones, mass data collection never ends, agencies fine you for helping during a crisis or being in a car without permission, while they hack journalist’s phones and run pedophile rings out of large white government buildings in DC. Nevertheless, you should trust the math and not look behind the curtain. Or else.
By the way, streaming content that you don’t have rights to is now a felony thanks to a nearly 6,000 page bill passed without anyone reading it. Hypocrisy is their bread and butter. Which is why they have such religiously held beliefs that violate all common sense.
Now for the good news:
It is now possible to integrate Everything into the Windows taskbar!
Starlink is approved for use in the UK, opening the door to true worldwide broadband.
Let’s Get Busy
Now back to our regularly scheduled program.
Adobe Flash Player is finally dead! There will be no more security updates released for Flash, and it’s probably the application single-most responsible for infections world-wide over the last 20 years, so it should be removed immediately. Use the utility below to remove it.
Win: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
Mac: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html
Patch Tuesday this month is pretty big. The typical computer should see roughly 2 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Edge, .NET, and MSRT (~ 1.6 GB). This includes security updates. A reboot is required.
Apple released updates for macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, Safari 14.0.2, macOS Server 5.11, macOS X Combo Update 10.15.7, Brother Printer Drivers 4.1.1 and HP Printer Drivers 5.1. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.
iOS 14.3 and iOS 12.5.1 are security updates. Use Settings, General, Software Update to install the most current update.
iPadOS 14.3 is a security update. Use Settings, General, Software Update to install the most current update.
watchOS 7.2 and watchOS 6.3 are security updates. Use the Watch app on your iPhone to install the most current version.
tvOS 14.3 is a security update. Use System, Software Update to install the most current version.
Google Chrome OS 87.0.4280.142 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months and only supports any consumer builds for 18 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface. This includes “free” applications like Avast, OpenOffice, and games you do not actually play.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
Crucial Storage Executive 6.09 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive
Display Driver Uninstaller 18.0.3.5 improves removal of various artifacts. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu
nVidia 461.09 is a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.18.78 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/
Google Chrome 87.0.4280.141 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/
Microsoft Edge 87.0.664.75 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download
Firefox 84.0.2 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/
Firefox ESR 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/
Iridium 2020.11 is a security update (but still not patched to the current Chromium security updates). Use Menu, Help, About to install the most current version.
https://iridiumbrowser.de/
Vivaldi 3.5.2115.87 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 78.6.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
Facebook Messenger 20201207 is a security update, but is still a month behind the current chromium security level. You should remove Facebook Messenger if you have it installed.
https://www.messenger.com/download
Trillian 6.4.0.2 resolves several bugs. This is not a security update.
https://www.trillian.im/
curl 7.74.0 is a security update.
https://curl.haxx.se/windows/
Dropbox 112.4.321 doesn’t provide a changelog so should be treated as a security update.
https://www.dropbox.com/
FileZilla Client 3.52.0.5 resolves several bugs. This is not a security update.
https://filezilla-project.org/
FreeFileSync 11.5 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php
Minds 4.7.0 improves data use and channel header, restyles posts, and resolves several bugs. This is not a security update.
https://www.minds.com/mobile
Npcap 1.10 resolves several bugs. This is not a security update.
https://nmap.org/npcap/
Technitium DNS Server 5.6 adds dynamic configuration application, adds cleanup options, block list refresh intervals, forced refresh, and resolves many other bugs. This is not a security update.
https://technitium.com/dns/
Zoom 5.4.59931.0110 adds ability to block insecure participants, force authentication, silence notifications when sharing, and management improvements. This is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
Adobe FrameMaker 2020.0.1 doesn’t provide a changelog so should be treated as a security update.
https://supportdownloads.adobe.com/detail.jsp?ftpID=7061
Adobe Bridge 11.0.1 is a security update.
https://helpx.adobe.com/security/products/bridge/apsb21-07.html
Adobe Captivate 2019 11.5.1.499 hotfix 1 is a security update.
https://helpx.adobe.com/security/products/captivate/apsb21-06.html
Adobe InCopy 16.0 is a security update.
