Updates 2020-06-09

Welcome back, Folks!

Today is Patch Tuesday for June 2020.

Windows 10 v2004 has been released. Don’t be the guinea pig! Make sure you’ve installed v1909 recently so you won’t be forced into the new build before they work out the bugs. I don’t see a lot of differences between v2004 and v1909 that most people would benefit from, anyway, but these releases tend to take a couple months to work out most of the bugs. For example, many Windows policies are erased during the upgrade which can result in local accounts being forced into using inescapable Microsoft accounts for users that don’t understand that “skip for now” is an option.

If you’re running any commercial version of Windows 10 prior to v1809 (build 17763) then it’s no longer supported and you will not receive operating system security updates. Upgrade to v1909 ASAP to maintain security updates for your device. Don’t install v2004 yet, since it’s now in what most people would call the “public beta.” Download v1909 for your system using the ISO Downloader, mount the ISO, then use the setup.exe file to install. Change the option on the first page of the installer to DISABLE checking for updates until after the installation is completed.

This Month in Technology

You could have probably used an egg timer to measure the time between the Orwellian release of GACT – Google/Apple Contact Tracing, which we were assured time and time again would never be used for anything other than COVID-19 tracking – and when it was used to track and arrest protesters. The current version of GACT can be disabled by turning off Location and Bluetooth on your devices. This will not be the case in the next iteration due within the next month.

The number of security vulnerabilities discovered in popular open source projects more than doubled in 2019. The horror! The fear! Well, this is actually a good thing. Vulnerabilities aren’t created by evil third-parties or hackers. They’re created by the original developers. They’re baked into the programs and libraries that the developer created – generally through failure of imagination or insufficient testing. The hackers and other third-parties only discover them and report them to the developers. Think of it like someone testing all the car doors in a parking lot to see if a car is unlocked. The “discovered” (read “reported”) vulnerabilities are what happens when the guy checking doors tells the car owner that he left the doors unlocked, so they can lock their doors. Unfortunately, whether they’re discovered or not the vulnerabilities do exist. Bad people may have already checked those doors and stolen everything out of your car long before the vulnerabilities were reported to the developers. Seeing these numbers go up makes me smile – the whole world is better for it. 🙂

The recent attacks on Microsoft logins using Google and Amazon URL redirection to steal authentication keys are not the only phishing methods currently being widely deployed. Attackers are also sending fake VPN configurations to users, which would allow direct man-in-the-middle attacks to proceed against all sites and services the victim used with their device.

My position on most services and features in any operating system or device is “default deny.” Turning off unused and unwanted features ensures that they can’t be abused and effect greater control over your device or your network. The #CallStranger UPnP protocol vulnerability allows malicious scripts from any website to hijack your internal network and perform network scans, DDoS attacks, or foothold attacks against your internal devices, including the vulnerable router that has UPnP enabled. Disabling UPnP and using manual network assignment would prevent this and any future UPnP vulnerabilities from having any effect.

The IAB has released a framework to aid in compliance with the CCPA.

The Free Thought Project provides several alternatives to the current law enforcement crisis that can help prevent the riots and protests we’re seeing now in many major metropolitan areas.

REAL science for the win. I wonder if the MSM outlets that have been vilifying Hydroxychloroquine will ever retract their statements? Sorry, that’s facetious since we all know that the MSM never acknowledges their failings. Will the arbiters of “truth” at Twitter and Facebook concede that their censorship was actually in the name of bad science? Of course not.

A major attack against Ajit Pai’s elimination of Net Neutrality comes in the form of AT&T paying itself for zero-rating HBO Max data on their networks. This will likely spring back up the Net Neutrality battle in the FCC.

The next Y2K is coming. CA Certificates are the parent certificates of the ones that provide TLS/SSL security for websites. The first of several to expire within the next year expired a few days ago causing service disruption for automated processes that depended upon the expiring authority certificates. Roku, Stripe, Sectigo, Fortinet and many, many more. Four separate root certificates expire within the next year and a dozen in the next 5 years. Be prepared for this to happen several more times in the near future.

Now for the good news:

Linux LTS Kernel 4.19 and 5.4 will be supported for 6 years. This will have a huge impact on the effective life of IoT devices.

Let’s Get Busy

Now back to our regularly scheduled program.

