eWorld Translations

According to security and vulnerability research company Secunia, a typical home user who is running Windows is facing the “unreasonable” challenge to patch one software or another every five days.

In the last week of January, of the users who ran Secunia’s Personal Software Inspector (PSI) application, half had at least 66 programs from more than 21 vendors on their machines, resulting in the need to master 22 or more different patch mechanisms.

While Secunia’s Chief Security Officer, Thomas Kristensen, is calling for software vendors to create a unified patching standard, he is not holding his breath for this to become a reality any time soon.

Therefore, the company is releasing a technical preview of PSI 2.0 which will include automatic updating functionality reminiscent of what Microsoft provides for Windows and other software. Their patch tool eventually will handle 70-80% of the software on consumers’ Windows machines.

You can read more about Secunia’s PSI findings in their white paper.

We’ll gladly help you to review and update your computer’s configuration, your security mechanisms and your policies. Contact us today.

Last week, Skype released version 4.2 of its Voice-over-IP (VoIP) and instant messaging client software, available for download here.

Among the new and improved features are

• Improved first-time user setup flow
• Call Quality Indicator
• Call Transfer
• Improved importing of contacts from other address books
• Client alerts
• Improved video quality in low bandwidth conditions
• Support for 720p video calls with the new encoding web-cameras that will be available soon
• Incoming authorization requests are now shown when a user returns to Skype after having been away for a while
• The Video call button is now always visible, even if there isn’t a web camera detected
• The default privacy settings for Instant Messages were changed from “anyone” to “people in my contact list only”
• The localization of Arabic and Brazilian Portuguese was also improved

For additional details as well as a comprehensive overview of known issues, please consult the release notes.

If you would like some help setting up and/or configuring Skype or to discuss your communications needs, contact us today.

A flaw in Adobe’s Download Manager (DLM) exposes users to the installation of arbitrary software on vulnerable Windows systems.

While the DLM ActiveX control and the corresponding Firefox plug-in under Windows normally is not installed permanently on personal computers, it stays on the system and remains active until said computer is rebooted.

The culprit is that Adobe’s DLM tells users what it is downloading but does not ask for permission before installing the download(s) on Windows XP computers. Under Windows 7 and Vista, on the other hand, the UAC steps in, requesting confirmation of the intention to install.

The aforementioned situation arises for example when a user has installed an update to the Adobe Flash Player, Adobe ShockWave, Adobe Reader or any of the other Adobe products.

If  you would like us to help you assess your exposure to these and other vulnerabilities, and to discuss and implement tools, policies and procedures to remedy them, contact us today.

Using a technique demonstrated last week by Ashley Towns, a 21-year-old unemployed Australian programmer, as a self-described “prank,” hackers have started pillaging personal and business data from jailbroken iPhones.

The vulnerability in question consists of the unchanged default password of the Secure Shell (SSH) Unix utility that users installed while or after jailbreaking their phone. SSH allows users to connect to their iPhone through an encrypted channel remotely over the Internet or a local area network (LAN).

Given that this “vulnerability” provides the attacker with root (superuser/full) access to the iPhone, various other scenarios are just as likely to occur soon, such as running up phone bills, sending bulk MMS/SMS messages, etc.

Let us help you assure that your valuable data is well-protected. Contact us today.

It seems likely that cyber criminals will soon start to exploit a Windows kernel vulnerability involving Embedded Open Type fonts. Microsoft released a fix for this vulnerability earlier this week.

Please take a few minutes to install this security fix as well as other recommended and security patches available. Otherwise a drive-by attack could exploit the way in which the kernel parses said fonts.

This means no user interaction whatsoever is required on a vulnerable system to become infected, other than visiting a website that contains infected or maliciously crafted content.

To find out more about this Windows Kernel flaw, take a look at the respective Microsoft Bulletin.

If you would like our help in reviewing the status of your present IT environment and assuring that you are well-protected, contact us today.

In the just released version 4.0.4 of its Safari web browser, Apple has fixed a total of seven vulnerabilities (of which two could have resulted in the execution of arbitrary code) and also improved the performance of the browser’s Nitro JavaScript engine.

