Service and Support
The U.S. Department of Homeland Security has issued a warning to remove Apple’s QuickTime for Windows. The alert came in response to Trend Micro’s report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows.
Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned, and remote attackers could take control of a victim’s computer system. US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center.
“We alerted DHS because we felt the situation was broad enough that people having unpatched vulnerabilities on their system needed to be made aware,” said Christopher Budd, global threat communication manager at Trend Micro. The only mitigation available is to uninstall QuickTime for Windows,” US-CERT’s alert said.
Instructions from Apple can be found here: https://support.apple.com/en-us/HT205771Apple has not discontinued security updates for QuickTime on Apple computer systems – just Windows based systems. It is not clear why Apple made the decision to end Windows support.
Zero Day Warning
Trend Micro’s Zero Day Initiative learned about the vulnerabilities from researcher Steven Seeley of Source Incite, who is named in the warning. ZDI then issued advisories detailing the critical vulnerabilities:
• The Apple QuickTime moov Atom Heap Corruption Remote Code Execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime. The problem first came to ZDI’s attention late last year. The number of users at risk is unknown at this time.
• The QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability allows an attacker to write data outside of an allocated heap buffer by providing an invalid index.
Software makers regularly retire applications, so it’s not unusual that QuickTime would be vulnerable. However, it was odd that Apple did not issue a public statement about ending its support for QuickTime for Windows and that the software was still available for download.
Increasing Software Vulnerability
QuickTime joins a growing list of software that is not supported any longer. That list includes Microsoft Windows XP and Oracle Java 6, which means users of those operating systems increasingly will be vulnerable to attack.
DHS didn’t have any comment to add to its alert, said spokesperson Scott McConnell, who referred questions to Apple. Apple did not respond to requests to comment for this story.
The warnings come amid recent reports about computer system vulnerabilities, including one issued just a few days ago about a vulnerability in Adobe’s Flash Player that could leave computers open to ransomware, which can lock up entire systems until an attacker is paid to release control.
Do you own an older Kindle that’s been gathering dust? Get it updated before March 22 or you won’t be able to get online and download your books any more.
This is pretty much their final warning: If you have a Kindle, you need to update it before March 22 or it’s going to lose Internet connectivity.
That outcome would be very bad, because without the update you’ll no longer be able to access the Kindle Store or sync your device with the cloud, not to mention any other Kindle services you might be using. According to Amazon, the update is required to ensure the Kindle remains compliant with continuously evolving industry web standards.
You’ll know if your Kindle didn’t get updated in time because you’ll see the following message on your device: “Your Kindle is unable to connect at this time. Please make sure you are within wireless range and try again. If the problem persists, please restart your Kindle from the Menu in Settings and try again”
If you’ve been using your Kindle regularly then it’s most likely going to be fine. Kindles will update automatically via Wi-Fi, but if the device has been turned off or out of battery for a while, charge it up and make sure you Sync and Check for Items.
When the update has been applied you’ll find a confirmation letter called “03-2016 Successful Update” on your device. You can check for it by viewing all Recent items in your Kindle Library.
The following devices don’t need the update:
Kindle Paperwhite (6th and 7th generation)
Kindle 7th Generation
Kindle Voyage 7th Generation
If you’ve got one of the following, you do need the update:
Kindle 1st Generation (2007)
Kindle 2nd Generation (2009)
Kindle DX 2nd Generation (2009)
Kindle Keyboard 3rd Generation (2010)
Kindle 4th Generation (2011)
Kindle 5th Generation (2012)
Kindle Touch 4th Generation (2011)
Kindle Paperwhite 5th Generation (2012)
Amazon also points out that the Kindle Keyboard 3rd Generation, the Kindle Touch 4th Generation and the Kindle Paperwhite 5th Generation will only update via Wi-Fi, even if you have the 3G connection active.
If you do miss today’s deadline, you’ll need to manually download and install the required update. You can get more information on that process here.
Data Privacy Day – January 28, 2016
Data Privacy Day (DPD) is an effort to empower people to protect their privacy, control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Held annually on January 28th, Data Privacy Day aims to increase awareness of privacy and data protection issues among consumers, organizations, and government officials. DPD helps industry, academia, and advocates to highlight consumer privacy efforts.
Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on Jan. 28.
Data Privacy Day is led by the National Cyber Security Alliance, a non-profit, public private partnership focused on cyber security education for all online citizens. StaySafeOnline.org has many resources to help you, your family and your business stay safe online.
Free Security Check-Ups Check your computer for known viruses, spyware, and discover if your computer is vulnerable to cyber attacks.
