Google has released a new version, 27.0.1453.94, of its Chrome browser; this update is only for Windows, and fixes a Graphics processing (GPU) bug that can cause a crash. (I am not aware of any security consequences of this bug.) Further details are available via the Release Announcement.
Windows users should get the new version via the built-in update mechanism.
Leave a Comment » | 
Internet, Software | Tagged: bug fix, Chrome, Google, releases, Windows | 
Permalink
Posted by Rich
Google today announced the release of a new version, 27.0.1453.93, of its Chrome browser for all platforms: Mac OS X, Linux, Windows, and Chrome Frame. The new version incorporates some capability iimprovements:
chrome.SyncFilesystem API for access to Google Drive is availableThe new release incorporates the latest version of the bundled Flash Player, as well as fixes for 14 identified security vulnrabilitues, 10 of which Google rates as High severity. Further information is available in the Release Announcement.
Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can. Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version. If you need to get a complete installation package, you can download it here.
Ars Technica has an interesting short article on the changes in Chrome 27. The increase in page loading speed was accomplished by switching from a per-tab scheduler to a global scheduler, which allows some additional optimizations of network utilization.
Leave a Comment » | Internet, Security Patches, Software | Tagged: Chrome, Chrome Frame, Flash Player, Google, Google Drive, Linux, Mac OS X, vulnerabilities, Windows | Permalink
Posted by Rich
Yesterday’s Washington Post has a report on the concerns raised by parents and child advocates about the use of social networks by pre-teenagers. The story focuses on the photo sharing service, Instagram, but the general issues are relevant to other sites as well: is the site collecting the personal information of susceptible children, and does it do enough to protect them from miscellaneous predators.
The Instagram service is an offshoot of Facebook, the social networking giant, which has about 1 billion users. The company’s policy requires users to be at least 13 in order to open an account, but the Instagram site does not even ask the user’s age when (s)he signs up. (The main Facebook site does require a bit of verification, requiring the user’s real name and age; however, the effectiveness of this is questionable, since there is no way to check the user’s answers.) The result is that many children under 13 have set up Instagram accounts.
There is some reason for concern about this; looking at the site (or at Facebook, for that matter, where I have an account) shows that many users post a great deal of what might be regarded as fairly personal information. Most readers are probably familiar with news stories of people whose employment or other prospects have been damaged by indiscreet posting and photos on Facebook and other social sites. Even if one grants that adults have a right to behave like complete idiots if they wish to, it seems reasonable that children, who lack both mature judgment (such as it is) and experience, deserve some protection.
However, people need to realize that, outside the realm of science fiction, this is not a problem that has a technological solution. Even if it were possible to develop a peripheral device that would automagically detect a persons age, it really wouldn’t solve the problem; all the server on the other end of the transaction can do is to verify that the bit pattern it receives indicates the user is 13 (or 18, or 21). Were such a device to be developed, I would not expect it to be long before some enterprising teenage hacker produced a “spoofing” device.
Facebook and other social-media sites have said that authenticating age is difficult, even with technology. A Consumer Reports survey in 2011 estimated that 7 million preteens are on Facebook.
It’s not difficult; it’s effectively impossible.
The other thing that all of us, kids and adults, need to remember is how businesses like Facebook work. It may seem, as you sit perusing your friends’ postings, that you are a customer of the service. But the customers are actually the advertisers who buy “space” on the service, which has every incentive to provide the customer with as much personal information as possible, in order to make ad targeting more effective, thereby supporting higher ad rates. When you use Facebook, or other similar “free” services, you are not the customer — you are the product.
Leave a Comment » | Education & Teaching, Internet, Security | Tagged: child protection, Facebook, Instagram, privacy | Permalink
Posted by Rich
Not wishing, apparently, to be left out of the Patch Tuesday festivities, Mozilla today released the next major version, 21.0, of its Firefox browser for Mac OS X, Windows, and Linux. This version fixes eight security vulnerabilities, three of which Mozilla rates as critical. The new version also incorporates some new features, including:
Further information on the new version is available in the Release Notes. You can download installation packages, in a variety of (human) languages.
Mozilla also released a new version, 17.0.6, of its Thunderbird E-mail client, for all platforms. The new version provides an update to the Twitter API is uses, and also fixes six security vulnerabilities, three of which Mozilla rates as serious. Further information is available in the Release Notes. You can download installation packages for all languages and platforms.
Because of the security content of these releases, I suggest updating your systems as soon as it’s convenient.
Leave a Comment » | Software, Security Patches, Internet | Tagged: Firefox, Linux, Mac OS X, Mozilla, Thunderbird, Windows | Permalink
Posted by Rich
As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches. This month there are ten bulletins, addressing 32 identified vulnerabilities. Two bulletins have a Critical severity rating, and the remaining eight are rated Important. Five of the bulletins are for Windows and its components; every supported version of Windows is affected, and all desktop versions have one or more Critical vulnerabilities.
The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products. There are three bulletins for Microsoft Office and its components (including Word Viewer). Microsoft Lync has one bulletin, and there is one for Windows Essentials.
Microsoft says that three of the Windows bulletins will definitely require a system reboot, and the others may require one, depending on the configuration of your system.
For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for May 2013.
As usual, I recommend applying these patches to your systems as soon as you conveniently can.
The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.
According to the folks at the SANS Internet Storm Center, one of these bulletins, MS13-038, which applies to Internet Explorer 8, fixes a vulnerability that is being exploited currently.
Leave a Comment » | Internet, Security Patches, Software | Tagged: Lync, Microsoft, Office, patch Tuesday, releases, server software, Windows, Windows essentials | Permalink
Posted by Rich
As expected, Adobe has released new versions of its Acrobat and Reader software, incorporating critical security updates. There is also a critical update for Flash Player, though this was not included in the preview announcement.
The updates for Reader and Acrobat address a total of 27 identified vulnerabilities. According to the Security Bulletin [APSB 13-15], the vulnerable versions of Acrobat and Reader are:
The Security Bulletin lists the appropriate new versions for these. Users of Reader or Acrobat on Windows or Mac OS X can get the new version via the update mechanism built into the software, which is set to check for updates automatically by default; to initiate a check manually, choose Help / Check for Updates from the product menu. Alternatively, you can download appropriate Reader updates from these links:
Please see the Security Bulletin for Acrobat update downloads, and for further details.
As noted above, Adobe has also released Critical updates for Flash Player; according to the Security Bulletin [ASPB 13-14], these fixes address 13 identified vulnerabilities. Affected versions of the software are:
Users on Windows or Mac OS X systems should received the update automatically, if they have enabled the option “Allow Adobe to install updates”. Otherwise, they can obtain the new version from the Flash Player Download Center, as can Linux users. Please see the Security Bulletin for Android updates. Google Chrome ships with its own version of Flash Player, and I would expect a new version of Chrome, incorporating these updates, to appear “real soon now”. I’ll update this post when it’s available.
Because they are so widely installed across platforms, Reader and Flash Player have been tempting targets for the Bad Guys. I suggest that you update your systems as soon as you conveniently can.
According to a post on the Chrome Releases blog, Google is now pushing Flash Player updates for the Windows and Mac versions of Chrome. (Mea culpa: I had forgotten that they had added to capability to update things like Flash without doing a whole new version.)
1 Comment | Internet, Security Patches, Software | Tagged: Acrobat, Adobe, Android, Flash Player, Linux, Mac OS X, Reader, Windows | Permalink
Posted by Rich
You are currently browsing the archives for the Internet category.
Subscribe to feed (Copy the URL into your feed reader.)
Random Walks (Weblog) by Rich Gibbs is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
