Microsoft issued a security advisory on Friday for a vulnerability that was discovered last week. They have also released a "Fix It" that can be accessed from their knowledge base.
This is another one of those Windows bugs that would likely be exploited by sending an email or posting to a forum with a link to a malicious site. As always, my advice is that if you get a link in an email (even if it appears to be from a friend) verify that they sent it before clicking on it, and use caution when clicking on links from Twitter, Facebook, or other social networking forums.
Monday, January 31, 2011
Thursday, January 27, 2011
Facebook HTTPS Access - Better Late Than Never
Back in November I posted about the Firesheep issue with Facebook, and it appears that two months later Facebook is finally doing something about it!
Facebook has announced that they've enabled the ability to use their service over an encrypted connection (HTTPS), which addresses the issue with accessing Facebook over unencrypted WiFi (think Starbucks or McDonald's.)
You'll need to go into your account settings and enable this feature, which I recommend doing immediately. Go to Account -> Account Settings -> Account Security and enable "Secure Browsing."
Facebook has announced that they've enabled the ability to use their service over an encrypted connection (HTTPS), which addresses the issue with accessing Facebook over unencrypted WiFi (think Starbucks or McDonald's.)
You'll need to go into your account settings and enable this feature, which I recommend doing immediately. Go to Account -> Account Settings -> Account Security and enable "Secure Browsing."
Wednesday, January 26, 2011
AOL Mail Outage
AOL has been experiencing some problems for the last couple of days, and this morning they announced that some users may be missing email between November 2010 and January 2011.
According to their blog they are rolling out a fix this morning, so if you're an AOL user and some of your email is missing don't panic (yet.)
According to their blog they are rolling out a fix this morning, so if you're an AOL user and some of your email is missing don't panic (yet.)
Friday, January 21, 2011
New Twitter Virus/Malware
Just a heads-up that there's reports of a new virus/malware being distributed via Twitter. This was first reported by the Internet Storm Center here.
The links will take you to one of those fake "anti-virus" sites that will attempt to load malware on your PC. For the time being, I'd avoid clicking on links in Twitter.
The links will take you to one of those fake "anti-virus" sites that will attempt to load malware on your PC. For the time being, I'd avoid clicking on links in Twitter.
Thursday, January 20, 2011
Syncing Google Calendar with Corporate Exchange Systems
With the advent of smart phones, and with tablets becoming more and more ubiquitous, getting all of your information to play nicely together can sometimes be tricky. For those who use Google Calendar and also rely on Microsoft Outlook (yes, this is fairly common) for their personal information management, there's a great tool in Google Calendar Sync to get your appointments flowing between these two applications.
However, I've discovered that when you are working in a corporate environment using Exchange Server the calendar sync tool doesn't work well with meeting invitations. It took me a while to hunt down the solution for this, so I thought I would document it here in case any of my readers are struggling with this issue.
If you're running Outlook and using a corporate Exchange server, you will need to add your corporate email address as an additional email to your Gmail account. To do this you log into Gmail, click on "Accounts and Import" and then on "Google Account Settings". Click "Edit" under "Email Addresses" and then enter your corporate email address under "Add An Additional Email Address" and click "Save". Your corporate email account will receive an email with a link that you will need to click to verify this setting.
Note: be sure to check your company's I.T. policies prior to doing this, some companies do not allow this type of access to their network and it's important to verify that setting this up is authorized in advance.
It may take a few hours for the sync to start working (it took over 12 hours to work in one instance), however you will soon start seeing your corporate meeting invitations showing up in your Google calendar.
I'm not sure what it is in the sync mechanism that won't allow meeting invitations to sync over without adding the email address that the meeting is sent to, however this solution seems to resolve this issue nicely (though I was unable to find it in the Google documentation.)
I hope this helps you get all your information where it is most convenient for you to view it!
However, I've discovered that when you are working in a corporate environment using Exchange Server the calendar sync tool doesn't work well with meeting invitations. It took me a while to hunt down the solution for this, so I thought I would document it here in case any of my readers are struggling with this issue.
