Why you should delay iOS upgrades

Today is September 9th, 2017 and iOS 11 was released! Yay! This version has several new features that Apple fanboys are going gaga over. It’s exciting, it’s new, and in about a month you should install it on your device. For years I have advocated that major iOS upgrades should be delayed at least 3 weeks. Why? Math.

This simple timeline demonstrates Apple’s history with patches for iOS upgrades:

1.0.1 was released 32 days after 1.0.0. It was a security update.
1.1.1 was released 13 days after 1.1.0. It was a major stability update.
2.0.1 was released 14 days after 2.0.0. It was a major stability update.
2.1.1 was released 3 days after 2.1.0. It was a security update.
3.0.1 was released 44 days after 3.0.0. It was a security update.
3.1.1 was released the same day as 3.1.0. It was a security update.
3.1.2 was released 29 days after 3.1.1. It was a major stability update.
4.0.1 was released 24 days after 4.0.0. It was a major stability update.
4.3.1 was released 16 days after 4.3.0. It was a security update.
5.0.1 was released 29 days after 5.0.0. It was a security update.
5.1.1 was released 61 days after 5.1.0. It was a security update.
6.0.1 was released 61 days after 6.0.0. It was a security update.
6.1.1 was released 9 days after 6.1.0. It was a major stability update.
7.0.1 was released 1 day after 7.0.0. It was a security update.
7.0.2 was released 7 days after 7.0.1. It was a security update.
7.1.1 was released 43 days after 7.1.0. It was a major stability update.
8.0.1 was released 7 days after 8.0.0. It was a security update – and was so bad they pulled it.
8.0.2 was released 1 day after 8.0.1. It was a major stability update.
8.1.1 was released 28 days after 8.1.0. It was a security update.
8.4.1 was released 44 days after 8.4.0. It was a security update.
9.0.2 was released 14 days after 9.0.0. It was a security update.
9.2.1 was released 133 days after 9.2.0. It was a security update.
9.3.1 was released 10 days after 9.3.0. It was a major stability update.
10.0.2 was released 10 days after 10.0.0. It was a stability update.
10.1.1 was released 7 days after 10.1.0. It was a security update.
10.2.1 was released 42 days after 10.2.0. It was a security update.
10.3.1 was released 7 days after 10.3.0. It was a security update.

11.0.0 was released today. How long do you think it will be before they release their mandatory security update?

With history as our guide, we can safely assume it’s going to be roughly 26 days before they release whatever security update is required of the first major release of iOS 11.

Looking at the numbers we can also see that fixes for major updates are released on average 21 days after the initial major version (n.0.x), where minor version fixes average closer to 30 days after the release of the minor version (n.n.x). If we remove the outlier (9.2.1) because it’s over 4 months and double any other period, the averages become 20 days for serious patches to major updates and 22 days for serious patches to minor updates. Again: 21 days – three weeks – becomes the minimum average for your safety.

That means you should expect a security update for iOS 11 around October 10th, 2017. Be patient. The privacy you save will be your own.

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Windows 10 Upgrade: T-minus-10

Time is running out!

Microsoft’s free upgrade offer for Windows 10 ends on the 29th. That’s only 10 days away.

If you want to install Windows 10 you need to get on the ball. I can either do it for you (recommended) which will ensure that all the security and privacy settings are set the way I recommend, or I can provide you with the installation media to install the upgrade yourself, which will make it possible to upgrade on a slower connection. If you opt to install it yourself, be aware that there will be roughly 1.5gb of updates necessary to install after the Windows 10 installation completes.

I only charge for the media ($5/dvd or $12/usb) if you plan to do it yourself, or you can bring your computer to me and I can extract the installer onto your computer at no charge.

I’m having a special right now for Windows 10 Upgrades. For $50 I’ll perform an abbreviated system diagnostics, install the Windows 10 upgrade, install Windows updates and all other necessary software updates (even for software other than Windows itself). I then tune Windows for privacy and security to reduce unnecessary exposure, improve your security and minimize bandwidth consumption (very important for slow connections). If I discover other issues (such as malware, failing hardware or licensing problems) then those could incur additional costs. I will, of course, contact you before doing anything that would incur additional costs.

This offer requires you to bring the computer to me for the upgrade. I have a very fast Internet connection, which makes the upgrade process very smooth, but it still takes between 4-6 hours for most computers. In order to perform an effective diagnostic, I prefer to have the computer overnight. If you’d rather I skip diagnostics, I can usually have it finished the same day.

