Tag Archives: update

Update WebMail Notifier To Version 2.9.11 Fixes Broken Gmail Script

imageMy Firefox add-on, WebMail Notifier, stands head and shoulders above the rest in terms of my productivity or, lack of the same if it  stops working – as it did over-night. The problem was restricted to Gmail – Hotmail and Yahoo Mail were unaffected – still, what a pain!

From the: Why reinvent the wheel files – Geeks, just like everyone else, turn to Google, or….. – in the event that others have experienced the same problem and, a solution has been posted.

Long story short –

Google has initiated a number of changes in Gmail’s log-in address (which they seem to do regularly), that broke the log-in script in WebMail Notifier. Apparently, this Google rollout is taking place over several days – so, it’s possible that if a user has more than one Gmail account, one or more may be impacted, but not others.

I found a number of manual solutions to this problem – all of which worked. However, if you are currently dealing with this issue – you can avoid all the hassle by simply downloading version 2.9.11 of WebNotifier, which corrects the problem.

Download at: WebMail Notifier

Kudos to the add-on developer for jumping on this quickly – again.

3 Comments

Filed under downloads, Email, Firefox Add-ons, Freeware, Gmail

Not Running Secunia PSI? Why Not?

imageDespite the fact that burglaries are at an all-time high in my neighborhood, and despite the fact that the Police regularly caution residents to lock both windows and doors when not at home, one of my close neighbors always leaves at least one window open while she’s out. I have to say – it just boggles my mind.

Throughout the summer she is out of town every weekend and, you guessed it – she still leaves at least one window wide open. Her behavior, not to put too fine a point on it – is idiotic. If you’ve ever wondered why your home owners insurance policy is more expensive than it needs to be, it’s partially due to lamebrains like my neighbor.

Computer systems running insecure and unpatched applications are analogous to the open window in my neighbor’s house, and are a common gateway used by cyber-criminals to infect unaware users’ machines. Worse, unlike the aftereffects of a home burglary, which are rather self evident, a compromised computer can often remain undetected.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you close any “open windows” in your operating system, by keeping your installed applications current and up-to-date. And, Secunia, the leading provider of Vulnerability Intelligence, can help you do just that with its free application – Secunia Personal Software Inspector (PSI).

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

During the install process, you will have an opportunity to select “Auto Updates”. I suggest that you take advantage of this feature.

image

Again, during the install process, you will have an opportunity to select “full changes in the tray icon”. If you have selected “Auto Updates”, as per the previous window, you should select this option.

image

The settings menu provides a full range of adjustments so that you can configure the application to more accurately meet your specific needs.

image

The following screen capture illustrates a security scan in progress. The full scan took under two minutes to complete.

image

According to the scan results, my test machine is 12% more secure compared to non-users of PSI in my local area. This is no cause for celebration though, since the test machine is running two insecure applications. One of which, VLC Media Player, has been a recent target of cyber criminals. Ouch!

image

The following screen capture shows the full test results and you can readily see, that both Adobe Flash Player and the previously mentioned VLC, are both insecure. Adobe Flash Player, dramatically so. Double ouch!

image

Additional data on an insecure program can be gathered by double clicking on the program, as shown in the following screen shot.

image

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how to resolve it.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Application Vulnerabilities, Cloud Computing Applications, Computer Audit Applications, cybercrime, Don't Get Hacked, downloads, Freeware, Recommended Web Sites, Secunia, Software, System Security, Utilities, Windows Tips and Tools

Device Doctor Updates Your Drivers For Free

The following post is an updated version of a previous article published September 3, 2010.

image Still running your computer with outdated system and peripheral drivers? If you are, then you’re not going to get the maximum performance out of your system, or peripherals, that’s just waiting to be unleashed.

Unfortunately, computer products/peripherals are often distributed with under tested device and system drivers which can cause real mayhem – including intermittent system crashes (one of the hardest problems to diagnose), poor system performance, or buggy peripheral performance.

Manufacturers of course, are not slackers when it comes to improving previously released drivers in order to fix bugs, errors and conflicts with other programs, (more common than you may think), or to increase peripheral functionality. For example, nVidia   has just released the second driver update this year, for my video card.

