Microsoft cuts support, but XP still going strong

Posted by:
Date: Friday, May 2nd, 2014, 09:55
Category: Microsoft, security, Software, Windows

XP-LogoSupport for the aging Windows XP operating system was dropped as of April 8th, but according to web traffic monitoring, the OS still held a little over 25% of the market share. While that number continues to drop, those same stats show XP to be second only to Windows 7 (nearly 50%) among the list of major operating systems.

As part of Microsoft’s discontinuation of support, they will no longer provides bug fixes, security patches, or other updates to XP. This will leave the 13-year-old OS vulnerable to future security threats. Microsoft began announcing the end of XP support nearly seven years ago to give people plenty of opportunity to migrate to a newer version of Windows, but the entrenchment of legacy business software and other factors are making then transition a slow one.

Are you going to stick with XP now that Microsoft support is gone? Let us know in the comments or on the Facebook page.

 

 

California kills smartphone ‘kill switch’ bill

Posted by:
Date: Friday, April 25th, 2014, 09:55
Category: Apple, Hardware, iPhone, Legal, Mobile Phone, News, security, Software

Back in February, State Sen. Mark Leno (D-San Francisco) and San Francisco District Attorney George Gascon introduced a bill that would mandate the inclusion of a “kill switch” in phones sold in the state of California. If approved, the anti-theft feature would have been required to be preloaded and automatically enabled on all smartphones sold after January 1, 2015, leaving the phone inoperable if stolen. In a statement put out by Leno and Gascon at the time of the bill’s introduction, in San Francisco alone, cell phone thefts make up 66 percent of all robberies. Just over the bridge in Oakland, thefts are even higher to over 75 percent. The statement also said that recovering those phones cost consumers in the US more than $30 billion in 2012.

(more…)

Samsung’s fingerprint scanner not immune to hackers

Posted by:
Date: Thursday, April 17th, 2014, 08:17
Category: Android, Hacks, privacy, Samsung, security

 

samsung_galaxy_s5_official_1_fingerprint_scanner-crop

It was only a matter of time before someone found a weakness in the fingerprint scanner found on the new Samsung Galaxy S5. Too bad Samsung didn’t learn anything from Apple’s experiences with fingerprint hacking. The very same hack that was used to bypass the iPhone 5S’s scanner, that we reported on last September, has now been used to get past the one on the Galaxy S5. The security blog SRlabs has posted a video of a fake fingerprint, which was copied from a photo image and reproduced, being used to unlock a Galaxy S5.

(more…)

Heartbleed bug hits the Internet

Posted by:
Date: Friday, April 11th, 2014, 08:25
Category: Announcement, Hacks, privacy, security, Websites

heartbleedA newly announced bug, dubbed “Heartbleed” has got online companies on the run as they race to patch the insecurity. In spite of all the current fervor however, the bug has actually been around for about two years. It may also be the first wide-scale bug to have its own web page and logo (heartbleed.com). Heartbleed is based on a fault in functionality in the widely used OpenSSL library. OpenSSL is the cryptographic software that protects information being transferred from server to server throughout the internet. It is meant to stop hackers from intercepting secure information such as logins, usernames, passwords, credit card numbers, and other personal information.

(more…)

iPhone Tips: Improving Touch ID accuracy

Posted by:
Date: Tuesday, April 8th, 2014, 09:37
Category: Apple, iOS, iPhone, security, Software, Tips

touchid-iphone5s-fingerprint-sensor-cropSince I was in a fingerprint scanning news mood, I thought it would be a good time to share this tip that I learned recently. Courtesy of iOS 7.1, you can now add additional training to your Touch ID settings in order to improve accuracy. In iOS 7.0.x, the only way to try and improve Touch ID was really to start over, and once it told you that the training was finished, you could opt to continue adding more scans of your finger. In 7.1, Apple made it fairly painless.

(more…)

Safari updated to version 7.0.3

Posted by:
Date: Thursday, April 3rd, 2014, 15:04
Category: App Store, Apple, Mac, Mavericks, Mountain Lion, OS X, security, Software

safari_icoEarlier this week, Apple released an update to Safari bringing it up to version 7.0.3 for Mavericks and Safari 6.1.3 for Mountain Lion and Lion users. The updates are available through the OS X App Store application. You will need to quit Safari, if it is open, in order to complete the update. The following is the list of changes in the update:

  • Fixes an issue that could cause the search address field to load a webpage or send a search term before the return key is pressed
  • Improves credit card auto fill compatibility with websites
  • Fixes an issue that could block receipt of push notifications from websites
  • Adds a preference to turn off push notification prompts from websites
  • Adds support for webpages with generic top-level domains
  • Strengthens Safari sandboxing
  • Fixes security issues, including several identified in recent security competitions

Interesting to note is Apple’s nod to non-Apple sources for the security fixes, although the specify sources are not named.

