Do Not Reuse Passwords

Password security is a growing field and the old conventional wisdom of using a “strong” password and changing it frequently has lead to people using the same “strong” password on many different websites, resulting in their complete identity being hijacked when any one of those sites is compromised.

HaveIBeenPwned (HIBP) is a service that collects data dumps from when websites are hacked and uses the data to provide a service to alert users whenever their accounts are compromised. It’s like a central clearinghouse for account monitoring. Unfortunately, by the time accounts are listed in HIBP it is often years after the account has been hacked and the hackers that originally took the account information have had that entire period to make use of your account details. Many websites store their passwords in plain text, and many of the others that do use password hashing algorithms to store only a mathematical representation of the password and not the password itself neglect to use properly salted hashes, which means that those hashed passwords can often be compared with rainbow tables to effectively convert them to their plain text equivalent. Seeing the passwords that people – still today – continue to use is destroying my hope in humanity. For example, “123456” is used by almost 1% of business professionals for their online social interactions. Dead serious.

The trends on these exposed passwords show that there are very common patterns and weak password consideration is the rule of the day. Few people, and by few I mean I could probably count them on one hand, actually do passwords right. It’s time to take your own security seriously, because the evidence shows that many of those you do business with do not.

Here’s the Problem

Weak passwords you’ve used on service x (Yahoo, for example) will be dumped along with all the other passwords on that hacked service. Those same weak passwords will be tested on service y and service z. And everywhere else. This process is called “password stuffing.”

If you reuse even part of your passwords then you open yourself up to being targeted either randomly or by evil people you may already know. “Script kiddies” live and die by their ability to make an example out of people who they feel have done them harm. You could also become the victim of automated scanners that consume the usernames and passwords from these dumps then try them on every known system from Facebook to Gmail to email to banking services. The passwords will be munged in order to test similar or stylistically equivalent passwords. For example, of the LinkedIn hack, almost 2.5 million accounts (or about 1.5%) used some variant of the site name in their password. Those same accounts probably use some variation of the site name in most of their passwords. This can safely be assumed to be done everywhere, meaning that if you use “linkedin123456” for LinkedIn, there’s a good chance that your Facebook password is “facebook123456”.

So when over a million people used “123456” as their LinkedIn password, not only did it expose that as a very commonly used password, but it demonstrated that those million-plus email addresses tied to those weak passwords were used by people that didn’t take security seriously. If you use a weak password anywhere, chances are good that you use weak passwords elsewhere, if not everywhere. If something as quick and easy as changing a password isn’t done, then you also probably neglect your hardware and software. You’re using older and insecure programs. You’re exposing all of yourself with a single simple decision that you think will make your life easier.

It doesn’t. Reusing even part of a password only makes life easier for whoever attacks you. They can stay in their momma’s basement and spend all day throwing your account details at different sites until they get in. When they do, it doesn’t hurt them, it hurts you. Two or three hijacked accounts, or variations on your passwords from multiple dumps show how you think, and the style and scope of password complexity you use.

Again referring to the 2012 LinkedIn hack, there were over 26,000 variations of passwords that included “12” or “2012” in the password. From this we can imply that users will seed their passwords with the year they changed it. The same accounts are probably still using the same patterns with “2019” or “2020” today.

“Different” !== Strong

Usually these dumps are sold on the black market or used by the original hacker for a while before they’re inevitably released publicly. The data is out there so it’s necessary to use defensive passwords.

You can’t just change a number at the end of your password and possibly think that it’s going to make a difference in your security. The delay it might impose against an organized attacker is less than a single second. You can’t create a strong password by typing random characters on your keyboard. You just can’t. The predictive value of muscle memory, social and cognitive signals, and even keyboard bias result in a relatively small set of potential values for manually-generated passwords.

1337-sp34k offers no additional protection.

Using a strong password is no longer a suggestion. To be secure in the current world you must use a strong, unique, randomly-generated password for any and all sites and services. Failing to do so will result in that password being used as the seed to corrupt your digital life later on. Maybe not today, maybe not tomorrow, but soon, and for the rest of eternity.

The rules used to be pretty simple, but were still never observed:

  • DO NOT use a series of numbers and a word or two. (123badpassword)
  • DO NOT use a word or two and a series of numbers. (badpassword123)
  • DO NOT use a word with numbers breaking it up. (1bad2password3)
  • DO NOT use the site name or URL as any part of the password. (mylinkedinpassword)
  • DO NOT use keyboard sequences like “qwerty” or “123456”.
  • DO NOT use any word or name related to you or your life (pets, family, friends, musicians).
  • DO NOT use dates or other simple patterns.

Unfortunately, these rules are still ignored, and even if they were followed to a T, these rules are no longer sufficient for creating a passwords or passphrases manually. Today, any password you can remember is not a good password. It’s time you put the effort into proper password management.

Fortunately, the new rules are actually simpler:

But my browser remembers my passwords!

All modern browsers (Chrome, Firefox, Edge, Safari) have password management built-in. You can use that in order to generate strong passwords and, while short, they’ll be unique for each site. Unfortunately, since these passwords are stored in the browser they can be extracted by any malicious software that manages to make it onto the device or compromise your browser Sync account, where password managers generally use much stronger encryption.