Apple claims that only the Windows versions of Safari are affected by the critical issues. A specially crafted image loaded by the Safari browser would be sufficient, or accessing a maliciously crafted FTP server.

All Safari users are advised to update their browsers as soon as possible. Safari 4.0.4 is available to download for Windows XP, Vista, Windows 7, Mac OS X 10.4.11, 10.5.8 and 10.6.1.

If you would like us to help you assure that all your applications are at a secure release level and that your computer systems and resources are well protected, contact us today.

Mozilla recently updated its Firefox 3.5 browser to version 3.5.4, fixing 16 security flaws of which 11 were critical, e.g. posing a risk of remote code execution.

While Mozilla also released version 3.0.15, fixing nine flaws of which four were critical, Mozilla still plans to discontinue its support for Firefox 3.0 in January 2010.

For more details regarding the vulnerabilities, see:

• Security Advisories for Firefox 3.5
• Security Advisories for Firefox 3.0

To take a look at the respective release notes, visit:

• Firefox 3.5.4 Release Notes
• Firefox 3.0.15 Release Notes

If  you would like us to help you assure that you are properly protected from these and other vulnerabilities, contact us today.

Microsoft is hoping that its new operating system, Windows 7 will be more appreciated than Vista was.

Some of the criticism surrounding Vista focused on its heavy use of pop-ups by the User Account Control (UAC) security component in their effort to render Vista more secure than previous operating system versions the company had released.

While the UAC feature in Windows 7 is not quite as intrusive, its default settings right off-the-shelf are also not exactly the most secure.

Finding the right balance between usability and security continues to be a challenge both software manufacturers such as Microsoft and users like you and me are faced with.

Even though Microsoft managed to fix the majority of Vista’s flaws, this did not happen in time to repair the operating system’s badly damaged reputation.

As such, Windows 7’s promises of faster boots and fewer clicks to get common tasks taken care of, as well as the fact that it is considerably less “noisy” than its predecessor (meaning, it features fewer pop-ups, warning, notifications and “are you sure …” messages), are likely to entice both users looking for a new computer system as well as those who own a reasonable new one but would prefer a better user experience.

As InformationWeek reminds us, “Microsoft needs the product to be a hit, as Windows sales have slumped badly in recent quarters. The fall of is partly due to the economy and partly as a result of Vista’s unpopularity and inability to run on smaller devices such as netbooks. Given its smaller footprint, Windows 7 fits nicely on most netbooks, according to Microsoft.”

A detailed look at Windows 7, based on the version of the operating system that was released to manufacturing (RTM release), is available here.

If you would like our help in selecting a new computer system, performing an upgrade to Windows 7 and/or assuring that your security measures and settings properly meet your needs, contact us today.

A few hours ago, Mozilla released version 3.5 of its Firefox web browser, providing for performance and session restore improvements while also introducing a new private browsing feature.

For an overview of the new Firefox features watch the video below or click here; to download the new browser click here.

Just bear in mind that some of the add-ons and plugins you are using might not yet have been updated to properly work with Firefox 3.5 and will therefore not work in the new browser until their respective authors have updated them.

So, if any of your add-ons and/or plugins are vital to the way you conduct your business, take a minute to check here whether they will work with Firefox 3.5.

Ever so often it comes in real handy to be able to take a quick screen shot and include it in a document or email.

The traditional approach, still used by a lot of Windows users, is/was to take advantage of the Alt-PrtSc key combination to take a screenshot of the current window or Shift-PrtSc for the whole screen.

Depending on the other tools employed, it might then still have been necessary to paste the screenshot into a graphics program in order to narrow down the actual content that is/was of interest before continuing with the actual processing.

The open source software Greenshot serves the same purpose while being a bit more user-friendly, e. g. by offering a “region mode” upon hitting the PrtSc key and opening the capture in its built-in image editor.

For even more convenience, consider using TechSmith’s SnagIt, which is also Vista certified and offers corresponding ribbons menus. The tool automatically stores screenshots and can also pass them on by means of FTP or email. Its libary knows flags such as “important” and “project”. In addition to filename and date, its search window also displays the application or website depicted in the screenshot. A new mini toolbar allows for post-processing, effects and arrows.