If you want to take a trip on the “Frustration Express” then you can try to update your drivers manually. But, believe me; you’ll be in for a long and frustrating ride.

You’ll start by Googling the driver name, then investigation available drivers, many of which will have a disclaimer stating that it was not written specifically for your system/device; you’ll try it – then delete it, and then your back to Googling again. Repeat the previous frustrating experience as many times as necessary, and you might get lucky.

Fortunately, there are utilities which can make this process more or less, automatic. Unfortunately, there’s more BS associated with free driver download software than virtually any other class of software, except perhaps – antimalware software.

In the last few years I’ve reviewed and rated four such applications (free, at the time of review), all of which morphed into “pay” applications, or instituted highly restrictive policies such as allowing only two driver downloads. Or worse, advising the user of available driver updates, but requiring “cash up front” to enable the download.

Since I needed to do some driver work on a personal system this week, I asked around, and got more than a few recommendations to try Device Doctor. This application proved to be a hit with me – not only because it’s free, but I liked its minimalist approach, and fast download speeds.

The developers are on the record as stating that they will continue to offer Device Doctor as a freeware application. Hopefully, we can count on this.

Running the application is a snap. The following screen capture illustrates the bare bones GUI – just click on “Begin Scan”.

image

The complete scan took less than 5 seconds. Now that’s impressive!

image

Now that you have the new device driver downloaded, you can install at your convenience.

Let me re-emphasize: Be sure to create a system restore point before installing a new driver.

Fast facts:

Provides drivers for every major computer hardware and device manufacturer.

More than 3 terabytes (3,000 GB) of drivers currently in the database.

Constantly updated to include new driver versions as soon as released.

Every driver is human reviewed using specialized compatibility tools.

Designed for Windows XP, Windows Vista and Windows 7.

Thousands of drivers coming in weekly for Windows 7.

Full support for 64-bit systems, as well as 32-bit systems

Provides device names for unknown devices before updating drivers.

Can be used offline – scan results are saved so you can move them to a connected computer and download there.

Updates WHQL (Microsoft certified) and non-WHQL drivers.

Completely free with no adware or malware!

System requirements: Windows XP, Vista and Windows 7 (32 bit and 64-bit compatible).

Download at: the developer’s site (Device Doctor).

Portable version: A portable version is also available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

16 Comments

Filed under 64 Bit Software, downloads, Drivers, Freeware, Software, Utilities, Windows Tips and Tools

Secunia PSI Updated – Version 2.0 Released

imageSecunia has just released (December 20, 2010), Version 2.0 of their award winning vulnerability and patch scanning free application – Secunia PSI.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you keep your installed applications current and up-to-date. Insecure and unpatched applications are a common gateway used by cyber-criminals to infect unaware users’ machines.

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

image

Following the initial scan of two Hard Drives – which took only two and a half minutes, PSI found two end-of-life applications, and one insecure application. The insecure application (VLC Media Player 1.1.14), is currently under attack by cyber-criminals. So, that was a good catch.

image

image

Updating VLC Media Player 1.1.14, was a snap – I simply clicked on “Install Solution”. Boom – done!

image

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

Improvements in Version 2.0.

  • Automatic Updates: Functionality for Auto Updates is now implemented as a core feature in the Secunia PSI.
  • New User Interface: A new User Interface has been implemented. The design has been updated to make it simpler and easy to use the Secunia PSI, as well as improving the overall look and feel.
  • Integration with Secunia CSI: The new Secunia PSI features integration with the commercial Secunia CSI. Secunia CSI customers can learn more about this feature with the release of the Secunia CSI 4.1.
  • Improved Presentation of Scan Result: The presentation of scan results have been significantly improved, using techniques that have been tested during the Technology Preview. The Scan Results are grouped according to their installation and patch state, which in turn makes it simpler to identify the programs that actually requires the latest security patches.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, is quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Cloud Computing Applications, Computer Audit Applications, Don't Get Hacked, downloads, Free Security Programs, Freeware, Malware Protection, Security Rating Applications, Software, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Update Firefox – Firefox 3.6.13 Released – Fixes 11 Critical Issues

imageFirefox 3.6.13 was released by Mozilla on Thursday (December 9), which addresses 13 documented issues, 11 rated as critical – including a vulnerability which can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.