Websites are still catching up to the reality of password managers

Long passwords, 300 characters or more, are not a problem for your password manager, but they’re probably a problem for the site. BofA limits your password to 20 characters. Yahoo limits your password to 128 characters. Facebook allows much longer passwords, but only requires 6 characters and character case isn’t treated as significant so entropy is significantly reduced, especially for shorter passwords.

Some websites and app logins don’t allow you to copy & paste in the password field which means that they often don’t play well with password managers. Others (like AT&T and Yahoo) refuse to allow certain characters in passwords, so randomly generated passwords have to be manually munged instead of allowing them to be truly random.

Nevertheless, failing to use a password manager means that you’re not using random passwords at all, and are likely reusing passwords to your own peril.

The solution is to get a password manager now and immediately start working to migrate your accounts to it. Almost every password manager today offers password analysis to warn you of weak, reused, and known compromised passwords so you can prioritize changing the passwords for those accounts.

What’s your favorite password manager?

Updates 2020-06-03

Welcome back, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, Mozilla, and many others have triggered an out-of-cycle update.

This Month in Technology

It took Apple over a month to resolve a security issue in their custom OAuth implementation, which would provide app-level access to any site that used Sign in with Apple given only an email address. Facebook and Google both suffered similar XSS issues recently, as did a very popular WordPress plugin.

Not accepting vulnerability reports doesn’t mean the vulnerabilities don’t exist, Apple. Even after vowing now to, Apple is still recording everything you say and do as long as you have Siri enabled.

It still surprises me that people that don’t read the documentation and license agreements still feel the need to sue over their failure to understand how software works. For anyone reading this years from now, browsers load web pages. “Incognito” mode (or any other privacy mode) simply prevents your data from being shared IN THE BROWSER between different sessions. It otherwise does not prevent any websites from operating exactly as they would if you were loading the web page in any other browser. As always, don’t do anything online that you don’t want to be tracked to you. Period.

Even so, eBay, Citibank, TD Bank, Ameriprise, Chick-fil-a, Equifax, and many more websites are performing port scans of visitors computers. If you’re concerned about your privacy, imagine the power companis like eBay and Equifax would have if they collected and consolidated details about every remote support platform installed and used by every visitor to their websites. We’re talking about hundreds of millions of people relying on companies that don’t have the best track record of keeping data safe in the first place.

Veracode reports that about 70% of all mobile and desktop applications contain open-source bugs. This reminds me of one of my favorite computer quotes: Every non-trivial program contains at least one bug. Every non-trivial program can be simplified by at least one line of code. The conclusion of the last two laws: Every non trivial program can be simplified to one line of code, and it will contain a bug.

A widely used EU Cookie Consent image is being used to distribute malware. Directly linking to third-party scripts and images has some serious long-term drawbacks.

As was expected by anyone that can math or understand science, suicide (as a result of the government lockdown) has killed more in California than the plandemic COVID-19. This is, of course, after churches are being burned to the ground for daring to try to serve the same people that currently frequent Walmart, Target and Lowes.

The Spectra exploit demonstrates just how easy it’s going to be to abuse the GACT/Contact Tracing services on many devices.

Now for the good news:

Windows 10 v2004 has been released. Make sure you’ve installed v1909 recently so you won’t be forced into the new build before they work out the bugs. I don’t see a lot of differences between v2004 and v1909 that most people would benefit from, anyway, but these releases tend to take a couple months to work out most of the bugs. For example, many Windows policies are erased during the upgrade which can result in local accounts being forced into using inescapable Microsoft accounts for users that don’t understand that “not now” is an option.

Let’s Get Busy

Apple released updates for macOS Catalina 10.15.5, macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra, Windows Migration Assistant 2.2.0.0, iCloud for Windows 7.19, iCloud for Windows 11.2, Safari 13.1.1, Xcode 11.5, iOS 13.5.1, iPadOS 13.5.1, tvOS 13.4.6, watchOS 5.3.7, watchOS 6.2.6, and iTunes 12.10.7. These are security updates.

iOS 13.5.1 and 12.4.7 are security updates. Use Settings, General, Software Update to install the most current version. This version also adds the Orwellian contact tracing feature at the system level. While “disabled” by default, you may validate that it is disabled in Settings, Privacy, Health, COVID-19 Exposure Logging, and turn off Exposure Logging.

iPadOS 13.5.1 is a security update. Use Settings, General, Software Update to install the most current version.

tvOS 13.4.6 is a security update. Use Settings, General, Updates to install the most current version.

watchOS 5.3.7 and 6.2.6 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Google has released security updates for Android 9 and 10 which will gradually be published by individual vendors and available to you in the coming weeks. This version also adds the Orwellian contact tracing feature. Disabling Location and Bluetooth will disable the current version of contact tracing.

Google Chrome OS 83.0.4103.77 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.5 resolves an AMD audio bug. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 20.6.22 improves OEM device support, performance and resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Logitech Options 8.20.329 adds support for Edge and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

nVidia 446.14 improves VRSS in Onward and resolves several stability, performance, and battery life issues. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.9.76 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 83.0.4103.97 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 83.0.478.44 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Firefox 77.0 and 77.0.1 are security updates. Use Menu, Help, About to install the most current version.