Thanks to the unstopping barrage of updates pushed during “weekly update quarantine”, Patch Tuesday this month is very light. The typical computer should see roughly 1 GB in updates today. Let’s get started.

Microsoft released updates for Windows, Edge, .NET, Internet Explorer, Office, Servicing Stack, Microsoft Store, hardware security, and MSRT (~800 MB). This includes security updates. A reboot is required.

Adobe Flash Player 32.0.0.387 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Google Chrome OS 83.0.4103.97 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The release of macOS Catalina (10.15) means that macOS Sierra (10.12) and older are no longer supported. If you can not install at least macOS High Sierra (10.13) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.

The now-current release of the Windows 10 (2004) is a huge (about 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.9.80 is a security update. This version removes the “accidental” hijacking of affiliate links. Use Menu, Help, About to install the most current version.
https://brave.com/

Microsoft Edge 83.0.478.45 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 68.9.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.thunderbird.net/en-US/

Internet Updates

One or more of these are likely to be of interest to everyone.

Npcap 0.9993 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.06.05 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.8.7 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Adobe Framemaker 2019.0.6 is a security update.
https://www.adobe.com/products/framemaker.html

Adobe Experience Manager 6.4 and 6.5 are security updates.
https://helpx.adobe.com/experience-manager/aem-releases-updates.html

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.25 resolves several bugs, adds APNG support, adds option to disable tasks, and adds new URL metadata field. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.9.0 adds support for new encodings, improves default bit-rate and ripper modules, and resolves a SRT export bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Etcher 1.5.97 resolves several bugs. This is not a security update.
https://www.balena.io/etcher/

PowerToys 0.18.2 resolves an elevation bug and several other bugs. This should be treated as a security update.
https://github.com/microsoft/PowerToys/releases/latest

RoboForm 8.9.0 improves data synchronization, and resolves bugs in import. This is not a security update.
https://www.roboform.com/

USB Oblivion 1.12.2.0 adds support for unknown USB devices and resolves a bug related to old hardware. This is not a security update.
https://www.cherubicsoft.com/en/projects/usboblivion

WinScan2PDF 5.55 resolves a language selection bug and improves the scan integration. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

SQLite 3.32.2 improves VFS and PostgreSQL compatibility, adds IIF() support, improves the import command, and several other improvements. This is a security update.
https://www.sqlite.org/download.html

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.10-138449 adds support for Linux kernel 5.7, resolves several bugs, and improves Wayland compatibility. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Docker Desktop 2.3.0.3 upgrades the Linux kernel and resolves several bugs. This is a security update.
https://www.docker.com/products/docker-desktop

Akismet 4.1.6 resolves a race condition. This is not a security update.

Postie 1.9.53 adds a filter for postie_subject. This is not a security update.

WP Mail SMTP 2.1.1 adds a filter to set global reply-to address and improves documentation. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Do Not Reuse Passwords

Password security is a growing field and the old conventional wisdom of using a “strong” password and changing it frequently has lead to people using the same “strong” password on many different websites, resulting in their complete identity being hijacked when any one of those sites is compromised.

HaveIBeenPwned (HIBP) is a service that collects data dumps from when websites are hacked and uses the data to provide a service to alert users whenever their accounts are compromised. It’s like a central clearinghouse for account monitoring. Unfortunately, by the time accounts are listed in HIBP it is often years after the account has been hacked and the hackers that originally took the account information have had that entire period to make use of your account details. Many websites store their passwords in plain text, and many of the others that do use password hashing algorithms to store only a mathematical representation of the password and not the password itself neglect to use properly salted hashes, which means that those hashed passwords can often be compared with rainbow tables to effectively convert them to their plain text equivalent. Seeing the passwords that people – still today – continue to use is destroying my hope in humanity. For example, “123456” is used by almost 1% of business professionals for their online social interactions. Dead serious.

The trends on these exposed passwords show that there are very common patterns and weak password consideration is the rule of the day. Few people, and by few I mean I could probably count them on one hand, actually do passwords right. It’s time to take your own security seriously, because the evidence shows that many of those you do business with do not.

Here’s the Problem

Weak passwords you’ve used on service x (Yahoo, for example) will be dumped along with all the other passwords on that hacked service. Those same weak passwords will be tested on service y and service z. And everywhere else. This process is called “password stuffing.”

