Newsletter Archives

• Google Chrome Browser Vulnerability – check your “where to save file” settings

  Posted on May 20, 2017 at 19:16 CDT by Kirsty • Comment in the Forums

  Last week, a new topic was posted on a vulnerability on Google Chrome Browser over on Code Red – security advisories.

  Kirsty wrote:

  From Catalin Cimpanu, on bleepingcomputer.com:

  Just by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer’s login credentials with an attacker via Google Chrome and the SMB protocol.
  …
  Users can do this by visiting:
  Settings -> Show advanced settings -> Ask where to save each file before downloading

  More advanced protection measures include blocking outbound SMB requests via firewalls, so local computers can’t query remote SMB servers.

   
  Bosko Stankovic, on defense.com said:

  With its default configuration, Chrome browser will automatically download files that it deems safe without prompting the user for a download location but instead using the preset one. From a security standpoint, this feature is not an ideal behavior
  …
  In order to disable automatic downloads in Google Chrome, the following changes should be made: Settings -> Show advanced settings -> Check the Ask where to save each file before downloading option. Manually approving each download attempt significantly decreases the risk of NTLMv2 credential theft attacks using SCF files.

   
  scmagazine.com discussed this issue in Greg Masters’ article – see today’s post on this over on Google Chrome Flaw Could Allow Windows Credential Theft

  Now would be a good time to check that your browser is set to ask where to save downloads, even if you use another brand.

  Security Google Chrome, NTLMv2, SCF, Vulnerability

• What’s really happening with Flash in the latest version of Chrome

  Posted on December 5, 2016 at 06:14 CST by woody • Comment in the Forums

  No matter what you may have read, the latest version of Chrome doesn’t block Flash. But it does put another much-deserved nail in Flash’s coffin.

  InfoWorld Woody on Windows

  Windows Patches/Security Flash, Google Chrome

• October Third Party Program Updates

  Posted on November 1, 2015 at 09:40 CST by woody • Comment in the Forums

  From Randy the Tech Professor:

  This month there are patches for Adobe Flash, Adobe Acrobat, Adobe Reader, Apple iTunes, Apple Safari, Google Chrome, Mozilla Firefox, and Oracle Java. Even though these are common third party updates, there is a larger than normal number of vulnerabilities being fixed. Adobe Flash and Adobe Reader should be patched immediately.

  I’m enjoying your Windows 10 for Dummies. Two or three times a week (with my clients) I’m running into the Windows 10 forced update conundrum. I have then turn off automatic updates and then manually uncheck Windows 10 when updates are offered.

  Sounds like a good solution to me. I assume you’re also pointing them to GWX Control Panel, which takes care of all the settings and hidings necessary to keep the Win10 update at bay.

  People seem to forget that they have until next July to get the free upgrade – and even then, I wouldn’t be surprised if Microsoft keeps the offer going.

  Windows Patches/Security Adobe Acrobat, Adobe Flash, Adobe Reader, Apple iTunes, Apple Safari, Google Chrome, Mozilla Firefox, Oracle Java