If you haven’t updated your version of Firefox yet, then go to Help – Check for updates. Not all users allow automatic updates and installation – I’m one, as the following (older), graphic illustrates. However, I do allow the update to download.

image

Fixed in Firefox 3.6.13

MFSA 2010-84 XSS hazard in multiple character encodings

MFSA 2010-83 Location bar SSL spoofing using network error page

MFSA 2010-82 Incomplete fix for CVE-2010-0179

MFSA 2010-81 Integer overflow vulnerability in NewIdArray

MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver

MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh

MFSA 2010-78 Add support for OTS font sanitizer

MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree

MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element

MFSA 2010-75 Buffer overflow while line breaking after document.write with long string

MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

For an overview of Browser security add-ons you should consider installing, read – An IT Professional’s Must Have Firefox and Chrome Add-ons, here on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Browsers, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Freeware, Internet Security Alerts, Online Safety, Software, System Security, Windows Tips and Tools

Firefox Update (3.6.12) Fixes Zero Day Vulnerability

image

Yesterday, we reported on a critical zero day vulnerability in both Firefox 3.5, and Firefox 3.6., which could have allowed remote code execution in the Browser.

Mozilla jumped on this issue immediately, and has provided a fix by releasing Firefox version 3.6.12. Firefox 3.5 users, can ensure protection is in place against this vulnerability by updating to version 3.5.15.

If you haven’t updated your version of Firefox yet, then go to Help – Check for updates. Not all users allow automatic updates and installation – I’m one, as the following graphic illustrates. However, I do allow the update to download.

image

For an overview of Browser security add-ons you should consider installing, read – An IT Professional’s Must Have Firefox and Chrome Add-ons, here on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Application Vulnerabilities, Browsers, cybercrime, Don't Get Hacked, downloads, Firefox, Freeware, Malware Advisories, Online Safety, Software, Windows Tips and Tools

How Secure Are Your Software Applications – Not Very, It Seems

Most of us, I expect, are familiar with the expression – If you fail to plan, then you plan to fail. If you accept the findings of Veracode’s second edition of their State of Software Security Volume 2, which reports unfavorable on the security reliability of more than half of the 2,922 web applications tested, you might  wonder if application developers are familiar with this expression.

This report, coupled with the Qualys Vulnerability Report, which I receive weekly, leaves little doubt in my mind that software developers, by and large, need to focus more intently to ensure their applications are appropriately hardened against security vulnerabilities.

The following partial listing taken from the Qualys Vulnerability Report, from several weeks ago, highlights this lack of focus on this point. Frankly, I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the IT security community. It’s as if, application vulnerabilities are a dirty little secret.