Firefox ESR 68.9.0 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.7.8 is a security update.
https://getmailspring.com/

OutlookAttachView 3.40 changes the Image Preview feature to Preview Pane which will show other attachment types than images. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian 6.3.0.5 resolves @mentions. This is not a security update.
https://www.trillian.im/

Trillian Mac 6.3.0.3 resolves a tooltip bug and removes some unused entitlements. This is not a security update.
https://www.trillian.im/

FileZilla Client 3.48.1 is not a security update.
https://filezilla-project.org/

FreeFileSync 10.24 resolves several bugs, improves compatibility, adds new macros and improves error handling. This is not a security update.
https://www.freefilesync.org/download.php

Zoom 5.0.26213.0602 resolves several bugs, enables GIPHY, improves privacy controls and admin controls, improves unmute behavior, and adds waiting room ringtone. This is not a security update.
https://zoom.us/

WinSCP 5.17.6 resolves several bugs. The installation package is a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.10.7 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.06.01 adds “Play Next”, direct IP connectivity for Remote Play, P2P improvements, and resolves several bugs. This is not a security update.

PlayStation PS4 7.51 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 20.009.20067 resolves several stability and reliability issues. This is not a security update. Use Help, Check for updates to get the most current version.

Atom 1.47.0 updates libraries and resolves several bugs. This is not a security update.
https://atom.io/

Audacity 2.4.1 resolves several bugs. This is not a security update.
https://www.fosshub.com/Audacity.html

LibreOffice Fresh 6.4.4 resolves nearly 100 bugs. This is not a security update. Be advised that “Fresh” is the beta version and should be avoided by most people.
https://www.libreoffice.org/

Lightworks NLE 2020.1 resolves hundreds of bugs and adds several new features. This is not a security update.
https://www.lwks.com/

Paint.net 4.2.12 resolves several bugs and improves metadata export between formats. This is not a security update.
https://www.getpaint.net/

MyPaint 2.0.1 resolves several bugs, including a repetitive load image quality loss bug. This is not a security update.
https://github.com/mypaint/mypaint/releases/latest

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.5.0 updates the RKSvc, core engine, and resolves several bugs. This is not a security update.
https://www.adlice.com/download/roguekiller/

uBlock Origin 1.27.10 resolves several bugs. This is not a security update.

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.24.2 resolves FFmpeg compatibility. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.9 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

DesktopOK 7.27 adds delete confirmation. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Easy2Boot 2.03 resolves several bugs and updates libraries. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

Etcher 1.5.96 updates libraries and resolves several bugs. This should be treated as a security update.
https://www.balena.io/etcher/

GoodSync 11.2.0 improves compatibility and stability. This is not a security update.
https://12pd.com/click?goodsync

MPI Tool Kit 0.099 doesn’t provide a changelog so should be treated as a security update.
https://www.fosshub.com/Easy2Boot.html

MS ISO Downloader 8.37 adds images for developer and insider releases of Win10 build 19628, Office 2016/2019 for Mac, and resolves accessibility issues. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

PointerStick 4.11 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

PowerToys 0.18.1 adds Run and Keyboard manager, and resolves several bugs. This is not a security update.
https://github.com/microsoft/PowerToys/releases/latest

TeamViewer 15.6.7 improves performance of multi-participant sessions, allows disabling the Outlook add-in during installation, and resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WakeMeOnLan 1.86 updates the internal MAC address database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WinScan2PDF 5.41 improves detection of multi-function devices. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.33 resolves network drive access issues, improves export/import accuracy, and resolves several bugs. This is not a security update.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

ControlMyMonitor 1.26 now displays an error code if unable to parse settings from the display. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

Cygwin 3.1.5 adds support for WSL symlinks and resolves several bugs. This is not a security update.
https://cygwin.com/

DesktopOK 7.41 resolves installation and removal bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DevManView 1.67 adds an option to uninstall the selected device. This is not a security update.
https://www.nirsoft.net/utils/device_manager_view.html

FileLocator Pro 8.5.2946 resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download

NetworkInterfacesView 1.21 adds Interface LUID column. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

Bitcoin 0.20.0 improves reliability and stability, removes dependency on OpenSSL, and resolves several bugs. This is not a security update.
https://bitcoin.org/en/download

NTLite 1.9.0.7490 adds several new setting controls and resolves several bugs.
https://www.ntlite.com/download/

WinScan2PDF 5.51 improves translations. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Windows 10 Media Creation Tool v2004 is now available. This is not a security update.
https://www.microsoft.com/en-us/software-download/windows10

Developer Updates

These are unlikely to be of interest to most people.

ADB 30.0.0 adds support for wireless pairing, incremental APK installation, client-side support for compression of various commands with Android 11, and improves performance. This is not a security update.
https://developer.android.com/studio/releases/platform-tools

Inno Setup 6.0.5 is a security update.
https://www.jrsoftware.org/isdl.php

Node.js 14.4.0 resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.18.0 is a security update.
https://nodejs.org/en/

Android Studio 4.0.0.16 is a major update and adds several new features and improvements. This is not a security update.
https://developer.android.com/studio

SQLite 3.32.1 is a security update.
https://www.sqlite.org/download.html

TortoiseSVN 1.14.0 resolves several bugs. This is not a security update.
https://tortoisesvn.net/downloads.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.8-137981 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.9.0 is the final minor build of the 8.x series and updates libraries and resolves several bugs. Drupal 8.8.6 and 8.7.14 are security updates.
https://drupal.org/download

HumHub 1.5.2 resolves over 25 bugs. This is not a security update.
https://www.humhub.com/en/download

Nextcloud Server 19.0.0 adds document collaboration to video chats, password-less login, performance improvements, guest groups and more. This should be treated as a security update.
https://nextcloud.com/

Joomla 3.9.19 is a security update.
https://www.joomla.org/

phpList 3.5.4 is a security update.
https://www.phplist.org/

ScreenConnect 20.5.28493.7445 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Autoptimize 2.7.2 resolves several bugs. This is a security update.

