Mozilla – FireFox 50.0.1 Released to Fix Security Vulnerability

Mozilla.org on November twenty eight two thousand sixteen officially released Mozilla web browser version 50.0.1. This latest version includes one security vulnerability. This security vulnerability is listed as critical.

* CVE-2016-9078: Uniform Resource Locator can inherit wrong HTTP redirect origin

Malicious sites can use this vulnerability for same origin violations. This issue only affects Mozilla Firefox web browser versions forty nine and fifty. You can install Mozilla FireFox 50.0.1 manually by selecting “Help” then select “About Firefox”. In about Mozilla Firefox you will either see that your web browser is up to date or click on an “Update to 50.0.1” button. You can download and install Mozilla FireFox version 50.0.1.

Another way to upgrade Mozilla FireFox is with automatic updates.

Click on “Tools” then select “Options”. Click on “Advanced” tab. Select an “Update” tab. In update you have three options:

* Automatically install updates
* Check for updates
* Never check for updates

Kindle Publishing For Blogs – How to Submit Your Blog to Amazon

Amazon has a free publishing feature that some blog owners might not know about. You can submit your blog to Amazon for publishing on Kindle devices. Amazon charges .99 cents or $1.99 per blog.

You receive a percentage of this for each subscription. This allows your blog readers to access your blog on their kindle device. This may save them time, so that they don’t have to visit your actual website on their computer.

In order to submit your blog to Amazon, you must create a separate account. This account cannot be your Amazon affiliate and or reseller one. Once you create an account you then login to Kindle publishing for blogs. Before you can actually submit your blog RSS feed you must add account information such as your tax identification number and banking information.

Select either “Your Blogs” or look under a “Your Blogs” heading. Click on “Add Blog” on right hand side to add your blog to Amazon for Kindle publishing. You will need to fill out each field with a red asterisk that is mandatory.

* RSS Atom Feed Address
* Blog Description
* Blog Author Publisher
* Blog Language
* Categories

You will need to agree to two Amazon terms before you can proceed. You can upload two images to enhance your listing. A banner and screenshot of your blog in a web browser.

You might want to fill out as much information as possible to aid your potential subscribers decision making process. Many of these fields have further instructions on right hand side. Another point of contention is that I received a warning message when trying to use Google Chrome web browser with Kindle publishing for blogs.

As a matter of fact, I couldn’t login using Google Chrome web browser. Before publishing your blog to Kindle, you can “Save” your blog and or “Generate Blog Preview”. Finally, click on a “Publish Blog to Kindle” button.

Amazon claims it can take between twenty four to seventy two hours for your blog to become approved or not.

Google Chrome – New Tab Redirect Allows You to Provide Page URL

One of those annoyances I consider with Google Chrome web browser is that web browsers new tab feature. When opening a new tab in Google Chrome you get a list of up to past eight surfed websites. There is no way to customize this.

Mozilla Firefox and even Internet Explorer allow you to configure a specific uniform resource locator or blank page. I found an extension called New Tab Redirect authored by Jim Schubert. This Google Chrome extension allows you to customize a new tab page.

To install this extension you right click a drop down menu in upper right hand corner of Google Chrome and then select “More tools”. In more tools you then select “Extensions”. In extensions type in “New Tab Redirect”.

Click on a blue “Add to Chrome” button to install this extension. Once installed a welcome page opens. Click on an “Options” link. In options you can either choose “One click save..” from a list of “Popular Pages” or “Chrome pages”.

Another option I prefer is to use the top “Redirect URL” field. Type in your preferred website in this box and then click on “Save”. Now when you open up a new tab in Google Chrome you will be sent to whatever website you typed into “Redirect URL”.

Finally, you can type in “about:blank” without quotes into this box and then a blank page will open up when you choose a new tab.

LG – Provides Refunds to Customers With Nexus 5X Bootloop Problem

Life’s Good electronics company has decided to provide full refunds to customers with Nexus 5x that bootloop. This device has now been discontinued. This boot loop issue is caused by faulty hardware.

However, LG does not have appropriate hardware parts to rectify this issue in stock. This company will issue a full price refund to customers with an affected device. Nexus 5x’s with this problem will not boot to a home screen and then resets.

You can obtain a full refund as long as your device is still under warranty and obviously has this boot loop problem. One user whom sent his phone to LG repair received this email response from this company:

“Thank you for choosing LG Electronics for your mobile device! We recognize that you have numerous options when selecting a mobile device and it is our priority to provide you with the highest quality products and service. We’re sorry to hear that you’ve experienced a problem with your LGH790 and appreciate you giving us the opportunity to provide a warranty repair.

We have received your device at our repair facility but currently a part to complete the repair is out of stock and is no longer available. To rectify this issue, we would like to offer you a refund for the full amount of your device. That amount will be determined by your sales receipt.

Your refund can take approximately 4 weeks to receive due to the holiday. Please reply to this email should you have any questions or concerns.”

You can contact Life’s Good support via chat Monday through Friday 7AM-Midnight Central Standard Time, email, telephone at 800-243-0000.