If you reuse even part of your passwords then you open yourself up to being targeted either randomly or by evil people you may already know. “Script kiddies” live and die by their ability to make an example out of people who they feel have done them harm. You could also become the victim of automated scanners that consume the usernames and passwords from these dumps then try them on every known system from Facebook to Gmail to email to banking services. The passwords will be munged in order to test similar or stylistically equivalent passwords. For example, of the LinkedIn hack, almost 2.5 million accounts (or about 1.5%) used some variant of the site name in their password. Those same accounts probably use some variation of the site name in most of their passwords. This can safely be assumed to be done everywhere, meaning that if you use “linkedin123456” for LinkedIn, there’s a good chance that your Facebook password is “facebook123456”.

So when over a million people used “123456” as their LinkedIn password, not only did it expose that as a very commonly used password, but it demonstrated that those million-plus email addresses tied to those weak passwords were used by people that didn’t take security seriously. If you use a weak password anywhere, chances are good that you use weak passwords elsewhere, if not everywhere. If something as quick and easy as changing a password isn’t done, then you also probably neglect your hardware and software. You’re using older and insecure programs. You’re exposing all of yourself with a single simple decision that you think will make your life easier.

It doesn’t. Reusing even part of a password only makes life easier for whoever attacks you. They can stay in their momma’s basement and spend all day throwing your account details at different sites until they get in. When they do, it doesn’t hurt them, it hurts you. Two or three hijacked accounts, or variations on your passwords from multiple dumps show how you think, and the style and scope of password complexity you use.

Again referring to the 2012 LinkedIn hack, there were over 26,000 variations of passwords that included “12” or “2012” in the password. From this we can imply that users will seed their passwords with the year they changed it. The same accounts are probably still using the same patterns with “2019” or “2020” today.

“Different” !== Strong

Usually these dumps are sold on the black market or used by the original hacker for a while before they’re inevitably released publicly. The data is out there so it’s necessary to use defensive passwords.

You can’t just change a number at the end of your password and possibly think that it’s going to make a difference in your security. The delay it might impose against an organized attacker is less than a single second. You can’t create a strong password by typing random characters on your keyboard. You just can’t. The predictive value of muscle memory, social and cognitive signals, and even keyboard bias result in a relatively small set of potential values for manually-generated passwords.

1337-sp34k offers no additional protection.

Using a strong password is no longer a suggestion. To be secure in the current world you must use a strong, unique, randomly-generated password for any and all sites and services. Failing to do so will result in that password being used as the seed to corrupt your digital life later on. Maybe not today, maybe not tomorrow, but soon, and for the rest of eternity.

The rules used to be pretty simple, but were still never observed:

  • DO NOT use a series of numbers and a word or two. (123badpassword)
  • DO NOT use a word or two and a series of numbers. (badpassword123)
  • DO NOT use a word with numbers breaking it up. (1bad2password3)
  • DO NOT use the site name or URL as any part of the password. (mylinkedinpassword)
  • DO NOT use keyboard sequences like “qwerty” or “123456”.
  • DO NOT use any word or name related to you or your life (pets, family, friends, musicians).
  • DO NOT use dates or other simple patterns.

Unfortunately, these rules are still ignored, and even if they were followed to a T, these rules are no longer sufficient for creating a passwords or passphrases manually. Today, any password you can remember is not a good password. It’s time you put the effort into proper password management.

Fortunately, the new rules are actually simpler:

But my browser remembers my passwords!

All modern browsers (Chrome, Firefox, Edge, Safari) have password management built-in. You can use that in order to generate strong passwords and, while short, they’ll be unique for each site. Unfortunately, since these passwords are stored in the browser they can be extracted by any malicious software that manages to make it onto the device or compromise your browser Sync account, where password managers generally use much stronger encryption.

Websites are still catching up to the reality of password managers

Long passwords, 300 characters or more, are not a problem for your password manager, but they’re probably a problem for the site. BofA limits your password to 20 characters. Yahoo limits your password to 128 characters. Facebook allows much longer passwords, but only requires 6 characters and character case isn’t treated as significant so entropy is significantly reduced, especially for shorter passwords.

Some websites and app logins don’t allow you to copy & paste in the password field which means that they often don’t play well with password managers. Others (like AT&T and Yahoo) refuse to allow certain characters in passwords, so randomly generated passwords have to be manually munged instead of allowing them to be truly random.