Come see me at The Farmory in Columbia, or call me at 209-565-1273, anytime.

Catphishing on the Rise

In the last week I’ve had three separate Facebook friends re-friend me using new accounts. A few months ago I even had a cousin re-friend me “after Facebook sent him a million dollars and he could finally afford to create a new account!” His words, not mine. He was, of course, not actually my cousin but an impostor trying to get me to click through a third party link to infect my computer. It was kinda cute. 🙂

Clients have reported that online friends they’ve known for years are now re-friending them and asking for money to bail them out of strange situations — everything from jail to “beta testing” to solar investment loans. In all cases, contacting the person directly with their (previously known) offline contact methods (phone, text, IRL) results in first surprise, then horror, as the person realizes what has been done in their name.

And that’s the real issue here. It’s not like you’re witnessing your friends falling for a scam from an anonymous Nigerian Prince. No, they’re friending you and you (in their mind) are responsible for anything that happens to them. From that moment forward, even long after they learn it was not really you, they’ll always associate you with this event. Some won’t talk to you anymore out of embarrassment. Some will blame you as though there were some way you could have prevented their folly. In any case, you’re both harmed by a total stranger using your name.

This phenomena is called catphishing: The process of creating a fake online persona based on someone else and using it to take advantage of the target’s friends. Impersonation through, quite literally, duplicity.

Here’s the problem

She was astonished to see how her grandmother looked.

She was astonished to see how her grandmother looked.

Online service providers, such as Facebook, Google, Yahoo, Microsoft and so on, don’t exactly perform DNA testing to ensure that the guy claiming to be your neighbor really is your neighbor. If they did, nobody would use their services. Since they don’t, it’s up to you to be able to identify whether it really is your neighbor.

They don’t make it easy.

These intelligent scammers will use just about any means possible to replicate the identity of the person they’re posing as. They’ll re-use the same or similar image as their personal photo. They might crop it differently than the original that they’ve harvested from the real person’s page, but it’ll be “real”. They’ll also migrate some content, mostly copied directly from the original account, onto the new catphishing page. They’ll also copy personal details, such as dates, employment or social history, possibly even replicating the victim’s relationships with additional accounts. All it really takes, when the information is already available only a click away, is the time to copy and paste.

These types of phishing accounts are usually short-lived. Within only a few days they’ll be identified by the targets friends as a phish, though in that time dozens or even hundreds of people may be victimized. This means the attacker will have to act fast. Once they’ve created the account they’ll quickly send out many friend requests to the targets existing friends. They’ll then add or contact many, and the few that answer quickly will then be social engineered.

First a little small talk, then mentioning some great event – like being mailed a million dollars by Mark Zuckerberg, or how they just saved a bunch of money by doing something different like taking advantage of a government program or loan gimmick. They won’t waste much time getting to the pitch, though they might not be able to respond to everyone all at once so it might be a day or two before they push. When you feign interest they’ll have a link at the ready to help you “research” their pitch. It might even be a personal page on a popular site or a typo-squatted version of a popular domain. They’ll seed the idea then send you a link to infect yourself or enable you to self-hijack by posting your account information at an untrustworthy site.

While you’re giving up your information, your real friend is completely oblivious to what is happening.

So how do you protect yourself?

First and foremost, don’t just friend everyone that asks. A very effective means of security (in most things) is to let other people be the guinea pig. This means you don’t respond to friend requests or new contacts immediately. Just wait. At least a couple days, but a week or more is ideal. By this time, there’s a good chance other people would have suffered at their hands if it’s a phish, and thus the account may have either been locked or shut down by the time you are prepared to accept the friend request. Patience really is it’s own reward.

Of course, if you suspect an account isn’t legitimate, report it. Most popular websites have tools to report various contacts and requests, and these are the tools you should be using. This allows the website owner (such as Facebook) to aggregate information about these attacks to block specific types of attacks or shut down entire networks of attackers all at once, and possibly prevent some of them in the future. It’s up to you to report it properly and fully, however. Simply blocking a user will not have any effect other than eliminating their unwelcome messages to you. If you want to stop it you have to be specific in how you report it.

On Facebook you can go to the fake user account page, click the account action button (…), select Report, Report this profile, then select “They’re pretending to be me or someone I know.” Then follow the prompts.

fb-report fb-report-profilefp-report-catphish

Don’t forget to tell the person they’re claiming to be, preferably through a previously known offline contact method.

What if they’re posing as me?!