https://helpx.adobe.com/security/products/incopy/apsb21-05.html
Adobe Campaign Classic Gold Standard 11, 20.3.3.9234, 20.2.4.9187, 20.1.4.9126, 19.2.4.9082, and 19.1.8.9039 are security updates.
https://helpx.adobe.com/security/products/campaign/apsb21-04.html
Adobe Animate 21.0.2 is a security update.
https://helpx.adobe.com/security/products/animate/apsb21-03.html
Adobe Illustrator 25.1 is a security update.
https://helpx.adobe.com/security/products/illustrator/apsb21-02.html
Adobe Photoshop 22.1.1 is a security update.
https://helpx.adobe.com/security/products/photoshop/apsb21-01.html
darktable 3.4.0 resolves over 100 issues and adds several new features. This is not a security update.
https://www.darktable.org/install/
Flickr Downloadr 3.3.3.2 resolves a couple bugs. This is not a security update.
https://flickrdownloadr.com/downloads/
Picard 2.5.6 resolves several bugs.
https://picard.musicbrainz.org/
Game Updates
These are unlikely to be of interest to most people.
Steam 2020.12.21 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0
PlayStation PS3 4.87 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps3/system-software/
PlayStation PS4 8.03 adds option to disable Game Chat Audio. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps4/system-software/
PlayStation PS5 20.02-02.30.00 resolves PS4 transfer bugs, text input and Wi-Fi stability issues, and improves performance. This is not a security update.
https://www.playstation.com/en-us/support/hardware/ps5/system-software/
Office Updates
One or more of these are likely to be of interest to most people.
Interactive Calendar 2.2 adds color schemes, resolves search issues, improves stability & performance, and fixes several bugs. This is not a security update.
https://www.csoftlab.com/calendar
LibreOffice 7.0.4 resolves over a hundred bugs and is now the new general release. This is not a security update.
https://www.libreoffice.org/
Nextcloud Desktop 3.1.1 resolves dozens of bugs and improves compatibility. This is not a security update.
https://nextcloud.com/
Notepad++ 7.9.2 resolves over three dozen issues including performance and stability. This is not a security update.
https://notepad-plus-plus.org/
Security Software Updates
One or more of these is likely to be of interest to most people.
Tails 4.14 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html
Gpg4win 3.1.15 improves AD support and resolves a random security key selection bug. This is a security update.
https://www.gpg4win.org/download.html
KeePass 2.47 resolves several bugs, improves search and options. This is not a security update.
https://keepass.info/
NSudo 8.0.1 updates libraries and adds translations. This is not a security update.
https://github.com/M2Team/NSudo/releases/latest
RogueKiller 14.8.3 resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/
uBlock Origin 1.32.4 resolves several bugs. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
Wireless Network Watcher 2.23 updates internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2021.1.0 improves transparency handling, scaling improvements, and resolves several bugs. This is not a security update.
https://12pd.com/click?snagit
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.1.5 adds new models and profiles, improved Enlarger AI handling. This is not a security update.
https://www.dvdfab.cn/download.htm
IsoBuster 4.7 adds an option to import and export templates, improved reliability, scanning, and read handling, and resolves several bugs. This is not a security update.
https://www.isobuster.com/download.php
MakeMKV 1.15.4 improves compatibility, implements seamless join of TrueHD streams, and resolves bugs. This is not a security update.
https://www.makemkv.com/download/
Utility Updates
These are unlikely to be of interest to most people.
BulkFileChanger 1.72 adds “Photo – Date Taken” option. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html
CCleaner 5.75.8238 adds import for “Cookies to Keep” option, and resolves several bugs. This is not a security update.
https://www.ccleaner.com/
ControlMyMonitor 1.27 adds switches for turning on, off, and toggling on/off state. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html
Dell Command Update 4.0 adds support for DCH drivers, adds a filter for Security updates, and improves user interface. This is not a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en
DesktopOK 8.38 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
dupeGuru 4.1.0 now uses tabs instead of windows, adds cosmetic fixes and options, and resolves several bugs. This is not a security update.
https://dupeguru.voltaicideas.net/
Etcher 1.5.113 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/
Everything 1.4.1.1003 resolves issues with the exit switch, improves shortcuts and autofocus. This is not a security update.
