Archive for February 8, 2013

Facebook and More Privacy Issues…

Posted: February 8, 2013 by IntentionalPrivacy in Privacy
Tags: , ,

Read this article about a new feature that Facebook has in beta. If you value your privacy–even if you don’t have a Facebook account–it will scare you.  http://slashdot.org/topic/cloud/facebooks-graph-search-kiss-your-privacy-goodbye/ As Jeff Cogswell, the author, recommends, try the three searches at the middle of the page https://www.facebook.com/about/graphsearch/privacy.

I don’t post much on Facebook, but I still don’t like it! Not one little bit.

Flash!

Posted: February 8, 2013 by IntentionalPrivacy in Browser Vulnerabilities, Identity theft, Vulnerabilities
Tags: , , , , ,

Ok, now Adobe has released a security update for Flash, which applies to Flash versions for Windows, Macintosh, Linux, and Android operating systems, as well as Google Chrome and Internet Explorer browsers.

  • The version you should be running for Windows and Mac is Adobe Flash Player 11.5.502.149.
  • Linux users should update to Adobe Flash Player 11.2.202.262.
  • If you’re using Google Chrome as your browser, it should automatically update to the latest Chrome version. Chrome’s latest version runs Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
  • If you’re using Internet Explorer 10 on Windows 8, it will automatically update to the latest version of Internet Explorer, which includes the latest version of Adobe Flash Player, 11.3.379.14 for Windows.
  • Android 4.x devices should be running Adobe Flash Player 11.1.115.37.
  • Android 3.x devices should be running Adobe Flash Player 11.1.111.32.

How to keep up with all these security updates? You have several choices.

  • Sign up for US-CERT email bulletins and follow the instructions.
  • Run Secunia PSI and set it to check for updates weekly.
  • Set Adobe and Java to send you updates automatically. Java will ask you questions; make sure you check for any obnoxious add-ons before you click ok.

In the Adobe security bulletin about this Flash vulnerability that you can read at http://www.adobe.com/support/security/bulletins/apsb13-04.html, Adobe recommends that you verify the version of Flash running on your device.

  • To verify the version of Adobe Flash Player installed on your system, access the About Adobe Flash at http://www.adobe.com/software/flash/about/, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
  • To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

New vulnerabiltity discovered in Universal Plug and Play (UPnP)

Posted: February 8, 2013 by IntentionalPrivacy in Identity theft, Privacy, Vulnerabilities
Tags: , , , , , , ,

What is Universal Plug and Play? It is a protocol that allows network devices to talk to each other and it often runs on devices unless it is turned off. I have listed a few examples of devices that might have it enabled, which include such devices as home routers, printers, smart TVs, IP cameras, and home automation systems, but there could be many other types of devices that could have it turned on.

The first thing to check is your home router. How do you find out if your router is vulnerable? Rapid7 is a security research firm that has a free website-based tool that will check your router, available here http://upnp-check.rapid7.com/. Click the button “Scan My Router.” You do not have to install any software. It should take about 30 seconds to run.

If you want to check more than your router, there is a program on that page that you can download and run.

There is also a link to a page listing answers to frequently asked questions as well as a link to a more in-depth, technical explanation if  you’re interested.

Java updates: Just say “No!” to Ask.com toolbars …

Posted: February 8, 2013 by IntentionalPrivacy in Browser Vulnerabilities, Vulnerabilities
Tags: , , ,

If you have Java running on your computer, you may have noticed that Oracle–maker of Java–has recently put out a security update for Java. This is a good thing and Oracle got the update out earlier than they had anticpated.

However, what you may not have noticed when you installed the update, is that they include what Ed Botts calls “foistware.” This is because Java includes the Browser Add-on from Ask.com when you update Java unless you specifically UNCHECK the box that gives your permission to install it. If you’re not paying attention, you can accidentally install this lousy toolbar. I’m not a big fan of toolbars anyway, and this one is really bad. You can try it out [don’t click on any sites unless you are absolutely sure you know the site] by going to http://www.ask.com/ and searching for something. You will see a lot of ads–a lot of dubious ads.

For more information, read Ed Botts’ column, http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/.

The important thing: uninstall the Ask.com toolbar if you installed it.