Check Your Privacy Settings One-stop shop for easy instructions to update your privacy settings wherever and however you go online.
Parent Resources Information regarding cyberbullying, child identity theft, Facebook for parents, social networking, etc.
Educator Resources Prepared educational materials for the classroom, K – 12th grades.
Business Resources Informational resources for businesses regarding bring your own device, information security, document destruction, compliance, data breach, and risk management. https://www.staysafeonline.org/data-privacy-day/business-resources
Privacy and Domestic Violence Resources for domestic violence survivors and victims to help safeguard the privacy of their personal information.
I’m always happy when one of my favorite FREE apps gets a major update. Even though I have built in navigation in my car, I always use and actually prefer Waze when I travel. I don’t worry about renting a car with a GPS to get around in an unfamiliar city or state – I simply plug in my iPhone, fire up Waze and type in my destination. Long gone are the detailed state highway maps and TripTik’s of my youth.
Waze, the navigation app that uses crowdsourced data to warn drivers about incidents on the road has just completed its biggest update since being acquired by Google over 2 years ago.
Yesterday, Waze launched a major update for its popular turn-by-turn navigation app. The entire user interface has been revamped for “higher visibility and clarity,” while still retaining the colorful, almost cartoonish appearance that has become its signature. It’s still bold and bright, but is noticeably less cluttered than before. Version 4.0 also adds a new ETA panel that puts traffic reports, alternate routes, and other useful options just one tap away.
Waze will also now give you a heads up about certain accidents before you even get in the car. The “smart calendar” feature will alert users when road incidents are likely to impact the day’s schedule, giving you the chance to leave earlier and minimize delays.
And last, Waze claims to have made significant improvements to battery consumption; the app will now use less of your phone’s charge to get you from place to place. Most people probably have their phones plugged in when driving around, so this is one change that may go unnoticed by many of Waze’s users.
And there are still a lot of Wazers out there, even after Google acquired the app and rolled almost all of its best functionality into Google Maps. Maybe it’s the social element of the app (sharing your ETA with friends, etc.) or the perception that Waze’s traffic alerts are more timely than those in Maps. Either way, it’s good to see a major update that’s a bit more substantial than simply adding yet another celebrity voice. Waze remains a free download, and the latest version is available on iOS now and will hit Android very soon.
Windows 10 is here and it’s faster, smoother and more user-friendly than any Windows operating system that has come before it. Windows 10 is everything Windows 8 should have been, addressing nearly all of the major problems users had with Microsoft’s previous operating system in one fell swoop.
But there’s something you should know: As you read this article from your newly upgraded PC, Windows 10 is also spying on nearly everything you do.
“It’s your own fault if you don’t know that Windows 10 is spying on you.” That’s what people always say when users fail to read through a company’s terms of service document, right?
Well, here is Microsoft’s 12,000-word service agreement. Some of it is probably in English. I’m pretty sure it says you can’t steal Windows or use Windows to send spam, and also that Microsoft reserves the right to take possession of your first-born child if it so chooses. And that’s only one of several documents you’ll have to read through.
Actually, here’s one excerpt from Microsoft’s privacy statement that everyone can understand:
Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
2.Protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
3.Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
4.Protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
If that sentence sent shivers down your spine, don’t worry. As invasive as it is, Microsoft does allow Windows 10 users to opt out of all of the features that might be considered invasions of privacy. Of course, users are opted in by default, which is more than a little disconcerting, but let’s focus on the solution.
First, you’ll want to open Settings and click on Privacy. There, you’ll find 13 different screens — yes, 13 — to go through, and you’ll want to disable anything that seems at all intrusive or worrisome. Most of the important settings can be found on the General tab, though other tabs are important as well. For example, you’ll definitely want to adjust what types of data each app on your system can access.
Next, users should consider dumping Cortana. Yes, the voice-driven assistant is easily one of the best new features in Windows 10, but it also plays fast and loose with your data. As a result, many users will find that the benefits do not outweigh the risks.
To complete the third task, you’ll have to venture outside the confines of your PC and hit the web. Perhaps this is a good opportunity to check out Microsoft’s nifty new Edge browser. In it, click on this link and set both “Personalized ads in this browser” and “Personalized ads wherever I use my Microsoft account” to off. This will disable Microsoft’s Google-style ad tracking features.
The last tip is one that most users will likely skip, as it is a bit excessive. Some users are removing their Microsoft account from Windows 10 completely and using a newly created local account instead. This way, Microsoft doesn’t grab hold of all your data to sync it across machines. To me, that’s a pretty good feature so I’ve opted to keep it.
