Category: Computers, Science & Technology

This is a bad zero day exploit involving specifically Microsoft Word 2010. Check out the article from Microsoft for details:

Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft Security Bulletin – “Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.

The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013.

On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to offer information that they can use to provide additional protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.

Mitigating Factors:

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted RTF file that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

Recommendation. Please see the Suggested Actions section of this advisory for more information.”

With a lot of businesses panicking as the Windows XP operating system deathwatch clock is ticking down, businesses are correctly looking at alternatives to the ancient operating system. Ancient, that is, by computer terms. After all, Windows XP is 12 years old, which is, indeed, “ancient” in the computer world!

On April 8, 2014 Microsoft Windows XP will be dead. I can remember when Windows XP was released, and I was an early adopter. I was very impressed with the operating system at the time, as it was a vast improvement over previous Microsoft windows operating system editions. In fact, I pushed the company I was working for at the time to upgrade to Windows XP as quickly as possible. It is amazing now to look back and realize that Windows XP is dying!

However, as companies look at changing their old software to run on newer versions of Windows, perhaps this is a time to consider moving to Linux. Now, don’t say that this is impossible until you hear me out! If you’re going to have to rewrite your codebase, particularly for internally developed applications, why not look into Linux? After all, it is arguably more secure, more stable, and offers better security overall the Microsoft Windows ever could, in any version!

I know a lot of people will say, “My users will never accept Linux!” However, this is because they haven’t tried Linux in a long time and are not aware how user-friendly it really is! I can guarantee you unequivocally, that if you set an average user down in front of Linux Mint, they will be able to login, surf the web, run applications, find files… in fact, some may not even know their not on Windows!

And, Linux Mint is free, open-source, and very well supported by the developer community. It is based on Ubuntu, which is, of course, a Debian-based version of Linux.

I encourage you, especially if you are a small-to-medium sized business, to download the Linux Mint ISO install CD, specifically with the MATE interface. Then, locate any PC, even one of your older PCs that she no longer can use with Windows, boot off the CD that you burn from the downloaded ISO, and you’ll be surprised at it’s ease-of-use, and functionality!

If you ever make the move, you would no longer be trapped by the Microsoft tyranny that holds you captive to their whims!

Linux Mint Web Site

Corporations are notoriously slow to move when it comes to operating system upgrades. Windows XP is still the operating system that most corporate Windows applications are written for. This presents a real problem for companies that are being forced to move off of Windows XP by next month, April 2014.

Now, it is obvious that these companies should of had their act together long before now, and plan to move off of Windows XP long before this. After all, they’ve had a long time to plan for this event. Unfortunately, a lot of businesses have not planned for this event, and are lagging behind.

The issue is that as of next month Windows XP will no longer be patched, that is, no security patches will be released by Microsoft, and Microsoft developers will no longer be fixing vulnerabilities of the operating system. As time goes by it will become increasingly a security problem for any company that continues to use Windows XP, are Windows XP software.

It is amazing to realize that most banks ATMs are running Windows XP as their operating system! You would expect that banks, perhaps more than anyone else, would have seen this coming and wanted to secure their ATMs! But, that hasn’t happened.

There is a possible answer for businesses that are still running Windows XP applications and are going to be able to upgrade them in time. It is a freeware product, called “Sandboxie.” The 32-bit edition of Sandboxie can be installed into the 32-bit Windows XP mode running within the 64-bit version of Windows 7. In fact, “the 32-bit version of Sandboxie can run fairly well with the 64-bit Windows 7 environment. Windows XP mode is easier to use the standalone virtual machine running Windows XP, as it is better integrated in Windows 7. It also includes a licensed copy of Windows XP. However, this improved integration also exposes the Windows 7 system and documents to malicious changes operating in the Windows XP mode operating system. With Sandboxie, you can have a web browser which is isolated within its own sandbox, making it more secure than your web browser running directly on Windows 7,” according to their web site.

There is a free version for personal and home use, a Pro version available, and a commercial version available for businesses. The company also makes a product called “Invincea FreeSpace” that includes other features such as data protection, real-time detection, and notification of malware threats, forensics, enterprise configuration management, and enterprise software updating.

Check them out at: www.sandboxie.com.

If you want to protect your website, the best way to do so, is to use an SSL certificate. Now, these certificates can be expensive, and requires some knowledge to set up.

However this week GlobalSign is offered to give a free wildcard SSL certificate to qualified open source projects. It’s their way of supporting open source and encouraging industry best practices among open source developers.

In order to qualify for a free SSL certificate the open source project must have an OSI approved license, be active in terms of development, the noncommercial, and pass some other simple requirements.

It’s not clear whether this is a limited offer or not, but this is an encouraging sign of corporate support for open source!

At this week’s game developers conference in San Francisco, Microsoft gave some details on DirectX 12, Microsoft’s multimedia API.

Microsoft is reportedly trying to get “closer to the metal” in terms of using hardware resources, which should result in faster performance. Reportedly, the new version will be called Direct3D 12 and will be a significant departure from the older version of DirectX. Microsoft claims to have overhauled a lot of the API including three key areas: pipeline state representation, work submission, and resource access.

The new APIs are designed to create a richer visual interest, better memory management, and give developers more tools to work with to increase visuals in video games and other graphic applications.

Microsoft is targeting Christmas of 2015 for the release of this new version of DirectX, or Direct3D, whichever name the end up going with.