If you're running Outlook and using a corporate Exchange server, you will need to add your corporate email address as an additional email to your Gmail account. To do this you log into Gmail, click on "Accounts and Import" and then on "Google Account Settings". Click "Edit" under "Email Addresses" and then enter your corporate email address under "Add An Additional Email Address" and click "Save". Your corporate email account will receive an email with a link that you will need to click to verify this setting.
Note: be sure to check your company's I.T. policies prior to doing this, some companies do not allow this type of access to their network and it's important to verify that setting this up is authorized in advance.
It may take a few hours for the sync to start working (it took over 12 hours to work in one instance), however you will soon start seeing your corporate meeting invitations showing up in your Google calendar.
I'm not sure what it is in the sync mechanism that won't allow meeting invitations to sync over without adding the email address that the meeting is sent to, however this solution seems to resolve this issue nicely (though I was unable to find it in the Google documentation.)
I hope this helps you get all your information where it is most convenient for you to view it!
Tuesday, January 18, 2011
Changes to Facebook Privacy - 3rd Party Applications
According to the Facebook Developer Blog, changes have been made to their third party interface that allow developers of these applications to request your address and phone number from Facebook.
I've talked about Facebook privacy before, however I've never discussed the issues surrounding third party applications and Facebook integration. Personally, I don't use any applications that integrate with Facebook. While I'm comfortable using Facebook to keep in touch with family and friends (as long as I keep on top of my privacy settings), once you start allowing third parties access to the information that you have in Facebook, it gets harder and harder to keep track of who has what. To be honest, I haven't seen any third party applications for Facebook that offer me any value, so I'm lucky in that regard.
Now that Facebook is offering to provide your address and phone number to third parties (albeit with your permission) the issue gets more complicated. Some of these developers are very small, and it's hard to be certain if they are taking the necessary precautions to protect your personal information.
The upshot is that I'd pay careful attention now when the "Request for Permission" pop-up appears on Facebook. If the developer is asking for your address and phone number, and this isn't information that is already readily available on the Internet, then you may want to think twice before clicking that "Allow" button.
Update 01-21-2011 - There is a new post on the Facebook Developer's Blog stating that this function has been "temporarily" removed.
Update 01-21-2011 - There is a new post on the Facebook Developer's Blog stating that this function has been "temporarily" removed.
Friday, January 14, 2011
Outlook Slow After Patch Tuesday?
If your Outlook is slow after the latest round of Microsoft patches, it may be that KB2412171 is the culprit. I've seen some slowness myself, and a cursory search found this post on CNET's forum about the issue.
If you're experiencing the problem it appears to be intermittent. I'd recommend removing this patch until Microsoft resolves the issue.
I'll update this post when I have more information.
If you're experiencing the problem it appears to be intermittent. I'd recommend removing this patch until Microsoft resolves the issue.
I'll update this post when I have more information.
Tuesday, January 11, 2011
Microsoft Patch Tuesday
Just a reminder that today is patch Tuesday... Microsoft has updated for multiple vulnerabilities (including the one I mentioned last week.)
If you're a Windows user, be sure to patch your machine tonight. The details on the updates that were released for this month can be found here.
If you're a Windows user, be sure to patch your machine tonight. The details on the updates that were released for this month can be found here.
Good Article on Avoiding Scams
I just wanted to take a moment to share this article on CNet that has some great tips. I know I've discussed this before, and I can't say it enough times; you can't be too careful!
Wednesday, January 5, 2011
New Security Advisory From Microsoft
Microsoft has released a security advisory for a vulnerability in how Windows renders graphics, and an exploit has already been published to the Internet.
Microsoft has released a workaround that is somewhat complicated,(so complicated that the KB link is broken at the time of this posting.)
Probably the best way to protect yourself is to avoid opening unsolicited emails with attachments (which is always a good idea anyway.) There's no ETA on a patch for the bug.
Microsoft has released a workaround that is somewhat complicated,(so complicated that the KB link is broken at the time of this posting.)
Probably the best way to protect yourself is to avoid opening unsolicited emails with attachments (which is always a good idea anyway.) There's no ETA on a patch for the bug.
Subscribe to:
Posts (Atom)
Posts