Fedora Project – Releases Fedora 25 Atomic Server & Workstation

Fedora Project officially released Fedora 25 on November twenty second two thousand sixteen. This latest Linux distribution comes in three flavors. Fedora atomic, server, and workstation are now available for download.

All three Fedora 25 versions are free for public download. This Fedora 25 includes bug fixes from previous versions. Fedora 25 workstation is designed for many desktop users that might migrate from Microsoft Windows and or MAC operating system.

Fedora 25 Server is self explanatory for businesses and enterprises that wish to serve multpile users. Fedora 25 atomic replaces Fedora cloud. This is a lighter weight linux distribution.

All three distributions will run on Advanced Micro Devices and Intel architectures. Versions are available in both x86 32 bit and x84 64 bit. You can upgrade to Fedora 25 from some Fedora distributions without downloading the full version.

Fedora 25 workstation will run on both laptops and desktops. Gnome three is a default desktop environment. Workstation includes Docker support.

Fedora 25 server is manageable via a Cockpit administrator. Postgres SQL is a default database. You can configure this server version as a domain controller with FreeIPA.

Fedora workstation is at least 1.3 gigabytes in size and will run off of a USB drive. An x64 64 bit version of Fedora server is 1.9 gigabytes in size and will run off of a USB drive. Atomic image is a 918 megabytes ISO file.

Necumod – Malware Spread Through Facebook Messenger

A Necumod malware was spreading via FaceBook’s messenger system on November twenty two thousand sixteen. A Scalable Vector Graphics image file was being spread as a private message to users. Those individuals that viewed this image were then redirected to a fake YouTube site.

This false positive YouTube site then prompted people to install an extension to properly view that content. This extension obtained those individuals FaceBook login credentials. Also, this extension was spreading that infected Scalable Vector Graphics image via FaceBook messenger.

This SVG type of image file allows you to place scripting code, for example JavaScript inside. This scripting code will run just like any other script. Supposedly, this browser extension was only installed on web surfers using Google Chrome web browser.

This Necumod malware may have performed other nefarious activities on your computer. Those rogue Google Chrome extensions have been removed from their store. Also, FaceBook is now filtering Scalable Vector Graphics images.

A spokesperson for FaceBook was quoted as saying:

“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform. In our investigation, we determined that these were not in fact installing Locky malware rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties.”

If you think that you were infected you may want to run an anti-malware scan, virus scan, and remove any suspicious extensions from Google Chrome, and change your FaceBook password. Bart Blaze, a researcher was credited with discovering this malware. No word on how many individuals were infected by Necumod.

Ubuntu on Windows – How to Install & Use Bash With in Windows 10

Ubuntu on Windows is now available for Windows 10. This is not just an emulator. Ubuntu on Windows 10 is a full fledged Ubuntu linux environment.

This software installs within Microsoft Windows ten 64 bit version. All you need to verify on Windows 10 is that you have Windows 10 anniversary update, that was released in August of two thousand sixteen, installed. Then you need to enable “For developers” in Windows.

Left click your Windows 10 start menu button. Select “Settings” icon. Once in “Settings” click on “For developers”.

Select “Developer mode” and click on any “Apply” buttons. Now you want to right click your Windows 10 start menu button and select “Control Panel”. Select “Programs” and then “Programs and Features”. You want to select on your left hand side “Turn Windows features on or off”.

A “Windows Features” window opens. Scroll down almost to bottom and place a check in box next to “Windows Subsystem for Linux (Beta)”. Click on an “OK” button and now Windows will try to download and install this feature.

Once installed you may need to reboot your computer. Now you will notice a “Bash on Ubuntu on Windows” menu item when you left click your Windows start menu button. Start a Ubuntu linux bash shell with in Windows.

The first time you start this environment, you will need to create a unix/linux user and password. You will be asked to verify your password. In order to browse your Windows files, type in “cd /mnt” without quotes.

Now type in “cd c” or appropriate drive letter without quotes. You now have read and write access to your Windows files. You may need to brush up on your linux command line knowledge if you haven’t used linux before.

This Bash on Ubuntu on Windows is a full fledged command line linux environment. You have possible access to most linux commands and software that will run on Ubuntu. For now this is a beta version so it is possible some commands and or software will not work.

You can update this environment with apt-get update command. Also, you can install programs with apt-get install PROGRAM NAME. This linux environment is based off of Ubuntu 14.04 at time of this blog post creation.

Mozilla – FireFox 50 Released to Fix 27 Security Vulnerabilities

Mozilla.org on November fifteen two thousand sixteen officially released Mozilla web browser version 50. This latest version includes twenty seven security vulnerabilities. Three of these are listed as critical.

Twelve are listed as high in importance. Ten are listed with moderate in importance. Two are listed with low importance.