Same thing. Report them quickly and warn your friends that may have succumbed to your fake friendship.

But wait, there’s more! In most states there are laws against phishing. Here in California the law is really written only to protect businesses, but you, as a victim, can sue an impostor for a half million dollars if they pose as your business.

It doesn’t hurt to regularly search social media for your own name, too. Not your account, mind you, just your name. This will return other accounts that are using your name so you can investigate them. Even a few minutes of effort once a month can save you and your friends from a lot of hurt down the road.

Another trick is to add a Google Alert to your name for social media. This bypasses your own social account (if configured correctly) and emails you whenever your name appears on a site. First go to Google Advanced Search and fill out the form to use a search phrase such as this:

“john t example” site:facebook.com -“johntexample”

This searches for his exact name, on Facebook, but excludes his Facebook slug/username. Now go to the Google Alerts page and search for the formula you composed above. “Show options” then set the alert to contact you once per day. It’s not a perfect solution, but it might catch a phish.

Good luck, and keep it clean out there,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2016-01-12

Hi, Folks!

It’s Patch Tuesday! The typical computer should see roughly 250mb in updates today. Let’s get started.

If you’re still running Windows 8 (not 8.1), you will no longer receive Windows updates. You MUST install 8.1 to continue to receive security updates for Windows.

Today is the last day for updates to “older” versions of Internet Explorer. Historically, this means that a critical security issue will be discovered and exploited as early as tomorrow. Upgrade Internet Explorer to the latest version supported by your operating system NOW. Yes, this means you’ll lose DQSD. 🙁 Even if you’re not using Internet Explorer as your primary browser, many applications including Office, Windows Explorer and third party components will still utilize Internet Explorer “under the hood”. Thus, whether you want it or not, you MUST install the current version to ensure you continue to receive security updates that *do* impact you.

Windows 10 will be switched from an “optional” update to an “important” update for Windows 7 and Windows 8.1 today, which means that it will attempt to automatically install whenever you install updates (and sometimes just for fun at 3am) and will also download (3gb+!) whether or not you plan to install it.

The privacy controls for some features are buried in places most people won’t look, and the defaults for some options are very insecure. The delay and potential issues you may experience from neglecting to either update or block the update can have serious repercussions.

My recommendation is to make some time to install Windows 10 as soon as possible. Typically the installation will take between 2 and 6 hours, with no ability to do other things on your computer while it’s installing. During installation you will be prompted with several option pages to enable/disable options and features. Disable them all. Yes, every single one. Uncheck every box and slide every slider “off”. Immediately after installation disable Cortana’s web-integration functionality, then go to All Settings and review every single option. If you have problems with Windows 10, you can revert to your existing OS.

If you are running software that’s not compatible with Windows 10, or need to prevent the installation for some other reason (such as my wife’s patented “I don’t wanna”) then your best option is to use GWX Control Panel to block the icon and disable OS upgrades (the first two options).

Now back to our regular patch notes.

Microsoft released 18 updates to address vulnerabilities in Windows, Edge, Internet Explorer, MS Office, MSRT, Silverlight, Visual Basic, and Windows Live Essentials (~125mb). This includes security updates. A reboot is required.
http://update.microsoft.com/

Apple released updates for OS X, QuickTime and iTunes to address security vulnerabilities. Use Apple Software Update to install these updates. A reboot is required.

Adobe AIR 20.0.0.233 is a security update.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Adobe Flash Player 20.0.0.270 are security updates.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 15.7.3.0 fixes several bugs. This is not a security update.
http://www.wagnardmobile.com/DDU/downloads.html

Ext2IFS 1.12 adds hibernate support and improves stability. This is not a security update.
http://www.fs-driver.org/

Intel Driver Update 20151221 improves hardware support. This is not a security update.
http://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 47.0.2526.110 is a security update. Use Menu, About to install the most current version.

Firefox 43.0.4 is a security update. Use Help, About to install the most current version. If you have an older version you may need to repeat this process until you get to the current release.

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 2.87 adds the ability to append to log files. This is not a security update.
http://www.nirsoft.net/utils/outlook_attachment.html

Thunderbird 38.5.0 is a security update. Use Help, About to install the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

Adobe Shockwave 12.2.3.183 is a security update. Instead of updating, please consider removing Shockwave!

Silverlight 5.1.41105 is a security update.
http://www.microsoft.com/getsilverlight/

QuickTime 7.7.9 is a security update. Use Apple Software Update to install the most current version.