Nevertheless, failing to use a password manager means that you’re not using random passwords at all, and are likely reusing passwords to your own peril.

The solution is to get a password manager now and immediately start working to migrate your accounts to it. Almost every password manager today offers password analysis to warn you of weak, reused, and known compromised passwords so you can prioritize changing the passwords for those accounts.

What’s your favorite password manager?

Updates 2020-04-30

We just had to get one last update cycle in for “the April that would never end.”

It’s not Patch Tuesday, but updates to OpenSSL have prompted security updates for almost every browser as well as application updates to many others have triggered an out-of-cycle update.

This Month/Week in Technology

If you can’t trust the CDC not to taint the tests, you can’t trust the SBA with your privacy in their loan process, you can’t trust Apple with your data, you can’t trust your “home automation” to not expose your entire home to hackers, you can’t trust the CIA not to abuse their authority in the mainstream media and academia, you can’t trust the FBI to follow their own rules when making requests of the secret FISA courts, you *really* can’t trust your antivirus software not to put you at even greater risk of exploitation, you can’t trust anyone not to reuse passwords, and you can’t trust advertising publishers to keep their ad platforms safe for their target audience, then why should you ever even consider giving Google and Apple 24/7, permanent, extensive monitoring of everywhere you go and everyone you ever have contact with? I don’t. Even if Apple and Google were above reproach (and they’re not), the inevitable abuse by any platform like this makes Orwell’s worst dreams look tame in comparison.

Now for the good news:

Intel has finally opened up their graphic drivers so you can use them on OEM hardware.

Let’s Get Busy

Apple released iOS 13.4.1 for iPhone SE (2nd generation) and watchOS 6.2.1 for Apple Watch Series 1 and 2. These are security updates. Use Settings, General, Software Update to install the most current version.

Fedora 32-1.6 provides several new features, now uses nftables by default, improves regular maintenance routines, and updates libraries. This is a security update.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.4 adds ability to remove only NVCP and resolves several bugs. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver and Support Assistant 20.4.17 resolves several bugs. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.8.86 is a security update. Use Menu, Help, About to install the most current version.

Google Chrome 81.0.4044.129 is a security update. Use Menu, Help, About to install the most current version.

Microsoft Edge 81.0.416.68 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 3.0.1874.33 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

Mailspring 1.7.6 resolves several bugs. This is not a security update.
https://getmailspring.com/

OutlookAttachView 3.35 adds option to control Enter Key Action. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

FileZilla Client 3.48.0 is a security update.
https://filezilla-project.org/

FreeFileSync 10.23 resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

Google Earth 7.3.3 improves Street View, plus code support, and resolves several bugs. This is a security update.
https://earth.google.com/

WinSCP 5.17.5 is a security update.
https://winscp.net/eng/index.php

Zoom 5.0.23502.0430 improves encryption, abuse reporting, privacy controls, and resolves several bugs. This is a security update.
https://zoom.us/

Media Updates

These are unlikely to be of interest to most people.

VLC Media Player 3.0.10 is a security update.
https://www.videolan.org/vlc/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.04.28 resolves several bugs. This is not a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice 6.3.6 resolves 80 bugs. This is not a security update.
https://www.libreoffice.org/

Notepad++ 7.8.6 resolves several bugs. This is not a security update.
https://notepad-plus-plus.org/

Illustrator 24.1.2 is a security update.
https://www.adobe.com/creativecloud/catalog/desktop.html

Adobe Bridge 10.0.4 is a security update.
https://www.adobe.com/products/bridge.html

Security Software Updates

One or more of these is likely to be of interest to most people.

OpenSSL 1.1.1g is a security update.

RogueKiller 14.4.1 is a security update.
https://www.adlice.com/download/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.23.2 resolves a couple minor bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.6 adds support for new encodings, improves upscaling and enlarger. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

Dell Command Update 3.1.2 is a security update.
https://www.dell.com/support/article/us/en/04/sln311129/dell-command-update?lang=en

RoboForm 8.7.0 resolves several bugs. This is not a security update.
https://12pd.com/click?rf

1Password for Windows 7.4.767 resolves several bugs. This is a security update.
https://1password.com/downloads/windows/

DesktopOK 7.01 adds command-line support, mapping support for alt-drag, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

Easy2Boot 2.02 updates libraries, dependencies, and resolves a bug in Make USB. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

