Posted on February 18th, 2017 at 19:58 Comment on the AskWoody Lounge
I received an email from a reader who asked me about all the talk about Flash. He pointed out the fact that there are more than 400 mentions of Flash on this site. What, he wanted to know, is the latest status of Flash – what’s the best way to disable it, and if you must use it, which browser should have it enabled?
The question takes on greater urgency when you recall that Microsoft hasn’t yet updated Internet Explorer or Edge for the latest bunch of Flash fixes. Adobe posted fixes last Tuesday. Microsoft hasn’t released any fixes this month, so those fixed holes still affect IE and Edge.
What say ye? What’s the best recommendation for Flash, given the current state of affairs?
Posted on February 17th, 2017 at 12:38 Comment on the AskWoody Lounge
I’m collecting recommendations for a roundup on Win10 tools. Do you use any that you’d recommend?
Built-in, free, or very cheap.
Post over on the Tools forum. @PhotoM ‘s been posting up a storm.
Posted on February 17th, 2017 at 11:13 Comment on the AskWoody Lounge
As 0day bugs go, this isn’t an earth-shattering development. But it’s still enough to cause concern.
Mateusz Jurczyk at Google Project Zero discovered a memory disclosure vulnerability and notified Microsoft on Nov. 17. Project Zero has an automatic 90-day disclosure deadline: If the vendor (in this case Microsoft) doesn’t fix the hole that’s discovered, it will be automatically disclosed 90 days later.
Sure enough, 90 days passed and, on Feb. 14, the timer rang and the full disclosure popped out, including exploit code.
This isn’t a huge bug. The bad guy has to get access to your computer before it can be exploited. Once logged on to your machine, the interloper can open a bad EMF file and use it to sneak a peek at system memory that isn’t theirs.
It seems that security bulletin MS16-074 didn’t fix the problem entirely.
Yuhong Bao (whom I’ve mentioned before, many times) sent a provocative message to the Project Zero folks. He said:
I wonder if this was supposed to be part of the cancelled February Patch Tuesday.
Something to ponder over the upcoming three-day US holiday.
Posted on February 17th, 2017 at 09:19 Comment on the AskWoody Lounge
A dozen top problems, and what you can do besides assuming a fetal position.
This guide targets two separate but intertwined groups: Those who have recently upgraded from Win7 (or, less likely, Win8.1) and those who have upgraded from an earlier version of Win10 (likely the November Update, Version 1511) to a recent version (as of this writing, probably the Anniversary Update, Version 1607).
Posted on February 17th, 2017 at 08:02 Comment on the AskWoody Lounge
I’m a skeptic at heart. You know that. But this manifesto from Mark Zuckerberg really struck home.
In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us.
It’s an important statement, from a fascinating guy. I wonder how well Facebook, the company, can match Zuckerberg’s goals?
Posted on February 16th, 2017 at 17:00 Comment on the AskWoody Lounge
Privacy remains a thorny problem with no clear solution. I, personally, like to have Gmail scan my mail to snag flights. I don’t mind Cortana. My phone tracks everywhere I go. And I constantly use OK Google. So I’m not a poster child for computer privacy. Still, I understand folks who don’t want all of their data fed into a future General Dynamics overlord. Don’t laugh too hard.
A friend just forwarded an email to me from Mozilla (the Firefox people), suggesting that I take a look at a series of five talks put on by WNYC, the big public radio station for New York City.
They have a great hook:
In today’s world, privacy is less about being alone and more about protecting our identities and information. But if we’re all so concerned about protecting our personal data, why do we regularly give it away to apps, marketers, social media and websites?
That’s the privacy paradox. And it’s time to tackle it.
If you’re interested in pursuing the subject, you might want to venture to the Privacy Paradox site. It’s very well put together – and you might change your mind about privacy.
Or maybe not.
Posted on February 15th, 2017 at 21:05 Comment on the AskWoody Lounge
At least, that’s what the MSRC team notification on the TechNet blog says:
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017
My previous kvetch holds true. There’s no mention about whether this only applies to Windows (Vista, 7, 8.1, 1507, 1511, 1607), or if it also includes Office, .NET, IE and so on.
There’s some concern about the SMBv3 zero-day that I mentioned on Feb. 3. It’s still out there and active. CERT has published manual steps for thwarting the vulnerability.
I have a roundup of the history and the problems on InfoWorld.
By the way, Gunter Born doesn’t think Windows Update is broken, and he offers some powerful arguments in that direction in his latest blog post.
Posted on February 15th, 2017 at 17:38 Comment on the AskWoody Lounge
I’ve just brought forums on board for Office, DevOps, Admins and Developers.
Please take a look and let me know what I screwed up!