|
| Delaware PC Help News |
|---|
| 12/09/09 | | Adobe fixes critical Flash Player flaws | | Adobe on Tuesday patched seven vulnerabilities in Flash Player, six of them for critical bugs that hackers could use to hijack Windows, Mac or Linux machines.
The company also announced it will stop issuing Flash security updates for some Mac users next year.
In a security advisory published Tuesday, Adobe briefly spelled out the vulnerabilities, using the phrase "could potentially lead to code execution" in six of the descriptions. Like Apple, and unlike Microsoft, Adobe does not assign bugs a severity or threat rating. Vulnerabilities that can be used to introduce malicious code, however, are considered the most serious -- and get the highest rating from vendors such as Microsoft.
Yesterday's update was the first for Flash Player since late July. Although Adobe committed earlier this year to releasing security fixes every three months for its Adobe Reader and Adobe Acrobat software, Flash Player remains on an ad hoc schedule.
Even so, Adobe piggybacked the Flash Player security patches with the six updates that Microsoft released the same day for Windows, Internet Explorer (IE) and Office.
The update to Flash Player 10.0.42.34 fixed data injection and integer overflow vulnerabilities, patched a pair of memory corruption bugs, plugged a hole in JPEG image parsing and resolved "multiple crash vulnerabilities," the company's advisory said.
It also addressed a bug in the Flash Player ActiveX control for IE that could be used to pilfer information, said Adobe, which credited a Microsoft researcher with reporting the problem. Microsoft and Adobe have been collaborating on security issues for months, part of the former's long-term plan to beef up the security of the Windows ecosystem by helping major third-party developers, such as Adobe, find and fix flaws.
The paucity of information included in Adobe's advisory, however, rankled at least one security expert. "Overall their security advisories are on par with Apple's," said Andrew Storms, the director of security operations at nCircle Network Security. "Well actually, I might have to give Apple a few notches up over Adobe," he added, referring to Apple's reputation for terse descriptions of the vulnerabilities it patches in Mac OS X.
Adobe also had some problems getting out the update yesterday, the day it had promised last week it would deliver the Flash Player patches. "The flash player bulletin will be up soon. The team is working through a few final checks," said Brad Arkin, Adobe's director for product security and privacy, on Twitter late Tuesday. Adobe released the update around 4:30 p.m. PT.
Flash Player 10.0.42.34 for Windows, Mac and Linux can be downloaded from Adobe's Web site. Alternately, users can use Flash's built-in automatic update mechanism to grab the new versions.
Also on Tuesday, Adobe announced plans to drop Flash Player security support next year for Mac owners whose machines run PowerPC processors. "Adobe will be discontinuing support of PowerPC-based G3 computers and will no longer provide security updates after the Flash Player 10.1 release," said Adobe in the same advisory that spelled out the seven patches. "This unavailability is due to performance enhancements that cannot be supported on the older PowerPC architecture."
After Flash Player 10.1, which is slated to ship in the first half of next year, Adobe's newest software will run only on Intel-based Macs.
| | Computerworld | | spacer | | 12/09/09 | | Facebook privacy changes draw mixed reviews | | IDG News Service - Facebook's revamped privacy settings will push more user data onto the Internet and, in some cases, make privacy protection harder for Facebook users, digital civil liberties experts said.
While acknowledging that many of the changes unveiled Wednesday will be good for privacy, Electronic Frontier Foundation (EFF) Attorney Kevin Bankston said the social-networking giant is also removing some important privacy controls that it should have kept.
"I think you're better off in some ways and worse off in some ways," he said. "It's really a mixed bag."
Ari Schwartz, chief operating officer of the Center for Democracy and Technology, offered a similarly mixed review. According to him, giving people more control over who sees their individual posts is a good thing, but the new default privacy settings will push a lot more information into the public realm. That "actually has a negative effect on privacy," he said.
Bankston was more forthright in an EFF blog post.