Etcher 1.5.83 adds workflows to Flash from URL and improves the cosmetics. This is not a security update.
https://www.balena.io/etcher/

GoodSync 11.1.6 adds RDC tunneling support, explorer actions, account management improvements, and resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

MS ISO Downloader 8.35 adds support for new Windows, Office, and Dell images. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

PSAppDeploy 3.8.1 adds Repair as action type, execute-process-as-user, several new features, compatibility improvements and bug fixes. This is not a security update.
https://psappdeploytoolkit.com/

Rufus 3.10 improves compatibility, device detection, updates drivers, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

TeamViewer 15.5.3 adds message search, conditional access servers for fallback options, and resolves several bugs. This is not a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 5.31 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

CPU-Z 1.92 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/cpu-z.html

NTLite 1.9.0.7455 adds new controls and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Coreinfo 3.5 doesn’t provide a changelog so should be treated as a security update.
https://live.sysinternals.com/

LiveKD 5.63 doesn’t provide a changelog so should be treated as a security update.
https://live.sysinternals.com/

Process Explorer 16.32 doesn’t provide a changelog so should be treated as a security update.
https://live.sysinternals.com/

Sysmon 11.0 adds file delete and archive monitoring, additional options to control behavior, improved log support and reliability improvements. This is not a security update.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

Node.js 14.1.0 is a new major version adding several new features, libraries and bug fixes. Unfortunately, the previous build (14.0.0) broke stream support for many packages. This version resolves that bug. This is a security update.
https://nodejs.org/en/

Node.js 13.14.0 resolves several bugs. This is a security update.
https://nodejs.org/en/

Node.js 12.16.3 updates libraries. This is a security update.
https://nodejs.org/en/

Redemption 5.23.0.5664 adds support for in-memory objects, several new objects, collection-level assignments, and resolves several bugs. This is not a security update.
http://www.dimastr.com/redemption/

MySQL ConnectorNet 8.0.20 resolves several bugs. This is not a security update.
https://dev.mysql.com/downloads/connector/net/

Web Package Updates

These are likely to be of interest only to web developers.

WordPress 5.4.1 is a security update.
https://wordpress.org/

ScreenConnect 20.3.28091.7419 improves relay action scheduling, resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download

Magento 2.3.4-p2, 2.3.5-p1, 1.14.4.5, 1.9.4.5 are security updates.
https://helpx.adobe.com/security/products/magento/apsb20-22.html#solution

Joomla 3.9.18 is a security update.
https://www.joomla.org/

HumHub 1.5.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

MailEnable 10.30 resolves several bugs. This is not a security update.
https://www.mailenable.com/

Nextcloud Server 18.0.4 resolves dozens of bugs and updates libraries. This should be treated as a security update.
https://nextcloud.com/

phpList 3.5.3 is a security update.
https://www.phplist.org/

YOURLS 1.7.9 improves compatibility, API signature algorithm, accessibility, and resolves several bugs. This is not a security update.
https://yourls.org/

Akismet 4.1.5 disables the notice and updates WP requirements. This is not a security update.

Antispam Bee 2.9.2 improves compatibility, and resolves several bugs. This is not a security update.

BuddyPress 5.2.0 is a security update.

Custom Facebook Feed 2.14 resolves several bugs. This is not a security update.

myStickymenu 2.4 resolves several bugs and adds font color control. This is not a security update.

Postie 1.9.50 improves diagnostics. This is not a security update.

W3 Total Cache 0.13.3 resolves a minification bug. This is not a security update.

WP Mail SMTP 2.0.0 changes PHP requirements (7+) and resolves several bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-04-01

Happy April Fools’ Day, Folks!

It’s not Patch Tuesday, but updates from Microsoft, Apple, Google, and others have triggered an out-of-cycle update.

This Month/Week in Technology

The FCC announced that by July 2021 every US phone company (landline and mobile) must adopt STIR/SHAKEN which will massively reduce the amount of robocalls and phone spam people receive and ensure that call blocking features work as intended.

Microsoft has rebranded Office 365 to Microsoft 365 and is launching more features and cross-platform monitoring across the system. Is this the next step towards Windows-as-a-Service?

Dell and HP Enterprise have issued updates for the runtime bug in certain Enterprise solid-state drives (SSDs) that will begin bricking them in only a couple months.