Critical Vulnerabilities – Widely Deployed Software

(1) HIGH: Adobe Reader / Acrobat Font Parsing Buffer Overflow Vulnerability
(2) HIGH: Mozilla Firefox Multiple Vulnerabilities
(3) HIGH: Apple Safari Multiple Security Vulnerabilities
(4) HIGH: Google Chrome Multiple Security Vulnerabilities
(5) HIGH: Apple iOS Multiple Vulnerabilities
******************************************************************
Comprehensive List of Newly Discovered Vulnerabilities from Qualys
–  Third Party Windows Apps
10.37.1  – HP Operation Agent Privilege Escalation and Remote Code Execution Issues
10.37.2  – Tuniac “.pls” File Buffer Overflow issue
10.37.3  – Microsoft Internet Explorer CSS Handling Cross-Domain Information Disclosure
— Mac Os
10.37.4  – Apple Mac OS X Mail Parental Control White List Security Bypass Issue
— Linux
10.37.5  – Linux Kernel “keyctl_session_to_parent()” Null Pointer Dereference Denial of Service
10.37.6  – Linux Kernel “IrDA” Protocol NULL Pointer Dereference Denial of Service Issue
10.37.7  – oping Local Information Disclosure
10.37.8  – Linux Kernel “irda_bind()” Null Pointer Dereference
10.37.9  – Linux Kernel “SIOCGIWSSID” IOCTL Local Information Disclosure Issue 10.37.10 – Linux Kernel “XFS_IOC_FSGETXATTR” Information Disclosure Issue
— Novell
10.37.11 – Novell Netware SSH Remote Buffer Overflow Issue
— Cross Platform
10.37.12 – Blackboard Transact Multiple Insecure Password Handling Information Disclosure Issues
10.37.13 – Zope Unspecified Denial of Service Issue
10.37.14 – httpdx “h_readrequest()” Remote Format String
10.37.15 – Techlogica HTTP Server Remote File Disclosure
10.37.16 – Arno’s IPTABLES Firewall IPv6 Detection Remote Security Bypass
10.37.17 – Hitachi JP1/Desktop Navigation Unexpected Data Denial Of Service Issue
10.37.18 – Google Chrome Multiple Security Vulnerabilities
10.37.19 – LDAPUserFolder Emergency User Arbitrary Password Authentication Bypass Issue 10.37.20 – ffdshow “.avi” File NULL Pointer Dereference Denial Of Service Issue
10.37.21 – Squid Proxy String Processing NULL Pointer Dereference Denial of Service
10.37.22 – VLC Media Player “smb://” URI Handler “.xspf” File Buffer Overflow Issue

Veracode’s State of Software Security Volume 2, reveals what may well be the true state of the software we have come to rely on.

The following are some of the most significant findings:

More than half of all software failed to meet an acceptable level of security and 8 out of 10 web applications failed to comply with the OWASP Top 10.

Cross-site Scripting remains the most prevalent of all vulnerabilities.

Third-party applications were found to have the lowest security quality.

The security quality of applications from Banks, Insurance, and Financial Services industries was not commensurate with their business.

Equally as important – 57% of all applications were found to have unacceptable application security quality. Even more troublesome, more than 80% of internally developed and commercial web applications failed to comply with the OWASP Top 10 which is shown below.

OWASP Top

  1. Injection – Examples of injection flaws are SQL, LDAP, HTTP header injection (cookies, requests), and OS command injections.
  2. Cross Site Scripting (XSS) – Malicious scripts are executed in the victim’s browser allowing the attacker to hijack the user’s session, steal cookies, deface web sites, redirect users to malicious web sites, and remote browser control.
  3. Broken Authentication and Session Management – Flaws used against one account may be replicated against an account with higher privileges.
  4. Insecure Direct Object References – Attack occurs when an authorized user can change a parameter value that refers to a system object that they are not authorized for.
  5. Cross Site Request Forgery (CSRF) –  CSRF attacks can complete any transactions that the victim is permitted to perform such as access data, transfer funds or make purchases.
  6. Security Misconfiguration – Attacker exploits unsecured pages, default accounts, unpatched flaws or any other vulnerability that could have be addressed by proper configuration.
  7. Failure to Restrict URL Access – Links can be obtained from: hidden fields, client-side code, robots.txt, configuration files, static XML files, directory access.
  8. Unvalidated Redirects and Forwards – Unvalidated parameter allows an attacker to choose a destination page where they wish to send a victim to trick them into disclosing private information.
  9. Insecure Cryptographic Storage – The most common reason for this attack is that data that should be encrypted is stored in clear text.
  10. Insufficient Transport Layer Protection – Most commonly, this attack occurs when a site does not use SSL/TLS for pages that require authentication where an attacker can monitor network traffic to steal an authenticated user’s session cookie.

The full report in PDF format is available here.

So how do you ensure that your software installations are relatively secure? Unfortunately, there’s no perfect answer – but you can reduce your overall exposure by installing the free  Secunia Personal Software Inspector, (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

Installing this small free application will definitely assist you in identifying possible security leaks.

image

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7

Download at: Download.com

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under Windows Tips and Tools