"Our conclusion? These new 'privacy' changes are clearly intended to push Facebook users to publicly share even more information than before," Bankston wrote. "Even worse, the changes will actually reduce the amount of control that users have over some of their personal data."
Facebook began rolling out its new privacy settings Wednesday, responding to critics who had said the existing system was needlessly complex and frequently ineffective. By simplifying the way privacy is set up, Facebook says it will improve its users' privacy.
"Numerous settings and complicated options can make it harder for people to make informed decisions about their privacy or about the Facebook experience they want," said Elliot Schrage, Facebook's vice president of communications, public policy and marketing, in a press conference.
To date, between 15 and 20 percent of Facebook's 350 million users take the time to adjust their privacy settings. But with the changes unveiled Wednesday, all users will have to go through a privacy configuration wizard to set their preferences.
Critics say that's where the problems start.
Users who had not previously selected their own privacy settings, and who now go with Facebook's default settings, will be publishing their status messages and wall posts to everyone on the Internet. That will mark a change for most users because until now, Facebook's default settings restricted this material to friends and people within a person's network.
The change will be most noticeable to people who used the default settings in the past and decide to stick with Facebook's new defaults, Schwartz said. "If you haven't set your settings in the past, you'll probably be surprised by what happens," he said. "You'll probably show up in Google."
The EFF's Bankston said some information that could previously be kept from the public -- profile pictures, for example -- will now be publicly available no matter what. Facebook does give users the option of removing this type of information from search engines, however, making it harder for someone who is not connected to a user to view it.
Facebook has also eliminated a privacy option that blocked personal information from being shared via the Facebook API (application program interface). "This is perhaps one of the biggest problems," Bankston said. "Without using any apps at all, your information will be shared with hundreds if not thousands of Facebook application developers by virtue of your friends choosing to use apps," he said.
Facebook is ditching this option because it was not widely used, and contributed to the complexity problem Facebook is trying to tackle, a company spokesman said. "The controls had become too complex," he said. "People were not exercising control because they were overwhelmed by the choices."
Approximately 350,000 people presently block the Facebook API from accessing their data, he added. That's just 0.1 percent of Facebook users.
A large part of Facebook's problem stems from the company's decision to remove networks, which in some cases had grown too large to be meaningful. However, Schwartz said, they did give users a way to post information without sharing it with the world at large.
Now the world at large is going to get a much better look at Facebook than ever before.
(Juan Carlos Perez in Miami contributed to this story.) | | CNET | | spacer | | 12/05/09 | | Iran Internet access down pre-protests, report says | | Two days ahead of a new round of planned protests against Iranian President Mahmoud Ahmadinejad, Internet access in the nation's capital is largely down, according to Agence France Presse.
Sources close to Iran's technical services say the cut to Tehran's outside access was the result of "a decision by the authorities" and not a technical breakdown, the news agency reports. Telecommunications ministry officials were unavailable for comment.
Protests are scheduled Monday to mark Student Day, the anniversary of the December 6, 1953, killing of three of University of Tehran students by Iranian police. The students were protesting then-U.S. Vice President Richard Nixon's visit, which followed the CIA-sponsored overthrow of Iranian Prime Minister Mohammad Mosaddeq.
As the nation gets ready to mark the annual day of remembrance, several Web sites have reported that Iranian opposition groups are preparing to hold fresh protests against Ahmadinejad. Scores of arrests have already been reported in advance of Student Day.
Since widespread post-election upheaval broke out in June amid charges of government vote-rigging, Internet lines, texting, and even mobile phone service have been cut or scrambled. But the weekend's Internet outage marks the first such occurrence to take place this far in advance of protests, AFP reports.
| | CNET | | spacer | | 12/03/2009 | | The yogurt makers of tech: Gadgets to avoid | | Cisco's release Tuesday of the Flipshare TV brought to mind other overpriced single-purpose devices that have cluttered my computer desk and stereo rack over the years. Like the over-specific kitchen appliances you use once or only once in a while and don't really need in your life (yogurt makers, margarita mixers, hot-dog toasters), there are plenty of technological products that are better at taking up your space and money than providing ongoing value.