BuddyPress 6.0.0 is a major update adding several new features and resolving many bugs. This is a security update.

Contact Form 7 5.1.9 resolves several bugs. This is not a security update.

myStickymenu 2.4.1 is a cosmetic update. This is not a security update.

Postie 1.9.52 resolves a category parsing bug. This is not a security update.

WooCommerce 4.2.0 resolves dozens of bugs. This is not a security update.

bbPress 2.6.5 doesn’t provide a changelog so should be treated as a security update.

Redirection 4.8 resolves two minor bugs and adds importer. This is not a security update.

Social Post Feed 2.15.1 adds several new features. This is not a security update.

Theme My Login 7.1 adds a new dashboard action, improves performance and resolves several bugs. This is not a security update.

W3 Total Cache 0.14.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-04-01

Happy April Fools’ Day, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, and others have triggered an out-of-cycle update.

This Month/Week in Technology

The FCC announced that by July 2021 every US phone company (landline and mobile) must adopt STIR/SHAKEN which will massively reduce the amount of robocalls and phone spam people receive and ensure that call blocking features work as intended.

Microsoft has rebranded Office 365 to Microsoft 365 and is launching more features and cross-platform monitoring across the system. Is this the next step towards Windows-as-a-Service?

Dell and HP Enterprise have issued updates for the runtime bug in certain Enterprise solid-state drives (SSDs) that will begin bricking them in only a couple months.

The latest to jumping on the virus-free-trial bandwagon is Plex.

The country of Georgia has been hacked, with data on almost every citizen being posted online.

How bad are companies at dealing with ransomware? Most corporations and governments just give in and negotiate the ransom. Others pay insurance through companies like Chubb, a cyber-insurer for this type of thing. Can a company insure itself?

For a couple days, the latest builds of iOS and macOS wouldn’t let you search for a “+” sign. This is more common than you might think, and one of the pieces of advice in my Selecting the Perfect Domain” guide.

#3 Don’t use any strange characters

CloudFlare’s 1.1.1.1 public DNS resolver received glowing marks in a recent study. While it’s very private and fast, it doesn’t provide built-in security as does OpenDNS, though.

Now for the good news:

Even the scientist most cited for his chicken-little response to COVID-19 has reversed course and said he over-estimated lethality and virulence.

Let’s Get Busy

Microsoft released an out-of-cycle update to address connectivity problems for VPN users. If you’re using a VPN, use Windows Update to install the most current version.

Apple released security updates for iCloud for Windows 7.18 and iCloud for Windows 10.9.3. Use Apple Software Update to install the most current versions.

Google Chrome OS 80.0.3987.158 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.3 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.162 is a security update. Use Menu, Help, About to get the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

WinSCP 5.17.3 is a security update.
https://winscp.net/eng/index.php

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.03.26 resolves several bugs. This is not a security update.

PlayStation PS3 4.86 improves system performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps3/

Office Updates

One or more of these are likely to be of interest to most people.

Krita 4.2.9 adds Airbrush and Ratio controls to the Color Smudge brush, and resolves 70 bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.4.0 resolves several bugs, improves compatibility and adds warnings to certain scans.
https://www.adlice.com/download/roguekiller/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.2 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.8 improves data synchronization, Windows Hello integration, and resolves several bugs. This is not a security update.
https://12pd.com/click?rf

GoodSync 10.11.4 resolves several bugs and improves compatibility. This is not a security update.
https://12pd.com/click?goodsync

DesktopOK 6.91 improves compatibility with the next build of Windows. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

NetworkInterfacesView 1.20 adds option to open device properties window with F2. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

PSAppDeploy 3.8.1 adds Repair action and new installation controls, and resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

MS ISO Downloader 8.34 adds several new ISOs. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

WinScan2PDF 5.25 resolves a TWAIN bug under Windows 10 x64. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 3.6.2.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio/index.html

Node.js 13.12.0 improves build notarization for macOS, upgrades libraries, adds option to disable proto to CLI, moves diagnostic reports to stable, and now allows URL in worker constructor. This is not a security update.
https://nodejs.org/en/

Web Package Updates

These are likely to be of interest only to web developers.

OpenPetra 2020.03 resolves the PDF printing bug, as well as several other bugs. This is not a security update.
https://www.openpetra.org/

WordPress 5.4 improves the block editor, adds Social Icons and Buttons, gradients to Buttons and Cover block, color options to Group, Columns, and Rich Text, improved consistency, as well as many developer and privacy improvements. This is not a security update.
https://wordpress.org/

Postie 1.9.45 resolves an email notification bug. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Custom Facebook Feed 2.13 adds a Block. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2019-10-08

Hi, Folks!