DirectX 12 is said to work on over 80% of existing gaming PCs currently being sold, so hardware upgrade may not be necessary.

Pres. Obama met this week with the CEOs of Facebook, Netflix, Dropbox, Box, and other companies, in a move to relieve snooping fears. They met Friday of this week to discuss the president’s proposed reforms on computer privacy.

The president told the assembled high-tech CEOs that his administration has a commitment to take steps to give people greater confidence that their personal rights are being protected, while preserving the government’s ability to keep us safe.

Of course, the concern has arisen due to the fact that the government has been caught looking into data, and metadata, of American citizens, presumably to try to track down terrorist activity. Mark Zuckerberg, CEO of Facebook, was quoted as saying that they had an “honest talk about government intrusion on the Internet and the toll it is taking on people’s confidence in a free and open Internet.”

Zuckerberg had previously taken the Obama administration to task and expressed his frustration over the damage that the government has created in the high-tech industry. “Unfortunately, it seems like it’ll take a very long time for full reform,” he wrote, adding that government spying posed a threat to the Internet.

Are you thinking about your security on the Internet? Keep in mind that it’s ultimately up to you! There are a number of tools that you can use to secure your Internet activity, as well as your private information, and, of course, you need to harden your passwords and change them often!

So, I’ve told you before that Windows XP support is ending next month, April 2014. And, since Microsoft’s base of users includes some 30% using Windows XP; they are quite concerned!

This means that Microsoft has a big incentive for users to upgrade to at least Windows 7, preferably Windows 8.X. So, they’ve come up with an offer to give users the incentive to upgrade not only their operating system, but also their hardware is well. By upgrading their hardware Microsoft users will be able to run the operating systems of the future that Microsoft might create, given that Microsoft likes to create “bloatware,” and, in most cases, their operating systems get larger and larger and require more resources as time goes by.

I have seen however, that Windows 8 bucks this trend to a certain extent and does seem to do pretty well on hardware that isn’t quite up to the specs that Microsoft specifies for their operating system. I hope this trend continues.

Their offer is this: if you buy computer valued at $599 or more, and you bring it in to the dealer proving that your old computer is running Windows XP, Microsoft will give you $100 off the purchase of the new computer.

Now, this sounds a bit unwieldy to me, because imagine having to tote your Windows XP computer into Best Buy to prove that you have Windows XP! This seems to be a bit silly! Maybe some stores will “trust you” when you say you have Windows XP. We’ll see.

Johnathan Nightingale, Vice President of Firefox at Mozilla, announced last week that they had abandoned development of the “Metro” version of Firefox. The reason he gave? The fact that no one cares about Metro. This is just one more sign that Microsoft is “barking up the wrong tree” when it comes to this particular interface design. “Metro,” or the “Modern” interface, or whatever they want to call it this week, should be shelved as a failure!

Nightingale says that in late 2012 when they started the Firefox for Metro team there was some excitement about it. It took them a while to break open Metro and get Firefox to work in that environment.

They are prepared to release Firefox version 1.0 for Metro, however, after only seeing 1,000 active daily users in the Metro environment, and considering the size of the installation of Windows at large, they basically decided that there just was no interest. They have decided to focus their efforts on the more traditional Windows environment, where there is still a lot of interest.

This should be instructive to Microsoft. If they were paying attention, and listening to their users, they to would drop the “Modern,” or “Metro,” environment in favor of a desktop that their users would actually like, and use. But, as always, Microsoft is not paying attention to it’s users, it is arrogantly trying to force it’s users to do its bidding.

To slightly misquote the Beatles at the beginning of “Sgt. Pepper’s Lonely Hearts Club Band,” “It was 25 years ago today, that Sir Tim Berners Lee taught the ‘net to play!” OK, that was lame, and it was yesterday that the 25th Anniversary actually occurred, but hey! I’m trying! Keep in mind that the World Wide Web, which Sir Tim came up with, is NOT the Internet, it is actually riding on top of the Internet. It is the whole hyperlink thang!

The idea came to him when he was working at CERN in Geneva. He wrote a paper called: “Information Management: A Proposal.” It didn’t sound exciting, but it was! Sir Tim says that after 25 years, he just would like to see the World Wide Web free, and available to all! So say we all, Sir Tim!

Wow! This is big!

Google drops price of all monthly Google Drive plans to $2/100GB, $10/1TB, $100/10TB

Written by:Jordan Kahn (Google 9to5) – “Google announced today on its blog that it’s lowering the monthly pricing plans it offers for users buying extra storage on Google Drive. Google attributes the changes to “recent infrastructure improvements” that is allowing it to offer more affordable storage options. Google reminds us that, as always, Drive storage purchased through the new plans counts towards storage for Drive, Gmail and Google+ Photos.

The new plans begin at just $1.99 for 100GB down from the previous $4.99 for the same amount of storage. There is also a new $10 plan for 1TB (down from $50 previously), and a 10TB and up option that starts at $99.99. Google will also continue offering the free 15GB option that comes with your Google account for Drive, Gmail and Google+.

How big is a terabyte anyway? Well, that’s enough storage for you to take a selfie twice a day for the next 200 years and still have room left over for… shall we say… less important things. Like before, storage continues to work across Drive, Gmail and Google+ Photos. And, of course, the 15GB plan remains free.

The new pricing plans for Google Drive are available now through www.google.com/settings/storage. Users that are already signed up for a monthly plan will be automatically switched to the new, better plans.”