 

 

Recent security updates make Macs more secure, unless you’re a Snow Leopard user

Posted by:
Date: Monday, March 3rd, 2014, 08:47
Category: Apple, Lion, Mac, privacy, Processors, security, Software

snowleopardEverybody was concerned last week when it was announced that a nasty bug in OS X was leaving Macs vulnerable to attacks that could grab information traveling across shared networks. While it has been confirmed that the bug only affected Mavericks, Apple simultaneously posted security updates for Mountain Lion (10.8) and Lion (10.7), but there was no sign of any security love for Snow Leopard (10.6). This really shouldn’t be a surprise to most people since 10.6 was also skipped when a previous security update was released as well as an update to the Safari browser. The omission of 10.6 from the current update simply confirms that Snow Leopard is no longer on Apple’s radar.

(more…)

OS X 10.9.2 update is out, run don’t walk to Software Update

Posted by:
Date: Tuesday, February 25th, 2014, 16:46
Category: Announcement, App Store, Apple, Installation, Mac, Mavericks, OS X, security, Software

apple_logoAmongst recent criticism about Apple’s failure to fix an SSL security flaw in OS X, and recently patched on iDevices with iOS 7.0.6, today they released the OS X 10.9.2 update which is available via the App Store app. There was a long list of application updates and system fixes, but noticeably absent in the list was mention of the specific SSL security hole that has been dominating the news recently. The good news is that several sources confirm that there is indeed a fix for it present in the update. This one is pretty important, so it is strongly recommended that you apply the update sooner rather than later…like now would be a good time. Apple historically does not like to confirm or draw notice to security issues in software, especially not ones that have been around longer than they should have been, which probably accounts for this. Apple’s official page on the update is here, but a list of items is included below.

My personal recommendations for applying system updates;

  1. Make sure you run a backup, or that Time Machine has done so recently
  2. Close all running apps (except the App Store of course)
  3. Open Disk Utility and perform a Repair Permissions, the close Disk Utility
  4. Install the update
  5. Once the Mac applies the update and reboots, run Repair Permissions again
  6. Go get some coffee

(more…)

If you thought Google+ was a joke, maybe the joke was on us

Posted by:
Date: Monday, February 24th, 2014, 08:25
Category: Google, privacy, security, Services, Social

google_plus_04Are you an avid Google+ user? Yeah, me neither, but there are still a few people who seem to actively use it, if for no other reason than to advertise their blog posts. I think for me personally, it was just one social network too many, too late. I was already on Twitter, Facebook, Path, and occasionally Instagram and Tumblr. There was no room for Google+ and I think it dropped off most people’s radar for similar reasons. There was also that nasty business shortly after the launch of Google Buzz (now buried under a rock somewhere) where ALL your contact data on Google was automatically shared with everybody. That probably didn’t exactly encourage people to use a new, similar service.

(more…)

Critical update for Flash released

Posted by:
Date: Thursday, February 6th, 2014, 09:56
Category: Hack, Mac, Malware, News, security, Software, Windows

adobe-flash-playerEarlier it was Java, now it has been discovered that Adobe’s Flash software also has a vulnerability that gives complete control over compromised systems to hackers. This vulnerability, fixed in the just released version 12.0.0.44, affects Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux, although Linux was listed as having a lower priority rating. Adobe has detailed the problem in a security bulletin. All users are recommended to update Flash on their computers, as well as Google’s Chrome browser which has it’s own Flash component. The version of Chrome that includes this fix is 32.0.1700.107 and should update this automatically, but you may have to restart the browser for the correct version to register in the “About Google Chrome” window. If you want to check which version you are running before going through the update process, you can go to this page on Adobe’s site. You can download OS specific installers from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply two Flash updates, one for IE and one for any alternative browsers (Firefox, Opera, e.g.). Both updaters can be found on the download page. On a Mac, if you already have Flash installed, you can also go to the Flash Player settings in System Preferences and click on the Check for Updates button in the Advanced tab. Our friends at Kaspersky Labs make another appearance in the Acknowledgements of the security bulletin where Adobe thanks them for discovering the vulnerability;

“Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:

Alexander Polyakov and Anton Ivanov of Kaspersky Labs (CVE-2014-0497)”

So if you’ve got the time now, and you probably should make the time, get those updaters downloaded and installed. Almost makes you want to remove both Java and Flash doesn’t it?