Skype 7.18.0.103 doesn’t provide a changelog, so should be treated as a security update.
https://12pd.com/click?skype

Trillian Mac 3.3.0.24 fixes an echo bug. This is not a security update.
https://www.trillian.im/

Dropbox 3.12.6 fixes a couple bugs. This is not a security update.
https://12pd.com/click?dropbox

Nmap 7.01 fixes over a dozen bugs. This is not a security update.
http://nmap.org/

uTorrent 3.4.5 Build 41628 fixes several bugs and adds ad-free premium support. This is not a security update.
http://www.utorrent.com/downloads

IPInfoOffline 1.42 updates the included IP country database. This is not a security update.
http://www.nirsoft.net/utils/ip_country_info_offline.html

WGet 1.17.1 is a security update.
https://eternallybored.org/misc/wget/

Media Updates

These are unlikely to be of interest to most people.

Plex Media Server 0.9.14.6.1620 fixes several bugs and improves Sync and iOS/Apple TV support. This is not a security update.
https://plex.tv/downloads/1/archive

iTunes 12.3.2 is a security update. Use Apple Software Update to install the most current version.

Game Updates

These are unlikely to be of interest to most people.

EA Origin 9.11.2.10120 fixes several bugs. This is not a security update.
https://www.origin.com/en-us/download

PlayStation PS3 4.76 improves stability. This is not a security update.
http://us.playstation.com/support/systemupdates/ps3/pc_update/index.htm

PlayStation PS4 3.11 improves stability. This is not a security update.
http://us.playstation.com/support/systemupdates/ps4/pc_update/index.htm

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 6.8.8 fixes a couple bugs. This is not a security update.
https://12pd.com/click?npp

Paint.net 4.0.9 fixes quite a few crash bugs and improves quality and performance. This should be treated as a security update.
http://www.getpaint.net/

Krita 2.9.10.0 doesn’t provide a changelog, so should be treated as a security update.
https://krita.org/download/krita-desktop/

LibreOffice 5.0.4 fixes many bugs and improves stability. This is not a security update.
http://www.libreoffice.org/

Scribus 1.4.6 doesn’t yet have a changelog, so should be treated as a security update.
http://www.scribus.net/

Adobe Acrobat XI 11.0.14 is a security update. Use Help, Check for Updates to get the most current version.

Adobe Acrobat DC 15.009.20077 is a security update. Use Help, Check for Updates to get the most current version.

Adobe Reader 11.0.14 is a security update. Use Help, Check for Updates to get the most current version.

Adobe Reader DC Patch 15.010.20056 is a security update. Use Help, Check for Updates to get the most current version.

Kindle for PC 1.14.0 Build 43019 doesn’t provide a changelog, so should be treated as a security update.
https://12pd.com/click?kindle4pc

Security Software Updates

One or more of these is likely to be of interest to most people.

BelArc Advisor 8.5c doesn’t provide a changelog, so should be treated as a security update.
http://www.belarc.com/free_download.html

TDSSKiller 3.1.0.9 improves detection and removal. This is a security update.
https://12pd.com/click?tdss

DrWeb CureIt! 10.0.10 doesn’t provide a changelog, so should be treated as a security update.
https://www.freedrweb.com/download+cureit+free/?lng=en

KeePass 1.30 fixes a couple dozen bugs and improves search handling. This is not a security update.
http://keepass.sourceforge.net/

Wireshark 2.0.1 fixes dozens of bugs. This should be treated as a security update.
http://www.wireshark.org/

Junkware Removal Tool 8.0.2 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/junkwareremovaltool/

MalwareBytes’ Anti-Malware Chameleon 3.1.28 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/chameleon/

MalwareBytes’ Anti-Malware Mac 1.1 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/antimalware/mac/

MalwareBytes’ Anti-Rootkit 1.09.3.1001 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/antirootkit/

MalwareBytes’ Anti-Exploit 1.08.1.1045 improves a number of detection methods. This is a security update.
https://www.malwarebytes.org/antiexploit/

MalwareBytes’ FileAssassin 1.06 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/fileassassin/

MalwareBytes’ RegAssassin 1.03 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/regassassin/

MalwareBytes’ StartUpLite 1.07 doesn’t provide a detailed changelog, so should be treated as a security update.
https://www.malwarebytes.org/startuplite/

DNSQuerySniffer 1.51 improves compatibility with Netmon3. This is not a security update.
http://www.nirsoft.net/utils/dns_query_sniffer.html

Wireless Network Watcher 1.91 updates the internal MAC address database. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

RogueKiller 11.0.7 adds new detections and ADS black/whitelisting. This is a security update.
http://www.adlice.com/softwares/roguekiller/

TinyWall 2.1.7 improves stability, display on hi-res devices and application database. This should be treated as a security update.
http://tinywall.pados.hu/

Capture Updates

These are unlikely to be of interest to most people.