The latest to jumping on the virus-free-trial bandwagon is Plex.

The country of Georgia has been hacked, with data on almost every citizen being posted online.

How bad are companies at dealing with ransomware? Most corporations and governments just give in and negotiate the ransom. Others pay insurance through companies like Chubb, a cyber-insurer for this type of thing. Can a company insure itself?

For a couple days, the latest builds of iOS and macOS wouldn’t let you search for a “+” sign. This is more common than you might think, and one of the pieces of advice in my Selecting the Perfect Domain” guide.

#3 Don’t use any strange characters

CloudFlare’s 1.1.1.1 public DNS resolver received glowing marks in a recent study. While it’s very private and fast, it doesn’t provide built-in security as does OpenDNS, though.

Now for the good news:

Even the scientist most cited for his chicken-little response to COVID-19 has reversed course and said he over-estimated lethality and virulence.

Let’s Get Busy

Microsoft released an out-of-cycle update to address connectivity problems for VPN users. If you’re using a VPN, use Windows Update to install the most current version.

Apple released security updates for iCloud for Windows 7.18 and iCloud for Windows 10.9.3. Use Apple Software Update to install the most current versions.

Google Chrome OS 80.0.3987.158 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Display Driver Uninstaller 18.0.2.3 improves cleanup. This is not a security update.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.162 is a security update. Use Menu, Help, About to get the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

WinSCP 5.17.3 is a security update.
https://winscp.net/eng/index.php

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.03.26 resolves several bugs. This is not a security update.

PlayStation PS3 4.86 improves system performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps3/

Office Updates

One or more of these are likely to be of interest to most people.

Krita 4.2.9 adds Airbrush and Ratio controls to the Color Smudge brush, and resolves 70 bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

Security Software Updates

One or more of these is likely to be of interest to most people.

RogueKiller 14.4.0 resolves several bugs, improves compatibility and adds warnings to certain scans.
https://www.adlice.com/download/roguekiller/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.8.2 adds support for new encodings. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.8 improves data synchronization, Windows Hello integration, and resolves several bugs. This is not a security update.
https://12pd.com/click?rf

GoodSync 10.11.4 resolves several bugs and improves compatibility. This is not a security update.
https://12pd.com/click?goodsync

DesktopOK 6.91 improves compatibility with the next build of Windows. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

NetworkInterfacesView 1.20 adds option to open device properties window with F2. This is not a security update.
https://www.nirsoft.net/utils/network_interfaces.html

PSAppDeploy 3.8.1 adds Repair action and new installation controls, and resolves several bugs. This is not a security update.
https://psappdeploytoolkit.com/

MS ISO Downloader 8.34 adds several new ISOs. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

WinScan2PDF 5.25 resolves a TWAIN bug under Windows 10 x64. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 3.6.2.0 resolves over a dozen bugs. This is not a security update.
https://developer.android.com/studio/index.html

Node.js 13.12.0 improves build notarization for macOS, upgrades libraries, adds option to disable proto to CLI, moves diagnostic reports to stable, and now allows URL in worker constructor. This is not a security update.
https://nodejs.org/en/

Web Package Updates

These are likely to be of interest only to web developers.

OpenPetra 2020.03 resolves the PDF printing bug, as well as several other bugs. This is not a security update.
https://www.openpetra.org/

WordPress 5.4 improves the block editor, adds Social Icons and Buttons, gradients to Buttons and Cover block, color options to Group, Columns, and Rich Text, improved consistency, as well as many developer and privacy improvements. This is not a security update.
https://wordpress.org/

Postie 1.9.45 resolves an email notification bug. This is not a security update.
https://wordpress.org/extend/plugins/postie/

Custom Facebook Feed 2.13 adds a Block. This is not a security update.
https://wordpress.org/extend/plugins/custom-facebook-feed/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2020-02-20

Welcome back, Folks!

It’s not Patch Tuesday, but security updates from Google, Mozilla, Apple and Adobe have triggered an out-of-cycle update.

This Month Week in Technology

According to one of Tumblr’s engineers, Apple’s iOS is adware.

Even great computers are no match for the human brain in perceiving what the typical human consider obvious. Exploiting this fact, evildoers are extorting Google Adsense users by threatening to fraudulently click ads in violation of the Adsense terms unless they get paid off.