https://www.voidtools.com/
GoodSync 11.5.4 resolves several bugs. This is not a security update.
https://www.goodsync.com/
IsMyHdOK 2.71 updates language files. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK
LessMSI 1.8.0 improves usability. This is not a security update.
https://lessmsi.activescott.com/
MS ISO Downloader 8.46 adds new builds for Office 2019 for Mac, more Dell models and ISO Tools hash improvements. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool
NTLite 2.0.0.7756 resolves several bugs and improves controls. This is not a security update.
https://www.ntlite.com/download/
Aomei Partition Assistant 9.1 resolves several bugs. This is not a security update.
https://www.diskpart.com/
PointerStick 5.01 improves rendering. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick
Process Monitor 3.61 adds monitoring for various registry APIs and resolves a query output bug. This is not a security update.
https://live.sysinternals.com/
PsExec 2.21 is a security update.
https://live.sysinternals.com/
Sysmon 13.00 adds image tampering events and resolves several bugs. This is not a security update.
https://live.sysinternals.com/
TaskSchedulerView 1.65 adds columns for Task File Created/Modified. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html
TeamViewer 15.13.6 is released – but their changelog is on their community site (forum) which is currently down and redirecting to a third-party site. The new build may be a security update, but I recommend disabling TeamViewer completely for the near future just to be safe.
https://www.teamviewer.com/en/download/windows/
TraceRouteOK 2.31 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK
WakeMeOnLan 1.87 updates the internal MAC addresses database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html
WifiChannelMonitor 1.66 adds option to copy clicked cell and updates MAC addresses file. This is not a security update.
https://www.nirsoft.net/utils/wifi_channel_monitor.html
WifiInfoView 2.67 adds window resizing and pagination to the properties window, and adds wildcard filter support. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html
WinScan2PDF 6.41 improves duplex support. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
WirelessKeyView 2.21 improves display and adds QR Code view (F2). This is not a security update.
https://www.nirsoft.net/utils/wireless_key.html
Developer Updates
These are unlikely to be of interest to most people.
Node.js 12.20.1 is a security update.
https://nodejs.org/en/
Node.js 14.15.4 is a security update.
https://nodejs.org/en/
Node.js 15.5.1 is a security update.
https://nodejs.org/en/
Redemption 5.26.0.5872 adds ability to remember SMTP passwords, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/
Visual Studio Code 1.52.1 resolves several bugs. This is not a security update.
https://code.visualstudio.com/
Web Package Updates
These are likely to be of interest only to web developers.
Docker Desktop 3.0.4 resolves a stability bug. This is not a security update.
https://www.docker.com/products/docker-desktop
Drupal 9.1.2 updates libraries and resolves several bugs. This is not a security update.
https://drupal.org/download
Joomla 3.9.24 is a security update.
https://www.joomla.org/
Nextcloud Server 20.0.4 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/
OpenPetra 2020.12 removes support for SQLite, improves Find, Type Ahead, and resolves several bugs. This is not a security update.
https://www.openpetra.org/
phpList 3.6.0 adds blacklisting hook, and counter limits. This is not a security update.
https://www.phplist.org/
phpMyAdmin 5.0.4 resolves several bugs. This is not a security update.
https://www.phpmyadmin.net/
ConnectWise Control 21.1.2009.7678 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
WordPress 5.6 improves layout flexibility, adds new block patterns, captions, new default theme, and improved auto-update capabilities. This is not a security update.
https://wordpress.org/
Akismet 4.1.8 resolves a couple bugs. This is not a security update.
Autoptimize 2.8.1 resolves several bugs. This is not a security update.
BuddyPress 7.1.0 resolves two bugs. This is not a security update.
Contact Form 7 5.3.2 is a security update.
Social Post Feed 2.18.1 resolves several bugs. This is not a security update.
Interactive World Map 3.1.9 improves compatibility. This is not a security update.
myStickymenu 2.4.9 resolves a couple bugs. This is not a security update.
W3 Total Cache 2.0.1 resolves several bugs. This is not a security update.
Widgets on Pages 1.5.0 is a security update.
WooCommerce 4.9.0 resolves dozens of bugs. This is not a security update.
Show IDs 1.1.6 improves compatibility. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/