Here’s another tool in the never ending battle against malware, drive-by and infected webpages – and this one is FREE
CISCO is currently in the process of buying OpenDNS to the tune of $635 million. That means very little to most people who probably haven’t even heard of OpenDNS until today. What’s important here is that even with that market valuation – YOU can still get this valuable service absolutely FREE!
OpenDNS is a company and service which extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering to traditional recursive DNS services.
The OpenDNS Global Network processes an estimated 70 billion DNS queries daily from over 65 million active users across 160+ countries connected to the service through 24 data centers worldwide. Previously OpenDNS was an ad-supported service showing relevant ads when they show search results and a paid advertisement-free service. The free service has since evolved to no longer showing advertisements.
DNS services for personal/home use Back on May 13, 2007, OpenDNS launched a domain-blocking service to block web sites or non-Web servers visited based upon categories, allowing control over the type of sites that may be accessed. The categories can be overridden through individually managed blacklists and whitelists. In 2008, OpenDNS changed from a closed list of blocked domains to a community-driven list allowing subscribers to suggest sites for blocking; if enough subscribers (the number has not been disclosed) concur with the categorization of the site it is added to the appropriate category for blocking. As of 2014 there were over 60 categories. The basic FREE OpenDNS service does not require users to register, but using the customizable block feature requires registration.
Other free, built-in features include a phishing filter and a service called Phish Tank for users to submit and review suspected phishing sites.
The OpenDNS service consists of recursive nameserver addresses as part of their FamilyShield parental controls which block pornography, proxy servers, and phishing sites as well. The service works with any device connected to a single home network after the user makes a simple DNS change in their router. Instructions for making this change in all the popular routers and modem can be found on their support forums link below.
How does OpenDNS work?
- Instantly blocks access to adult websites No complicated configuration FamilyShield is pre-configured to block adult websites across your Internet connection. Just turn it on and go. The filter is always up-to-date, adding new sites 24/7.
- Flexible parental controls that protect every Internet-connected device in your home, instantly. When you set up FamilyShield on your router, every device in your home gets protected. That means everything: your kids’ Xbox, Playstation, Wii, DS, iPad, and even their iPhone.
- Built-in anti-fraud and phishing protection Take the guesswork out of identifying fraudulent sites. FamilyShield automatically blocks phishing and identity theft websites.
- Makes your Internet faster and more reliable Setting up FamilyShield frees you of frustrating, intermittent Internet outages and makes Web pages load faster, which makes your overall Internet connection faster.
Visit the following links for additional information:
The best tool for protecting your kids (or employees) from malware and porn: http://www.techrepublic.com/article/the-best-tool-for-protecting-your-kids-or-employees-from-malware-and-porn/
Getting Started Forums and FAQ’s https://support.opendns.com/home
After nine months of waiting, Windows 10 is almost here. Tuesday night at midnight, Microsoft will release the first full release of Windows 10, the biggest change in PC software in nearly three years. It’s kind of a big deal! We’ve been getting previews of Windows 10 since October, and the rollout of the actual software will happen in stages, but midnight will still be zero hour for answering a lot of the questions that have swirled around Windows 10 since it was first announced. How do you build a single OS for laptops, tablets, and smartphones? Tuesday night, we’ll find out.
First thing’s first: how do you get it? Microsoft is sending out Windows 10 in waves, starting with Windows Insiders and then moving through preorders gradually. The waves are designed to make the release more stable — issues that pop up in one wave can be fixed for the next one — but it means it could be days before you actually get the chance to download the new OS. The good news is that, unlike Windows 8, Windows 10 is designed to work as a straight upgrade, so as long as your computer meets the specs, you should be able to install it right away. Still, we definitely recommend doing a full system backup before you install. If you’ve got Windows 7 or Windows 8, you’ll be able to upgrade free any time in the next year. Otherwise, the official price is $119, although third party sellers like NewEgg are already offering cheaper versions for pre-order, scheduled to ship at the end of the month.
What will Windows 10 look like when it arrives? When Windows 10 does arrive you won’t have to wait days to find out. Many PC magazines and Tech Support forums are going to be putting the OS through its paces as soon as it becomes public, which means Microsoft fans will have a lot to piece through on Wednesday morning.
To start with, there’s a whole new interface to work through. Based on developer previews, Windows 10 seems to be a combination of the best features from 7 and 8, but it also comes with a lot of new ideas that have never been implemented at this scale. Cortana will be everywhere in Windows 10, available in the Start Menu and through voice commands. It’s also the first big stage for Microsoft’s new Edge browser, a fully revamped notification center, and for PC gamers, a deeper Xbox integration than we’ve ever seen before.