VideoCacheView 2.95 improves Yandex Browser compatibility. This is not a security update.
http://www.nirsoft.net/utils/video_cache_view.html

XSplit Broadcaster 2.7.1512.2124 adds support for new hardware, fixes several bugs and improves social integration. This is a security update.
http://www.xsplit.com/get/

XSplit Gamecaster 2.7.1512.1833 adds support for new hardware, Record live stream on Dailymotion, and social logins. This is not a security update.
http://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.9.8 improved compatibility, fixes several bugs, updates libraries. This should be treated as a security update.
https://12pd.com/click?makemkv

DVDFab 9.2.2.4 fixes a crash bug. This is not a security update.
http://www.dvdfab.cn/download.htm

IsoBuster 3.7 adds breadcrumbs, improved navigation, improved performance and stability, and updated libraries. This should be treated as a security update.
http://www.isobuster.com/isobusterdownload.php

MKVToolNix 8.8.0 fixes several bugs. This should be treated as a security update.
http://www.videohelp.com/software/MKVtoolnix

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 7.9.17 fixes several bugs including stability, hi-res display issues, and more. This should be treated as a security update.
https://12pd.com/click?rf

7-Zip 15.14 fixes several bugs. This is not a security update.
http://www.7-zip.org/

TeamViewer 11.0.53254 fixes several reliability and performance bugs. This is not a security update.
https://www.teamviewer.com/en-us/download/windows/

GWX Control Panel 1.7.0.2 fixes several bugs. This is not a security update.
http://ultimateoutsider.com/downloads/

iExplorer 3.8.8.0 adds iOS 9.2 compatibility. This is not a security update.
https://www.macroplant.com/iexplorer/

FolderChangesView 1.81 adds support for the Windows Explorer context menu. This is not a security update.
http://www.nirsoft.net/utils/folder_changes_view.html

SearchMyFiles 2.66 adds wasted space column, and now defaults to opening the properties window on double-click. This is not a security update.
http://www.nirsoft.net/utils/search_my_files.html

SimpleWMIView 1.10 adds option to automatically update on class/query change. This is not a security update.
http://www.nirsoft.net/utils/simple_wmi_view.html

USBDeview 2.51 adds option to open INF file. This is not a security update.
http://www.nirsoft.net/utils/usb_devices_view.html

WakeMeOnLan 1.72 adds scanning to selected IP addresses option. This is not a security update.
http://www.nirsoft.net/utils/wake_on_lan.html

WifiChannelMonitor 1.41 updates the internal MAC address database. This is not a security update.
http://www.nirsoft.net/utils/wifi_channel_monitor.html

CCleaner 5.13.5460 adds Opera and Chrome Media Cache cleaning, improves application support. This is not a security update.
https://12pd.com/click?ccleaner

Rufus 2.6 simplifies zeroing a device, fixes mode support, crash bugs and stability. This is not a security update.
http://rufus.akeo.ie/

Sigcheck 2.4 improves certificate trust list validation. This is a security update.
http://live.sysinternals.com/

Sysmon 3.2 adds support for logging raw disk access. This is a security update.
http://live.sysinternals.com/

Process Explorer 16.1 fixes several bugs. This is not a security update.
http://live.sysinternals.com/

Autoruns 13.51 fixes a WMI parsing bug, selective verification of signing status of individual entries and BOM flag in export file. This should be treated as a security update.
http://live.sysinternals.com/

AccessChk 6.01 fixes registry parsing bug and a kernel access bug. This is a security update.
http://live.sysinternals.com/

SystemRescueCD 4.7.0 updates kernels. This is a security update.
http://www.sysresccd.org/

TaskSchedulerView 1.15 improves refresh. This is not a security update.
http://www.nirsoft.net/utils/task_scheduler_view.html

WSUS Offline 10.3.1 fixes a bug in .NET installation. This is a security update.
http://download.wsusoffline.net/

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.9.3 many bugs. This is not a security update.
http://tortoisesvn.net/downloads.html

ActivePerl 5.22.1.2201 is a security update.
http://www.activestate.com/activeperl/downloads

StrawberryPerl 5.22.1.2 is a security update.
http://strawberryperl.com/

Inno Setup 5.5.7 improves defaults, adds support for new CLI options, indexing behavior, and bug fixes. This is not a security update.
http://www.jrsoftware.org/isdl.php

Virtual Machine Updates

These are unlikely to be of interest to most people.