Today is Patch Tuesday for October 2019 and it’s pretty mild for anyone not using Apple products.

The next build of Windows 10, version 1909, will be released any time. This version will be minor compared to other Windows 10 upgrades and should be nearly indistinguishable from 1903. If you’re running 1903 now installing 1909 should have no negative impact. If you’re running an older version I recommend upgrading to 1903 before switching to 1909.

Windows 7 will fall completely out of support in only 3 months. Don’t run out the clock. If you are running a licensed version of Windows 7 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Get it done before it’s too late. Don’t want to do it yourself? Call me!
https://saferpc.info/contact/

This month we learned that sometimes the weakest link is support. ZenDesk, central to support for more than 120,000 companies from Airbnb to MailChimp to Vimeo, was hacked in 2016 and discovered it only last week. They’re doing things right: public exposure, contacting customers, describing the chain of events, getting outside help to research and resolve their issues. Unfortunately, this doesn’t eliminate the problems for the approximately 25% of their customers that were exposed in this breach.

Now back to our regularly scheduled program. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, .NET, Edge, Internet Explorer, and MSRT (~ 1.1 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Catalina 10.15, macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra, iCloud for Windows 10.7, iCloud for Windows 7.14, iTunes for Windows 12.10.1, iOS 12.4.2, iOS 13.1.2, iPadOS 13.1.2, Safari 13.0.1, Xcode 11.0, tvOS 13, and watchOS 6.0.1. These are security updates. Use Apple Software Update to install the most current versions.

macOS Catalina (10.15) is available! This is a large download and will take between 2 and 4 hours to install on most hardware. The release of macOS Catalina (10.15) means that macOS Sierra (10.12) is now no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

iOS 12.4.2 and 13.1.2 are security updates. Use Settings, General, Software Update to install the most current update.

watchOS 6.0.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 13.0 is a security update. Use System, Software Update to install the most current version.

Google Chrome OS 77.0.3865.105 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) is now no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (1903) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6 GB through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.1.9 improves cleanup, system restore, and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 19.9.38 improves device detection. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 436.48 adds support for newer hardware and improves performance. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 77.0.3865.90 is a security update. Use Menu, Help, About to get the most current version.

Firefox 69.0.2 resolves several bugs, but follows shortly on the heels of 69.0.1, which was a security update. Use Menu, Help, About to get the most current version.

Vivaldi 2.8.1664.40 resolves several bugs. This is not a security update.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.1.1 is a security update. Use Menu, Help, About to get the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Prosody 0.11.3 resolves several bugs and improves reliability. This is not a security update.
https://prosody.im/download/start

Trillian 6.2.0.12 resolves several bugs. This is not a security update.
https://www.trillian.im/

aria2 1.35.0 updates libraries and resolves several bugs. This is a security update.
https://aria2.github.io/

BrowsingHistoryView 2.25 adds support for Waterfox. This is not a security update.
https://www.nirsoft.net/utils/browsing_history_view.html

DNSDataView 1.60 adds TTL. This is not a security update.
https://www.nirsoft.net/utils/dns_records_viewer.html

FileZilla Client 3.45.1 resolves several bugs and adds stale version detection. This should be treated as a security update.
https://filezilla-project.org/

MaxMind GeoIP2 201910 is a data refresh.
http://dev.maxmind.com/geoip/

PuTTY 0.73 is a security update.
https://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

WinSCP 5.15.4 is a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

MusicBrainz Picard 2.2.2 resolves dozens of bugs and adds several new features. This is not a security update.

Flickr Downloadr 3.2.3.1 resolves a JSON length bug. This is not a security update.

iTunes 12.10.1 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

Steam 2019.09.19 resolves a beta bug. This is not a security update. Use Steam to update Steam.

PlayStation PS4 7.00 is a major update that doubles the size limit of parties to 16, improves networking, adds chat transcription, improves voice audio, adds Remote Play to more devices, and resolves several bugs. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps4/

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 7.0.2 improves online update and error reporting, resolves several bugs. This is not a security update.
http://www.artweaver.de/

Krita 4.2.7.1 resolves several bugs, improves color selector, layer controls, and adds new brushes. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.3.2 resolves dozens of bugs. This is not a security update. (“Fresh” is the Beta version so stick with “Still” unless you don’t mind stability issues.)
https://www.libreoffice.org/

OpenOffice 4.1.7 resolves several bugs and adds support for OpenJDK. This is not a security update.
http://www.openoffice.org/download/

Paint.net 4.2.5 adds support for WebP format and resolves several bugs. This is not a security update.
https://www.getpaint.net/

Adobe DNG Converter 11.4.1 adds support for newer hardware. This is not a security update.
macOS: https://supportdownloads.adobe.com/detail.jsp?ftpID=6743
Windows: https://supportdownloads.adobe.com/detail.jsp?ftpID=6741

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.0.2t is a security update.
https://indy.fulgan.com/SSL/

RogueKiller 13.5.2 resolves several bugs, improves performance for large files, and improves stability. This is not a security update.
https://www.adlice.com/softwares/roguekiller/

Wireless Network Watcher 2.21 updates the internal MAC database. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

PureOS 9.0 is a new major release of PureOS, updates libraries, dependencies and forging the way for the final release of the Librem 5. This is a security update.
https://pureos.net/download/

Converter Updates

These are unlikely to be of interest to most people.