The biggest question of all: is Windows 10 ready for prime time? As recently as June, there were still some troubling and persistent upgrade bugs kicking around the developer preview. The Windows team had a lot of sleepless nights throughout June and July to ensure the quality is high across the vast amount of PCs out there. After Vista and Windows 8, there’s a lot of pressure to make sure this launch goes smoothly. Still, we won’t know for sure until Windows 10 goes live on Tuesday.
Finally – will the new Cortana outpace Siri? It seems like Cortana will definitely give Siri a run for the money. Obviously, you’ll need a microphone in order to communicate with Cortana – so if you want to join the voice revolution now would be a good time to pick one up…
Intel has released the world’s smallest Windows PC, a tiny thumb-drive-sized device that converts any television or monitor into a functional computer. Similar to the Google’s Chromecast or Amazon’s Fire Stick, the Intel Compute Stick can be plugged into an HDMI port. Though Intel says the Compute Stick can be used for streaming video, it can also do much more than that. The four-inch Compute Stick comes installed with Windows 8.1, 2 GB of RAM and 32 GB of storage. It connects to the Internet via Wi-Fi, and it has a microSD slot for additional storage if you need it. “It’s everything you love about your desktop computer in a device that fits in the palm of your hand,” says Intel.
Well … maybe not quite “everything”! Your desktop computer probably has a keyboard, a mouse, a lot more storage and RAM, and a much faster processor. But point taken, it is a full-fledged computer that’s the size of a pack of gum. That’s pretty neat. Intel suggests that the Compute Stick be used for “light productivity, social networking, Web browsing, and streaming media or games.” It also said small businesses might use it as an inexpensive computing solution. Microsoft has confirmed that this device will be eligible for a Windows 10 upgrade as well. Originally it was projected to sell for $149.00 but the market is looking like $169.00 right now via Amazon.com.
If you’re looking for a Windows 8 computer experience on your living room TV then the Intel Compute Stick just might be the answer. Just don’t plan on firing up memory and processor hungry 3-D games or animation programs. Get additional information from Intel: http://www.intel.com/content/www/us/en/compute-stick/intel-compute-stick.html CNET Video Review: http://www.cnet.com/products/intel-compute-stick/
LastPass, the Fairfax, Va-based company behind one of the most popular password management tools, announced Monday that it had suffered a security breach. Email addresses, password reminders and authentication hashes were compromised.’
CEO and co-founder Joe Siegrist said on the company blog that the LastPass team detected an intrusion on its systems last week. “We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network,” he wrote. “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
LastPass lets its users store encrypted versions of their passwords for all their online accounts on servers in the cloud, sealing them off behind one master password. The tool offers people the ability to rely on one super strong passcode, rather than having to remember dozens of such codes of across the web.
The LastPass team has urged the users of its service to change their master passwords as soon as possible. It also recommends that its users strengthen their authentication procedures by adding a device-specific step: “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. (Recently, the photo sharing app Snapchat announced that it would adopt two-factor authentication. And the car service Uber is reportedly exploring new verification measures, too.)
LastPass said that “encrypted user data was not taken,” and that “you do not need to change your passwords on sites stored in your LastPass vault.” For those who have reused their master password on other sites, however, the company recommends replacing those passwords.
“We are confident that our encryption measures are sufficient to protect the vast majority of users,” Siegrist wrote in his blog post. “Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email.”
Currently, the website is flooded with inquiries related to the breach. “Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement,” its contact page reads. “Please be patient while we try to respond to your questions and issues as quickly as possible. Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.”
To recap: If you use LastPass, go change your master password immediately and set up two-factor authentication. And if you happen to use the same password to lock your LastPass account that you use to secure, say, your personal email or other online account, you should change that immediately, too.
The wearable technology category has opened the door to several interesting product ideas, one of which is a bracelet that turns your arm into a touchscreen.
Say what? It’s called the Cicret Bracelet (pronounced “Secret”) and it’s currently in development, though you won’t find it hanging out on any crowdfunding sites. Instead, the developers are seeking donations on their own in hopes of raising 700,000 euros (around 760,000 dollars at the current exchange rate) to finish the first prototype.
It’s an interesting design that makes use of a pico-projector and various proximity sensors, the latter of which pick up your gesture actions and commands. Just like a touchscreen, you can tap your forearm and perform touch functions, even when it’s wet (taking a bath, for instance).
Supposedly the device can do anything a phone or tablet can do Daily Mail reports. That includes things like read emails, hop around the web, play games, watch videos, make calls, and more. It’s being built to sync with an iPhone, though it can also function as a standalone device. When the project comes to fruition, it will cost around $475 and come in 16GB and 32GB models in choice of 10 colors.
Cicret.com: Check it out.