* CVE-2016-5296: Heap buffer overflow
* CVE-2016-5292: URL parsing cause crash
* CVE-2016-5293: Mozilla updater and maintenance service arbitrary file written
* CVE-2016-5294: Arbitrary target directory update process result files
* CVE-2016-5297: Javascript wrong argument length checking
* CVE-2016-9064: Verification of IDs match for add ons update
* CVE-2016-9065: Android Firefox location bar spoofing when fullscreen
* CVE-2016-9066: nsScriptLoadHandler Integer buffer overflow
* CVE-2016-9067: nsINode ReplaceOrInsertBefore heap use
* CVE-2016-9068: nsRefreshDriver heap use
* CVE-2016-9072: NPAPI sandbox 64 bit not enabled in new profile
* CVE-2016-9075: WebExtensions can access mozAddonManager API to gain elevated privileges
* CVE-2016-9077: Canvas filters allow feDisplacementMaps timing attacks
* CVE-2016-5291: Same origin local HTML file policy violation
* CVE-2016-5295: Mozilla maintenance service able to read arbitrary files
* CVE-2016-5298: SSL indicator misleads about real URL visited
* CVE-2016-5299: Firefox AuthToken permissions problem
* CVE-2016-9061: API key glocation permissions problem
* CVE-2016-9062: Android private browsing traces browser.db and wal file
* CVE-2016-9070: Sidebar bookmark can reference chrome window
* CVE-2016-9073: windows.create schema problem
* CVE-2016-9074: Insufficient divSpoiler timing side channel resistance
* CVE-2016-9076: Select dropdown menu URL bar spoofing
* CVE-2016-9063: Possible XML_Parse Expat integer overflow
* CVE-2016-9071: Probe browser history HSTS/301 redirect
* CVE-2016-5289: FireFox 50 memory safety bugs fix
* CVE-2016-5290: Firefox ESR 45.5 memory safety bugs fix

You can install Mozilla FireFox 50 manually by selecting “Help” then select “About Firefox”. In about Mozilla Firefox you will either see that your web browser is up to date or click on an “Update to 50.0” button. You can download and install Mozilla FireFox version 50.

Another way to upgrade Mozilla FireFox is with automatic updates.

Click on “Tools” then select “Options”. Click on “Advanced” tab. Select an “Update” tab. In update you have three options:

* Automatically install updates
* Check for updates
* Never check for updates

Windows 10 – Update Verion 1607 Build 14393.447 14393.448 KB3200970

Microsoft Corporation released cumulative update KB3200970 on November eight two thousand sixteen. This update resolves ten security vulnerabilities for Windows 10 and Server 2016 operating systems.

  • 3198467 MS16-142: Internet Explorer Cumulative security update
  • 3193479 MS16-140: Boot Manager Security update
  • 3199647 MS16-138: Microsoft virtual hard drive Security update
  • 3199173 MS16-137: Windows authentiction methods Security update
  • 3199135 MS16-135: Kernel mode drivers Security update
  • 3193706 MS16-134: Common log file system driver Security update
  • 3199120 MS16-132: Microsoft graphics component Security update
  • 3199151 MS16-131: Microsoft video control Security update
  • 3199172 MS16-130: Microsoft Windows Security update
  • 3199057 MS16-129: Microsoft Edge Cumulative security update

If you have been keeping up to date with Microsoft Windows 10 security updates then this cumulative update will only install most recent updates. However, if you have gotten behind or skipped some updates those updates will also be installed. If this is your first time installing Windows updates on 10 or Server 2016 then file sizes are 467 megabytes x86 and 871 megabytes x64 respectfully.

You can obtain these updates via Microsoft Windows update or Microsoft Update Catalog website. You must reboot your computer for all updates to take effect. Finally, there two builds associated with this update, 14393.447 and 14393.448 mobile.

Microsoft – Begins With Monthly Updates For Windows 7 and 8

Microsoft Corporation decided in August that they would begin releasing updates for both Windows 7 and Windows 8 monthly. This replaces their old process of releasing updates individually as they were created. This is same model that Microsoft adopted for Windows 10.

These updates are rolled up into one larger single update. The following Microsoft operating systems transitioned to this new process starting in October of two thousand sixteen.

  • Windows 7
  • Windows 8
  • Windows Server 2008 R2
  • Windows Server 2012 R2

These monthly updates included both reliability updates and security updates. You will be able to obtain these one time monthly updates via Microsoft Update Catalog, Windows update, Windows Server Update Services, and System Center Configuration Manager. These updates are cumulative just like Windows 10.

If you keep installing these Microsoft updates monthly then you are installing just that month’s updates. However, if you skip some months, then you will be downloading all monthly updates that your computer is missing. Also, Microsoft will be releasing security only updates via Microsoft Update Catalog, Windows Server Update Services, and System Center Configuration Manager.

This allows enterprises to deploy security only updates to large amount of endusers. This will not be available to home users via Windows Update. Each individual update will no longer become available for download and install.

Allegedly, this simplifying process allows Microsoft to release these updates in a more efficient manner. They claim this will shorten scan times for Windows update. Finally, Microsoft Windows Vista and XP are not included in this new Windows update process.