Here are my top categories of tech yogurt makers:
TV media viewers
Worst example: The Microsoft TV Photo Viewer. Released in 2001, this was a floppy disk drive with a TV output. It was for viewing digital photos on a TV. Of course, if you had a digital camera and a computer, you already had a good way to view photos, and at a better resolution than the TVs of the day. But with the TV Photo Viewer, you could set your parents up with a viewing station for your digital photos.
Great--but then you had to teach them how to use it, make sure it stayed connected to their TV, and worse, crunch your photos down to fit on a floppy and get said floppy to them so they could see the pictures. I tried to set one of these up for my mother. She rolled her eyes and said, "Just mail me the snapshots, dear."
Also in this category, the aforementioned Flipshare TV, a $149 device whose main function can be duplicated by a $0.31 HDMI cable. For that matter, the Flip camera itself is a bit of a one-trick pony. Sure, it's easy to use, but a standard digital camera will also take videos. I have a Flip camera myself and I do love it--in theory. But when I leave the house, I don't want to take a video camera that duplicates only one thing that my point-and-shoot digicam does (and without a zoom lens, no less), so the Flip stays home almost all the time.
Related: The Sandisk Take TV, which was a bunch of wires and parts that let you watch videos stored on SD cards on your TV. It was a great product for all those illegal vids you got from BitTorrent. It, like the the TV Photo Viewer, is no longer sold.
Other gizmos for your parents
There are more products that seem to exist to tell your parents that they're technological klutzes. The Presto printer, from 2006, comes to mind: It's an HP-sourced photo printer that prints only what you, the loving child, sends to it over the Internet. It can't print from a local computer, and there's a monthly service fee to be able to send to it. Eventually you will grow tired of the one-way sending of photos and articles to the printer, and replace it with a real computer so your loved ones can communicate back to you. Hopefully you'll still have money left for the computer after paying the monthly fee to use the Presto.
My co-worker Molly Wood thinks digital photo frames fall into this category, since nobody ever bothers to update them after they're first loaded with images. But I happen to like these devices, and even if they are never updated, they're unobtrusive and have great gift appeal.
Scanners and converters
A device that converts old analog media to new, archivable digital files is a useful thing, but the majority of dedicated consumer scanners and converters (USB turntables, digital slide scanners, business card scanners) are used once for a single project, and then hang around gathering dust.
The consumer-grade scanners and converters, in particular, can be a real drag. Scanning photos and negatives is extremely time-consuming for a shoebox archive of realistic size. When my in-laws asked me for advice on getting a new, low-cost scanner, I advised them to try either buying a good one used and then reselling it quickly, going in with other friends or family all at once, or, better yet, using a scanning service instead. It's not cheap, but time is money. Even if you're retired.
USB desk toys
I actually asked for a computer-controlled USB foam missile launcher for my birthday once. It was fun for about 10 minutes. That was three years ago. It's still in my office, gathering dust, shooting no missiles. These little toys make fun gifts, but who wants to take up a valuable USB port and load up poorly-written software just to poke out the eyes of nice people who come to visit? I was misguided. This is a dumb idea.
Rewinders and cleaners
Once the VHS era started to wane, the hopes and dreams of companies making tape rewinders faded too. DVDs and CDs, sadly, need no rewinding. Then the companies realized that they could take their one-trick-pony appliance chops and make disc cleaners. These gizmos do the same thing as a soft cloth dampened with water and a few drops of soap--but unlike the homebrew solution, they can't also wash your eyeglasses. You don't need one.
One-trick wireless gizmos
TwitterPeek. Need we say more? In a world of marvelously competent multifunction mobile devices that make calls, browse the Web, play games and music, and run apps, you can now also spend money for a device that only does one thing--poorly. Just don't.
Some wiseacres here at CNET suggested I add mobile phones that only make phone calls into this list. I'm on the fence on that. Despite what I said about the Presto printer, there's a mobile phone designed for simplicity, the Jitterbug, that I can see making sense for some people.