MKVToolnix 38.0.0 resolves several bugs, improves immutability, adds new default output (console) to mkvextract. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

DVDFab 11.0.5.3 adds support for new encodings, updates libraries, resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Education updates

One or more of these are likely to be of interest to most people.

e-Sword 12.1 updates the downloader to support eStudySource. This is not a security update.
https://www.e-sword.net/

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.3.712 resolves several bugs, adds support for new features. This is a security update.
https://1password.com/downloads/windows/

Agent Ransack 2019.2929 is a major update that adds high-DPI support, improves performance, improves PDF search, resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/

BgInfo 4.28 doesn’t provide a changelog, so should be treated as a security update.
https://live.sysinternals.com/

Sysmon 10.41 resolves a configuration parsing bug. This is not a security update.
https://live.sysinternals.com/

DesktopOK 6.59 resolves several bugs and improves color detection. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Etcher 1.5.57 resolves a startup bug. This is not a security update.
https://www.balena.io/etcher/

FolderChangesView 2.30 adds “*.” support to include/exclude files without filenames. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

GoodSync 10.10.9 resolves several bugs and updates cipher list. This is a security update.
https://12pd.com/click?goodsync

NTLite 1.8.0.7165 adds new features, updates translations, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 7.0.1004 adds clipboard viewer, AmCache viewer, auto triage, VM improvements, improved indexing, and resolves several bugs. This is not a security update.
https://www.osforensics.com/download.html

Password Security Scanner 1.46 improves reliability and adds support for Waterfox. This is not a security update.
https://www.nirsoft.net/utils/password_security_scanner.html

Recover Keys 11.0.4.233 adds support for over 1,000 new applications. This is not a security update.
https://recover-keys.com/en/download.html

RoboForm 8.6.1 impose periodic Master Password check, add difference check to Backup/Restore, add import from Sticky Password, resolves several bugs. This is not a security update.
https://12pd.com/click?rf

Rufus 3.8 resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

SearchMyFiles 3.05 adds support to specify time range in GMT. This is not a security update.
https://www.nirsoft.net/utils/search_my_files.html

WakeMeOnLan 1.85 updates the internal MAC database. This is not a security update.
https://www.nirsoft.net/utils/wake_on_lan.html

WifiInfoView 2.47 updates the internal MAC database. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 5.01 improves drag and drop page re-order feature, multiformat output, adds support for multiple scan operations. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WSUS Offline 11.8.1 improves detection of updates and resolves supersedence issues. This is not a security update.
http://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

AutoHotkey 1.1.31.00 adds Switch and InputHook, improves support for long paths, and resolves several bugs. This is not a security update.
https://www.autohotkey.com/download/

Android Studio 3.5.1.0 resolves several bugs. This is not a security update.
https://developer.android.com/studio/index.html

Node.js 12.11.1 resolves several bugs. This is not a security update.
https://nodejs.org/en/

SQLite 3.30.0 adds support for aggregate filters, NULLS FIRST/NULLS LAST in order by, improves index, and resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

PPSSPP 1.9.3 resolves several bugs. This is not a security update.
https://ppsspp.org/downloads.html

Web Package Updates

These are likely to be of interest only to web developers.

YOURLS 1.7.4 is a security update.
https://yourls.org/

Drupal 8.7.8 is a security update.
https://drupal.org/download

Joomla 3.9.12 is a security update.
https://www.joomla.org/

Nextcloud Server 17.0.0 adds remote wipe, improved 2FA, secure view, one-time login tokens, secure mailbox Outlook Add-in, and resolves several bugs. This is not a security update.
https://nextcloud.com/

Adobe ColdFusion 2018.5 and 2016.12 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html

phpList 3.4.6 resolves several bugs. This is not a security update.
http://www.phplist.com/download

phpMyAdmin 4.9.1 resolves several bugs. This is a security update.
http://www.phpmyadmin.net/home_page/news.php

BuddyPress 5.0.0 adds BP REST API, group invites, group membership requests, improved WP integration, and resolves several bugs. This is not a security update.

Smash Balloon Social Post Feed 2.11 (was Custom Facebook Feed) adds several new options, restores FB group access, and updates FB API to v4.0. This is not a security update.

myStickymenu 2.2.3 updates Pro features. This is not a security update.

Redirection 4.4.2 resolves several bugs. This is not a security update.

W3 Total Cache 0.10.1 resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Updates 2019-02-12

Happy Valentine’s Day, Folks!

Show her how much you care with a subscription to SaferPC!
https://saferpc.info/updates/

Today is Patch Tuesday and it’s a big one. Alongside every major vendor updates, nearly all mobile platforms have major updates over the last month to address security issues with WiFi and a lot of hardware has hit, or is nearing, end-of-life (EOL).

This month Nvidia drops support for the entire Fermi line of GPUs including everything from the GeForce, GT and GTX models 4xx up to 8xx. If your video card falls in line with these models you should consider replacing the card or the device. While it will continue to operate it can no longer be secured.