VMware Player 12.1.0 fixes several bugs. This is not a security update.
http://www.vmware.com/products/player/

VirtualBox 5.0.12-104815 fixes several bugs. This is not a security update.
http://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Dada Mail 9.0.2 is a security update.
http://dadamailproject.com/

BIND 9.9.8 and 9.10.3 are security updates.
https://www.isc.org/downloads/bind/

Drupal 8.0.2 is a security update.
http://drupal.org/download

Joomla 3.4.8 is a security update.

jQuery 1.12.0 and 2.2.0 fix several bugs and introduce new features. This is not a security update.
http://jquery.com/download/

phpMyAdmin 4.5.3.1 is a security update.
http://www.phpmyadmin.net/home_page/news.php

WordPress 4.4.1 is a security update.
http://wordpress.org/

Autoptimize 2.0.0 is a major improvement, adding several new controls and features, cache controls, optimizations and bug fixes. This is not a security update.

BuddyPress 2.4.3 fixes several bugs. This is not a security update.

Email Log 1.8.1 fixes a bug. This is not a security update.

Multisite Enhancements 1.3.2 fixes a cosmetic bug. This is not a security update.

Postie 1.7.27 fixes several bugs. This is not a security update.

Theme My Login 6.4.3 fixes several bugs. This is not a security update.

Top Commentators Widget 1.5.1 fixes several bugs. This is not a security update.

WooCommerce 2.4.13 fixes several bugs. This is not a security update.

WP Edit 3.7 fixes several bugs. This is not a security update.

WPtouch 4.0.2 fixes several bugs. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Facebook & Chrome Desktop Notifications

Facebook deployed a new feature today (2015-12-14) to use Chrome’s built-in “Desktop Notifications” feature. This feature allows popup notifications like Outlook “new mail” alerts or Trillian’s message or event notifications. It’s a great feature for low-volume use, or if your computing doesn’t extend far outside of Facebook. However, if Facebook isn’t central to your computing experience, you’ll find that these are little more than an annoyance.

Note that the instructions here are not limited to Facebook, and can be applied to any other site that offers Chrome Desktop Notifications.

The first time Facebook prompts you, you’ll see the following new popup in the top-left corner of your browser. It’s likely already done so and you didn’t know what to click. That’s okay, keep reading.

This popup will be located within the browser viewport immediately below the SSL lock icon Chrome SSL Lock Icon, and it will cover or overlap the bookmarks toolbar and other toolbars if you have any enabled. If you get a lot of notifications or don’t want Desktop Notifications to appear, click Block to prevent it from showing notifications. If you get few notifications, don’t use your computer for much else, or just want to see how Desktop Notifications work, click Allow.

Facebook Desktop Notifications Request

Facebook Desktop Notifications Request

Polite Warnings

You should now be prompted with the Chrome message showing you that you can change your mind later.

Desktop Notifications: Second Chance

Desktop Notifications: Second Chance

It’s Not Too Late!

Whether you clicked Block or Allow, if you’ve changed your mind, that’s okay! It’s easy, and it just takes a couple more clicks.

First, click the SSL lock icon Chrome SSL Lock Icon, then click the drop-down option list beside Notifications. You can now select to use the default (typically Ask), Always allow on this site, or Always block on this site, by clicking on your preferred option:

Facebook Desktop Notifications Setup

Facebook Desktop Notifications Setup

The change takes effect immediately, and unless you decide to change your mind again, is permanent.

That’s All Folks

This feature is available to all SSL-enabled websites through Chrome, but must be individually enabled for each site (unless you’ve changed your settings). You can change the default to always allow (I strongly recommend against this!), or to never allow by going to Menu, Settings, scroll to the bottom and click show advanced settings, scroll down a little tiny bit to the Privacy section and click the Content settings button, and finally scroll to the Notifications section. Or you can click chrome://settings/content and scroll to the Notifications section (about half way down the list). Select your new default Notifications preference and click Done to save your new preference.

Change Chrome Global Settings for Notifications

Change Chrome Global Settings for Notifications

You can optionally select or manage exceptions by clicking Manage exceptions. From this window you can add or remove permission to display Desktop Notifications for existing websites and for non-SSL websites.

Leave your questions in the comments below.