To conclude: I'm in favor of simplicity and focus--in gadgets and in software. But even simple, focused devices can add complexity to our lives if we load up on too many of them.
| | CNET | | spacer | | 12/03/2009 | | Microsoft's Bing goes down | | In what could be a blow to its image, Microsoft's main Bing search site suffered through an outage on Thursday evening.
Visitors to Bing.com were getting a browser error message rather than a search bar. Service was down for at least 45 minutes before being restored around 7:10 p.m. PST.
Microsoft acknowledged the issues it on its Twitter feed and said it was looking into the matter but offered no explanation.
A Microsoft representative did not immediately return an e-mail seeking comment.
The outage comes after a big week in which Microsoft announced new search abilities for Bing as well as improved mapping.
| | CNET | | spacer | | 12/01/2009 | | Windows 7 steals biggest chunk of share from XP | | Microsoft's Windows ran to stay in place last month as Window 7's market share gains made up for the largest-ever declines in Windows XP and Vista, data released today by Web metrics firm Net Applications showed.
By Net Applications' numbers, Windows 7's gains were primarily at the expense of Windows XP. For each copy of Vista replaced by Windows 7 during November, more than six copies of XP were swapped for the new OS.
Meanwhile, Apple's Mac OS X lost share during November.
But it was Microsoft's ability to retain its share in the face of record slumps in its older editions that was the news from Net Applications. Even though Windows XP lost 1.45 percentage points to end November with a 69% share, and Vista fell 0.2 percentage points to 18.6%, Windows kept its total operating system share at 92.5%, the same as in October.
The declines in XP and Vista were both records in Net Applications' tallies, which because of a change in methodology instituted last July go back only two years. For Vista, November marked the second time in three months that the often-maligned operating system lost share. That trend, if accurate, means that the 2007 operating system has peaked, and will now, like XP before it, begin a slow, inexorable decline as it is replaced by Windows 7.
Give Windows 7 all the credit for holding Microsoft's line. In the first full month after its Oct. 22 public launch, Microsoft's newest operating system increased its share by 1.8 percentage points, ending November with 4%, more than enough to make up for the losses by XP and Vista.
Windows 7 has been on a share roll since it debuted, according to Net Applications. Less than three weeks after its release, Windows 7 had acquired a slice of the OS pie that it took Vista five months to reach.
Neither XP nor Vista will vanish overnight if Net Applications' data is any indicator. Currently, about three of every four Windows PCs runs XP, while one-in-five runs Vista. Only about one in every 23 Windows systems is powered by Windows 7.
Almost as unusual as Windows remaining in place was the Mac OS X's dip. By Net Applications' estimate, Apple's operating system finished November with 5.1%, a decline of 0.16 percentage points, the largest since February 2009 and only the third negative number this year. Most months, Mac OS X gains ground on Microsoft, albeit by small margins: Over the last 12 months, Apple's OS has increased its share by an average of less than 0.1 percentage points.
Linux, on the other hand, came up a winner last month, returning to the 1% share mark for the first time since July. Linux's all-time high in Net Applications' rankings was May 2009, when it nearly reached 1.2%.
Net Applications measures operating system usage by tracking the machines that surf to the 40,000 sites it monitors for clients, which results in a pool of about 160 million unique visitors each month. It then weights share by the estimated size of each country's Internet population.
November's operating system data can be found on Net Applications' site.
| | Computerworld | | spacer | | 12/01/2009 | | Microsoft denies blame for 'black screens of death' | | Microsoft today denied that its November Windows updates are causing a widespread "black screen" lock-out of users' PCs.
"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that are resulting in system issues for some customers," Christopher Budd, Microsoft's security spokesman, said in an e-mail. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports."
The report Budd referred to stemmed from a blog post by U.K.-based security vendor Prevx last week that claimed recent Windows updates changed Access Control List (ACL) entries in the registry, preventing some installed software from running properly. The result, said Prevx, is a black screen, sometimes dubbed "black screen of death" in an allusion to the "blue screen of death" that Windows puts up after a major system crash.