Windows 7 is nearing EOL. It will be supported for less than a year from this posting. If you’re still using Windows 7 you need to start actively looking for alternatives. Windows 10 is a seamless upgrade for most, but switching to Linux is also a viable option for others.

The last couple weeks has seen Firefox 65 severely stumble as a result of Avast’s poorly designed MITM “security feature,” Apple’s FaceTime being abused to listen in to call recipients, whether they answer or not, and Facebook paying children to install an “anything-but-private” VPN. While each of these is a horrible abuse of trust, their supporters quickly dismiss the severity of the issues because they’re large companies. That’s not the way it works. The larger the company, the more thought and process went into each and every decision. If anything, this demonstrates exactly why these companies should never be trusted.

The typical computer should see roughly 1.5 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Flash, Edge, .NET, and MSRT (~500MB). This includes security updates. A reboot is required.

Apple released updates for iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, Shortcuts 2.1.3 for iOS, Safari 12.0.3, watchOS 5.1.3, tvOS 12.1.2, iTunes 12.8.2 for Mac, Pro Video Formats 2.1, iCloud for Windows 7.10, and iTunes 12.9.3 for Windows. This includes security updates. Use Apple Software Update to install these updates. A reboot is required.

iOS 12.1.4 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 5.1.3 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 12.1.2 is a security update. Use System, Software Update to install the most current version.

Adobe Flash Player 32.0.0.142 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 72.0.3626.97 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of Windows 10 (1809) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6 GB through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information. Windows 10 v1903 will be available within the next 6 weeks, and if you don’t have 1809 by then, it will be forced on you.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.0.8 resolves several bugs and improves compatibility. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver Update 19.1.4 resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 418.81 adds support for newer hardware and benchmark testing of DLSS. This is not a security update.

Logitech SetPoint 6.69.123 resolves several bugs. This is not a security update.
https://support.logitech.com/en_us/software/setpoint

Browser Updates

One or more of these are likely to be of interest to everyone.

Vivaldi 2.3.1440.41 adds several new features and bug fixes. This is a security update.
https://vivaldi.com/

Google Chrome 72.0.3626.96 is a security update. Use Menu, Help, About to install the most current version.

Firefox 65.0 is a security update, and is sadly unreliable due to several factors. The next build, due any time, will add MITM detection to resolve issues with poorly designed security products like Avast. Use Menu, Help, About to install the most current version.

Firefox ESR 60.5.0 is a security update. Use Menu, Help, About to install the most current version.

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.5.6 resolves several bugs and improves mail setup for certain ISPs. This is not a security update.
https://getmailspring.com/

Thunderbird 60.5.0 is a security update. Use Menu, Help, About to install the most current version.

NK2Edit 3.39 resolves a cosmetic bug. This is not a security update.
https://www.nirsoft.net/utils/outlook_nk2_edit.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Prosody 0.11.2 resolves several bugs. This is not a security update.
https://prosody.im/download/start

Skype 8.37.0.98 improves notifications, keyboard shortcuts, and status controls. This is not a security update.
https://12pd.com/click?skype

Evernote 6.17.6.8292 improves templates, notebook management, and resolves bugs. This is not a security update.
https://www.evernote.com/

FileZilla Client 3.40.0 is a security update.
https://filezilla-project.org/

FreeFileSync 10.9 resolves several bugs and extends several Windows and macOS features to Linux. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP 201902 is a data refresh.
https://dev.maxmind.com/geoip/

Npcap 0.99-r9 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Technitium DNS Server 2.4 resolves several bugs and adds new features, including identifying source blocklists with a TXT record and import/export. This is not a security update.
https://technitium.com/dns/

Media Updates

These are unlikely to be of interest to most people.

VLC Media Player 3.0.6 resolves several bugs. This is not a security update.
https://www.videolan.org/vlc/

MusicBrainz Picard 2.1.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/

FastStone Viewer 6.9 adds support for M2TS, file properties shortcut, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.34.21025 resolves several bugs. This is not a security update.
https://www.origin.com/en-us/download

Steam 2018.02.01 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader DC 19.010.20091 is a security update. Use Help, Check for Updates to get the most current version.

Artweaver 6.0.10 resolves several bugs. This is not a security update.
https://www.artweaver.de/

IcoFX 3.3 adds light and dark modes, monochrome theme, corner rounding, touch support, and resolves several bugs. This is not a security update.
https://icofx.ro/

LibreOffice Still 6.1.5 provides nearly 80 bug fixes and improvements. This is not a security update.
https://www.libreoffice.org/

LibreOffice Fresh 6.2.0 is the first release of the new Fresh line and resolves almost 250 bugs from the previous build. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.6.3 is a security update. This version reverses all of the annoying plugin changes since 7.6 and adds Markdown support.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

QubesOS 4.0.1 is a security update.
https://www.qubes-os.org/downloads/

Java 8u201 is a security update. If you are unsure whether you need Java or think that Java and JavaScript are the same thing, you should remove Java instead.

DNSQuerySniffer 1.73 resolves a cosmetic bug and adds an option to disable header line in export data. This is not a security update.
https://www.nirsoft.net/utils/dns_query_sniffer.html

Avast! Home Edition 19.2.2364 is a bug-fix release. However, I strongly advise you to consider any other AV since Avast performs MITM attacks against all secure websites. Among other things, it will inevitably result in their root certificate being exploited to infect everyone that uses Avast.