If your site is still running an older version of TLS or SSL it’s about to get spanked by the browsers and search engines. Upgrade your HTTPS security policies to use only the latest methods (even if older devices can no longer visit your site).

This month brings even more Bluetooth design and implementation vulnerabilities, and reassurance that keeping your mouth shut may eventually pay off, a relatively minor bug in Firefox allows CSS to be abused to (slowly) extract data from secure sites, and a change to the CCPA (California Consumer Privacy Act) now allows business to keep certain information you’ve requested to be removed so they can…prove…it was…removed…huh? LOL

Finally, a scientific study demonstrates that sound-bite socialization and catch-phrase culture have ruined our ability to have an educated conversation. The real question should be, is anyone surprised?

Let’s Get Busy

The typical computer should see approximately 600 MB of updates. Let’s get started.

watchOS 6.1.3 and 5.3.5 are security updates. Use your updated iPhone to install the most current version through the Watch app.
https://support.apple.com/en-us/HT204641

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Logitech Options 8.10.84 adds support for new hardware and resolves several bugs. This is not a security update.
https://www.logitech.com/en-us/product/options

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 80.0.3987.116 is a security update. Use Menu, Help, About to install the current version.

Firefox 73.0.1 resolves several crash bugs. This is not a security update. Use Menu, Help, About to install the current version.

Vivaldi 2.11.1811.38 is a security update. Use Menu, Help, About to install the current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

FreeFileSync 10.20 adds email notification support, HTML logging, sync error detection, and more. This is not a security update.
https://www.freefilesync.org/download.php

IPNetInfo 1.95 adds improved command-line support. This is not a security update.
https://www.nirsoft.net/utils/ipnetinfo.html

WinSCP 5.17 resolves several bugs and adds new features. This is not a security update.
https://winscp.net/eng/index.php

Media Updates

These are unlikely to be of interest to most people.

MyPaint 2.0.0 is a major new update with new layer and compositing features, new brush controls, and dozens more. This is not a security update.
http://mypaint.org/downloads/

Picard 2.3 resolves dozens of bugs and improves reliability. This is not a security update.
https://picard.musicbrainz.org/

Game Updates

These are unlikely to be of interest to most people.

Steam 2020.02.12 resolves several bugs. This is not a security update.

Office Updates

One or more of these are likely to be of interest to most people.

LibreOffice Still 6.3.5 resolves about 85, including stability and reliability fixes. This is not a security update.
https://www.libreoffice.org/

Paint.net 4.2.10 resolves several bugs, notably with those using MSI deployment (yay!). This is not a security update.
https://www.getpaint.net/

Adobe Media Encoder 14.0.2 is a security update.
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html

Adobe After Effects 17.0.3 is a security update.
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html

Adobe FrameMaker 2019.0.5 resolves several bugs. This is not a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6851
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6849

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.20.3 resolves a compatibility bug. This is not a security update.
https://www.fosshub.com/ScreenToGif.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 11.0.7.4 adds support for new encodings and resolves a crash bug. This is not a security update.
https://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.6.7 resolves several bugs and improves compatibility. This is not a security update.
https://12pd.com/click?rf

Cygwin 3.1.4 resolves a couple bugs and improves compatibility with symlinks and junctions. This is not a security update.
https://cygwin.com/

Etcher 1.5.79 improves user experience. This is not a security update.
https://www.balena.io/etcher/

GoodSync 10.10.24 resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

PointerStick 3.81 resolves several bugs and improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Developer Updates

These are unlikely to be of interest to most people.

Node.js 13.9.0 resolves over 200 issues. This is not a security update.
https://nodejs.org/en/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.1.4-136177 resolves several bugs and improves EFI support. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Nextcloud Server 18.0.1 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/

HumHub 1.4.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download

myStickymenu 2.3.5 updates license rates and terms. This is not a security update.

Postie 1.9.43 begins the migration of shortcodes into the main module. This is not a security update.

Raw HTML 1.6.2 resolves a compatibility bug. This is not a security update.

Redirection 4.7 adds domain relocation with exceptions, site aliases, www/wwwithout controls, and content-type. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.12 improves Blogger and Facebook compatibility. This is not a security update.

Sucuri Security 1.8.24 resolves two bugs. This is not a security update.

WooCommerce 3.9.2 resolves several bugs. This is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/