Since that initial report, Prevx has called out a pair of updates, one in late November and the other from last July, as the cause of the black screen lock-out.
"The conditions under which the actual black screen is triggered are spasmodic," admitted Dave Kennerley of Prevx's support team in an update to the original blog post of last week. "Some test systems always trigger the condition, others are less consistent. The windows patches which seem common to the issue arising are & KB915597 and KB976098."
Kennerley's use of the word "spasmodic" is a turn-about from his initial post of last Friday, which was headlined "Black Screen woes could affect millions on Windows 7, Vista and XP."
Searches of Microsoft's support forums by Computerworld have found only one "black screen" thread with posts from last month. Since yesterday, several additional users have reported that their PCs have been afflicted with a black screen.
"Received a patch on Nov 24 or 25. Upon reboot the computer has a totally black screen," said a user identified only as "General Zod" in a message added to the thread around 2:30 p.m. ET today. "Not even the BIOS startup stuff appears."
Kennerley also said that the flaw was in the WinLogon Shell registry entry for Explorer.exe, the name of Windows' file manager. "The entry exists perfectly in the registry but is unusable/inaccessible and is therefore ignored by the OS resulting in the desktop and task bar not being loaded," Kennerley added.
Some outsiders were skeptical today of Prevx's contention that the black screen problem was due to the two updates Kennerley cited. Rafael Rivera, who writes the Within Windows blog -- and most recently took Microsoft to task for lifting code from an open-source project for the company's Windows 7 USB/DVD Download Tool (WUDT) -- said his investigation pointed toward November's Malicious Software Removal Tool (MSRT) update. MSFT, which is upgraded and delivered to users automatically via Windows Update, detects and deletes malware that Microsoft has identified as pervasive and dangerous.
"Those particular updates don't, gleaned from limited testing, touch the Shell registry entries," said Rivera in an interview conducted via instant messaging today. "I believe the only update that touched this part of the registry recently is the Malicious Software Removal Tool for November."
Rivera pointed to one of MSRT's two malware detection updates last month as the most likely culprit.
But Microsoft was adamant that it was not at fault for any black screens.
"We've conducted a comprehensive review of the November security updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November," Budd added. "That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don't believe the updates are related to the 'black screen' behavior described in these reports."
Budd also said that Microsoft's technical support teams are "not seeing 'black screen' behavior as a broad customer issue."
| | Computerworld | | spacer | | 11/30/2009 | | Latest Microsoft patches cause black screen of death | | IDG News Service - Microsoft's latest round of security patches appears to be causing some PCs to seize up and display a black screen, rendering the computer useless.
The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.
Prevx was alerted to the problem by users of its security software last week, Morris said. Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar.
However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren't aware of the changes and don't run properly, causing a black screen, Morris said.
Security applications seem to be particularly affected. Morris said users of other security products have also complained about the issue, even going so far as trying to reinstall the operating system to fix it.
"If you've got this problem, it's massively debilitating," Morris said.
Prevx has released software that fixes the registry to match the ACL settings, which should resolve the problem, Morris said. Users could do this on their own by modifying their registry settings, but making alterations to those settings is risky since it can severely affect how the operating system runs.
On Nov. 10, Microsoft released 15 patches for vulnerabilities in Windows, Windows Server, Excel and Word.
Morris said Microsoft was likely just trying to fortify the security of the operating systems when it inadvertently made the error in its patches. "It's one of those things that happens from time to time when you have a dynamic operating system," he said.
Morris said his company hasn't contacted Microsoft yet but will send the company a copy of the software fix.
Prevx has more detail on the issue on its blog and posted the software fix, which is free.
Windows has at least 10 different issues that could potentially cause a black screen, wrote Dave Kennerley who works in support for Prevx.
"Our advice is try our tool first," Kennerley said. "If it works, great. If it doesn't, you are no worse off."
Microsoft officials could not be immediately reached for comment.
| | Computerworld | | spacer |
|