Wireshark 2.6.6 is a security update.
https://www.wireshark.org/

IISCrypto 3.0 adds support for new OS, improves controls and strict template, and resolves several bugs. This should be treated as a security update.
https://www.nartac.com/Products/IISCrypto/Default.aspx

RogueKiller 13.1.4 improves stability and reliability, updates libraries, and exclusion controls. This should be treated as a security update.
https://www.adlice.com/softwares/roguekiller/

SuperAntiSpyware 8.0.1030 doesn’t have a valid changelog, so should be treated as a security update.
https://www.superantispyware.com/download.html

TDSSKiller 3.1.0.26 adds new malware detection and removal. This should be treated as a security update.
https://support.kaspersky.com/viruses/utility#TDSSKiller

Wireless Network Watcher 2.20 resolves a device association bug. This is not a security update.
https://www.nirsoft.net/utils/wireless_network_watcher.html

Converter Updates

These are unlikely to be of interest to most people.

CDex 2.14 resolves several bugs. This is not a security update.
https://cdex.mu/?q=download

DVDFab 11.0.1.5 adds support for new encodings and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

NTLite 1.7.2.6717 adds support for new OS, updates components and resolves several bugs.
https://www.ntlite.com/download/

1Password for Windows 7.3.657 resolves an upgrade bug and several crash issues. This is not a security update.
https://1password.com/downloads/windows/

8GadgetPack 28.0 resolves several bugs and updates all included gadgets. This is not a security update.
https://8gadgetpack.net/

Beyond Compare 4.2.9.23626 resolves several OneDrive compatibility issues and resolves folder timestamp comparison bug. This is not a security update.
https://www.scootersoftware.com/download.php?zz=dl4

DesktopOK 6.03 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Everything 1.4.1.932 resolves several bugs. This is not a security update.
https://www.voidtools.com/

GoodSync 10.9.23 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

HWMonitor 1.39 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html

ImageUSB 1.4.1001 resolves issues with writing to bit-locked drives and other bugs. This is not a security update.
https://www.osforensics.com/tools/write-usb-images.html

IsMyHdOK 1.64 resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

SimpleWMIView 1.35 adds support for class auto-completion. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

TcpLogView 1.31 resolves a log file compatibility bug. This is not a security update.
https://www.nirsoft.net/utils/tcp_log_view.html

USBDeview 2.79 adds always-on-top option. This is not a security update.
https://www.nirsoft.net/utils/usb_devices_view.html

WifiInfoView 2.42 updates internal MAC addresses file and resolves SSID mapping bug. This is not a security update.
https://www.nirsoft.net/utils/wifi_information_view.html

WinScan2PDF 4.71 now preserves window location and adds open/edit options. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.28 resolves two filter bugs. This is not a security update.
https://antibody-software.com/web/software/software/wiztree-finds-the-files-and-folders-using-the-most-disk-space-on-your-hard-drive/

Developer Updates

These are unlikely to be of interest to most people.

MySQL 8.0.15 resolves over 300 bugs, adds dual-password support and updates libraries. This is not a security update.
https://www.mysql.com/downloads/installer/

Node.js 11.9.0 updates libraries and resolves dozens of bugs. This is a security update.
https://nodejs.org/en/

Redemption 5.19.0.5248 resolves several bugs and improves compatibility with Outlook 2019. This is not a security update.
http://www.dimastr.com/redemption/

SQLite 3.27.1 resolves several bugs and improves security enforcement. This is a security update.
https://www.sqlite.org/download.html

DB Browser for SQLite 3.11.0 is now released in MSI format for Windows and provides dozens of other improvements and bug fixes. This is not a security update.
https://sqlitebrowser.org/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.0.4-128413 adds support for additional hardware, resolves several bugs, and improves stability. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

ScreenConnect 6.9.21691.6956 resolves several stability bugs. This is not a security update.
https://www.screenconnect.com/Download

Joomla 3.9.3 is a security update.
https://www.joomla.org/

TinyMCE 5.0.0 is a major new update with dozens of new features and controls. This is not a security update.
https://www.tiny.cloud/get-tiny/

Drupal 8.6.9 resolves several bugs. This is not a security update.
https://drupal.org/download

Nextcloud Server 15.0.4 resolves several bugs. This is not a security update.
https://nextcloud.com/

phpMyAdmin 4.8.5 is a security update.
https://www.phpmyadmin.net/home_page/news.php

Adminer 4.7.1 resolves several bugs. This is not a security update.
https://www.adminer.org/en/

WordPress 5.0.3 resolves over 40 issues, mostly with the new block editor. This is not a security update.
https://wordpress.org/

Akismet 4.1.1 improves responsiveness. This is not a security update.

Antispam Bee 2.9.1 resolves several bugs and improves reliability. This is not a security update.

Postie 1.9.28 resolves several bugs. This is a security update.

Redirection 3.7.3 adds PHP warnings and resolves several bugs. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.3 is a security update.

W3 Total Cache 0.9.7.2 resolves many bugs and compatibility issues. This is not a security update.

WooCommerce 3.5.4 resolves dozens of bugs. This is not a security update.

WP Add Custom CSS 1.1.4 resolves a compatibility issue. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/