Computer News & Safety – Harry Waldron Rotating Header Image

June, 2015:

Facebook – Shopify e-commerce expansion coming in 2015

Facebook will be adding more “BUY” buttons to ads and product pages created on the Shopify e-commerce platform.  Users should carefully use these resources with safe security practices in mind 

http://www.pcmag.com/article2/0,2817,2485814,00.asp

Launched less than a year ago, the Buy button lets consumers purchase products through the News Feed or Pages without leaving Facebook. Shopify, a platform that helps businesses create an online presence, has helped several of its clients incorporate the Buy button over the last few months, but is now opening the program to more retailers.

Shopify will begin inviting certain merchants to “Add Facebook” to their account; invitations will appear on the Shopify account home screen over the next few weeks. Once synced with the new Facebook sales channel, users can post products with the “Buy” button, as well as promote posts with paid ads, and manage customers and orders from Facebook.   The call-to-action button is not yet available to all Shopify customers; those still waiting for an invitation can sign up online for updates and submit a request to join the beta test.

Apple iOS9 FAQ on announced new features

Network world shares detailed FAQ for Apple iOS9 on newly announced features

http://www.networkworld.com/article/2933174/wireless/ios-9-faq-everything-you-need-to-know-about-apples-new-mobile-os.html

Apple has massively improved and expanded several essential built-in apps and services. Most notably Siri is now running on steroids, and Maps has included mass transit info. Furthermore, the Passbook built-in app has been replaced with the Apple Pay-powered Wallet, and the stagnant Newsstand has been replaced by News, a personalized reading app. iOS 9 will also give the iPad several new functionalities, like Split View and Picture-in-Picture, for helping power-users get stuff done.    What about security updates? — iOS 9 brings a couple new security features that should help keep your data safe if your iPhone or iPad fell into the wrong hands: Six-digit passcodes by default, instead of the four-digit default passcodes we use now, as well as native two-factor authorization whenever you try to sign in from another device.

WWDC 2015 – Slide show of most important product announcements

This slide show from Network World captures 14 of the most important Apple product announcements 

http://www.networkworld.com/article/2932971/software/apples-14-most-important-announcements-at-wwdc-2015.html

Apple on Monday kicked of WWDC with its standard keynote address. Per usual, the event was chock full of exciting and surprising announcements that touched on all things iOS, Mac, and Apple Watch. From a brand new music service to an Apple Watch SDK, there’s a whole lot of information to digest, and both developers and Apple enthusiasts alike will have a lot to look forward to in the coming months. Here are a few of the more important announcements Tim Cook and co. made yesterday.

Microsoft Security Updates – JUNE 2015

https://technet.microsoft.com/library/security/MS15-jun

Microsoft is releasing the following eight security bulletins for newly discovered vulnerabilities:

Bulletin ID: MS15-056
Bulletin Title: Cumulative Security Update for Internet Explorer (3058515)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Internet Explorer on affected Microsoft Windows clients and servers.

Bulletin ID: MS15-057
Bulletin Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin ID: MS15-059
Bulletin Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
Max Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Compatibility Pack SP3, Office 2010, Office 2013, and Office 2013 RT.

Bulletin ID: MS15-060
Bulletin Title: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
Max Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1.

Bulletin ID: MS15-061
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: All supported releases of Microsoft Windows.

Bulletin ID: MS15-062
Bulletin Title: Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Does not require restart
Affected Software: Microsoft Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012.

Bulletin ID: MS15-063
Bulletin Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

Bulletin ID: MS15-064
Bulletin Title: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Does not require restart
Affected Software: Microsoft Exchange Server 2013

 

Web Security – US Government must use HTTPS on all sites by December 2016

All governmental sites must use encrypted secure connections as an operational standard by the end of 2016.

http://www.pcmag.com/article2/0,2817,2485665,00.asp

https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf

The White House now requires all publicly accessible federal websites and services to use a secure HTTPS connection. Government agencies have until Dec. 31, 2016 to comply with the new HTTPS-Only Standard directive.   Unencrypted HTTP connections “create a vulnerability and expose potentially sensitive information about users,” U.S. Chief Information Officer Tony Scott said in this week’s announcement. That includes data like browser identity, website content, search terms, and other user-submitted details. “To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services,” Scott continued. “Monday’s action will deliver that same protection to users of federal websites and services.”

The move comes after the ACLU in April alerted Scott to “dozens” of inspectors general (including those at the Departments of Justice and Homeland Security) who did not use HTTPS for online whistleblower complaints, including disclosures of waste, fraud, or abuse.   That includes the Departments of Agriculture and Treasury, the Consumer Product Safety Commission, the Corporation for Public Broadcasting, the U.S. International Trade Commission, the National Archives, and the Smithsonian. Not to mention the State Department’s “Rewards for Justice” online terrorism tip line.

Apple WWDC 2015 conference

Apple’s 2015 World Wide Developers Conference (WWDC) is currently in process where several new product updates are anticipated this week

http://www.macrumors.com/roundup/wwdc/

http://www.apple.com/live/2015-june-event/

WWDC is the annual Worldwide Developers Conference held by Apple in San Francisco, California. The 2015 conference will take place from June 8–12. Some possibly expected developments included:

* New versions of iOS and OS X
* Apple Watch improvements
* New streaming music service
* Revamped iTunes Radio
* Apple Pay rewards program
* Apple Watch improvements
* Apple HOMEKIT to control IOT devices

Windows 10 – Upgrade and FAQ resources

Below are resources for Windows 10 to help facilitate updating from WIN7 or WIN8

http://www.microsoft.com/en-US/windows/windows-10-specifications

http://answers.microsoft.com/en-us/insider/wiki/insider_wintp-insider_install/frequently-asked-questions-windows-10/5c0b9368-a9e8-4238-b1e4-45f4b7ed2fb9

If you want to upgrade to Windows 10 on your PC or tablet, here’s what it takes.

* Latest OS:  Make sure you are running the latest version either Windows 7 SP1 or Windows 8.1 Update.
*  Need to download the latest version? Click here for Windows 7 SP1 or Windows 8.1 Update.
* Processor:  1 gigahertz (GHz) or faster processor or SoC
* RAM:  1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
* Hard disk space:  16 GB for 32-bit OS 20 GB for 64-bit OS
* Graphics card:  DirectX 9 or later with WDDM 1.0 driver
* Display:  1024×600

Microsoft Skype – Critical Fix for invalid URL crash issue

This issue was quickly patched and all Skype users should apply this fix promptly 

http://venturebeat.com/2015/06/02/these-8-characters-crash-skype-and-once-theyre-in-your-chat-history-the-app-cant-start/

Skype users have discovered a rather nasty bug in the app. Sending the characters “http://:” (without the quotes) crashes Skype, and receiving a message with those characters makes it crash any time you try to sign in again.  The bug works as described on Windows, Android, and iOS. It does not, however, seem to have any effect on Skype for Mac nor Skype for modern Windows (the touch-friendly Metro app). We learned of the issue when Skype user “Giperion” posted on it in the community forums. He noted that “clearing chat history not helps, because when skype download chat history from server, it will crash again.”

http://community.skype.com/t5/Windows-desktop-client/Skype-Fix-for-crashes-caused-by-bad-URL/m-p/3997463

We are aware of a problem that was causing Skype clients to crash.  Our engineering teams worked hard to resolve this issue, and have released updates for all impacted Skype platforms. Download the latest version from www.skype.com/download to address this issue.

Microsoft Security Intelligence Report – Volume 18

For IT security professionals, the SIR v18 research report is available as well as detailed article on the life cycle for a recent popular exploit

http://www.microsoft.com/security/sir/default.aspx

TABLE OF CONTENTS

  • SIR Volume 18: July 2014 to December 2014
  • FEATURE ARTICLE: The life and times of an exploit

First, vulnerability disclosures across the entire industry increased precipitously in the second half of 2014, increasing 56 percent from the first half of the year. 4,512 vulnerabilities were disclosed during the second half of 2014, representing the largest number of vulnerabilities disclosed in any six month period since the Common Vulnerabilities and Exposures system was launched in 1999. This increase is predominantly the result of work performed by the Computer Emergency Response Team (CERT) Coordination Center (CERT/CC) finding almost 1,400 individual CVEs affecting thousands of different publishers of Android apps and code libraries (more details can be found in this report).

Secondly, commercial exploit kits continue to be popular tools among some attackers. The speed at which we see newly discovered exploits get incorporated into commercial exploit kits has accelerated. The timespan between the availability of a security update and when an exploit for the vulnerability is integrated into a commercial exploit kit was significantly reduced in the second half of 2014. It used to take weeks or months for new exploits to appear in exploit kits, but in the second half of 2014 we saw that time period decrease to ten days or less in several cases.

Windows 10 – Nine Benefits from Business Insider review

This review by an Apple Mac user from Business Insider magazine highlights many of key new features for Windows 10

http://www.msn.com/en-us/money/technology/9-reasons-why-i%e2%80%99m-ready-to-love-windows-10/ar-BBkkRUI

In my own tests with Windows 10, there’s a lot to like — I’m still not sure if it’ll be enough to get me to switch from my own Mac and go Windows full-time, but there’s a lot to like in Windows 10, and the heat is on. Here are some of the coolest features you should be looking forward to in Windows 10.

1. Cortana, the digital assistant
2. Windows Store for multi-device purchases
3. Windows Hello’s facial recognition sign-in
4. Windows Continuum for Phones
5. Microsoft Edge, the fast new web browser
6. Touch, greatly improved capabilities
7. Xbox integration
8. The new Start Menu
9. Windows 10 is intuitive and comfortable to use, while still working in all kinds of new ideas