Firefox and POODLE Attack

Google researchers announced recently of the POODLE (Padding Oracle On Downgraded Legacy Encryption) Attack which hackers take advantage of sites (around 0.3%) still using the outdated (introduced in 1996) SSLv3 security protocol. Mozilla has announced that SSLv3 will be disabled, unfortunately it won’t be until Firefox 34 which will be released on November 25th. However, user can (and are urged to) install the SSL Version Control extension which will disable SSLv3 on the fly.

I would not be surprised though if Mozilla pushes out Firefox 33.1 update to have SSLv3 disabled in the coming days or weeks. Google Chrome is already testing changes to disable the fallback to SSLv3. Not sure about Microsoft Internet Explorer or Opera.

via Mozilla Security Blog > The POODLE Attack and the End of SSL 3.0

Firefox 33 Released

Mozilla has released the latest update of Firefox on Tuesday, October 14th with Firefox 33. This update contains numerous changes and fixes, which can be viewed in the Release Notes.

Users may be prompted to update to the newest release of Firefox or can do so manually within Firefox by going to Help > About Firefox and following the update prompts. Users may also manually download and install the Firefox update via the getfirefox.com site.

The next scheduled update for Firefox is November 25th with Firefox 34.

Windows Won’t Install Updates

Some months ago I resurrected a Windows 7 Ultimate computer I had retired a couple years ago after it threw one too many (and consecutive) BSODs. I suspected that all my problems likely stemmed from trying to ‘upgrade’ it from Windows Vista to Windows 7 when I really should have just bought an OEM version of Windows 7. Doing a clean install of Windows 7 Pro seemed to fix all my problems. This was back in April and I got busy with work and other projects. Plus, at that time I really didn’t have a place to keep it setup in my home office. At the time it was more an experiment to see if doing a clean install of Windows 7 would fix the stability issues. I ended up putting the computer back in the closet where it sat until last weekend.

I had been wanting to try out Ubuntu again, especially since I am using it in a virtual environment for the VMware ESXI Server Enterprise class I am currently taking. Also, wanted to try out the Windows 10 Technical Preview. Once I booted into Windows I was told I ‘May be a victim of software counterfeiting’ and that my copy of Windows was not ‘Genuine’. While this was an evaluation copy of Windows 7 I was able to get through my college, I was pretty sure there were no time limits on the licence. Turns out there was, but that was only for retrieving the license key from the Microsoft DreamSpark program. That limit was 2-years from when I purchased (or in this case downloaded) that particular version of Windows 7, which was over two-year ago.

All was not lost though, whenever I purchase (or download) anything from the Microsoft DreamSpark program I always print the online order confirmation which includes the license key (which is in very tiny print). Since Windows was now in lock-down mode I had two options, buy another license key or re-enter the key. I still had the order confirmation so I tried entering the key again, thinking maybe I either misread one of the characters or fat-fingered the first time around. I was able to get Windows activated and all was well…until…

I tried to check for updates and got the message: Windows Update Cannot Check For Updates, Because The Service Is Not Running. Okay, so the service must have been shut off when Microsoft couldn’t validate my copy of Windows. I tried rebooting the machine, thinking that maybe the service would automatically be turned back on. Nope, no such luck. Time to turn to the All Mighty Google and found: “Windows Update Cannot Check For Updates” error message.

I was presented with two options Fix it for me or Fix it myself. I’ve been doing PC repair long enough I should have known that it is usually quicker and more reliable to go the Fix it myself method. However, I thought maybe Microsoft could have improved their automated fixes. So I clicked the Fix it for me link and downloaded a Troubleshooting Pack File which I ended up running and had to wait for it to install. When it was all said and done…it had done absolutely nothing. i was still getting the same message when trying to check for updates.

I took a look at the Fix it myself directions and all it was opening a command and entering two commands:

  • net start bits
  • net start wuauserv

Not only did this fix my problem, it took less time to open the command prompt and enter those two commands than it did just downloading the useless Troubleshooting Pack File. I do recall the Windows net command from last year when I was preparing to get my A+ Certification. Plus I do use it on occasion when for whatever reason I get a print job stuck in the print spooler.

I am now able to check for and install updates on this machine. So far I haven’t had any other issues with this machine. I have managed to get Ubuntu (which comes pre-installed with the latest version of Firefox) running fine on another partition. I tried last weekend to install the Windows 10 Technical Preview in Oracle Virtual Box, but kept running into problems. I am going to try to reallocate the disk space and see if I can just install the Windows 10 preview on it’s own partition.

How to Enable Right-click

Ever come across a site that won’t allow you to right-click? Some sites block the ability to right-click usually via JavaScript so you can’t say copy or download images. However, it is rather frustrating on a site such as a message board where Firefox underlines a misspelled word, but you can’t right-click to correct or ignore. A very quick about:config settings change will “fix” this for you:

  1. In a new tab type in the address bar about:config and press enter
  2. If you get a warning about “Voiding your Warranty” click the I’ll be careful, I promise button to continue
  3. In the Search box type context
  4. In the list of preferneces that show below located and dobuble-click dom.event.contextmenu.enabled to change the value to false
  5. Close the about:config tab
  6. Return to the site/page that was preventing you from right-clicking and try now. Note: You may still get a warning about right-clicking not allowed, but the context menu should appear now.

via wikiHow

Pale Moon Commander adds advanced preferences to Firefox (and Pale Moon)

"... The developer of Pale Moon, a Firefox fork that has seen a surge in popularity after the introduction of the new Australis interface in Firefox, has created a browser extension for Firefox and Pale Moon that introduces an advanced options menu in the browser. ..."
Source: gHacks Tech News
Details  Pale Moon Commander adds advanced preferences to Firefox (and Pale Moon)

Google Software Removal Tool (Windows)

Google has come out with a tool (beta) for Windows to help users identify and remove rogue extensions and toolbars that are secretly tracking you.
When malicious programs are using your Chrome browser to collect data, serve you ads or cause overall sluggishness, there's a quick way to find out what's causing the issues. Google recently published the Software Removal tool for Windows that will scan for software that is causing issues with the browser.
A few words of caution before you use this tool:
  1. It is still in Beta so you may want to create a restore point just in case you're that unlucky .01% user that something does go wrong.
  2. This will reset Chrome back to its 'Factory Defaults' which means it is going to remove your home page, pinned tabs, add-ons, new tab page and other personal customization and information (passwords and filled form data).
I recently discovered I had a rogue (tracking) add-on in Chrome which was causing the browser to hang-up mid-way on loading a page and was injecting content (not sure what, possibly a hidden iframe or image). The only way I knew about the latter was because I kept getting warnings that on sites which were suppose to be 100% secure content were displaying insecure content. via C|Net

Be careful with extensions…

Browsers extensions are great as they enhance the usability and your experience with your browser. However, there are some extensions out there that will actually do the opposite. This seems to be a bigger problem for Chrome but there are a couple known 'spying' extensions in Firefox. These 'evil' extensions may track you or as in the case with Scott Hanselman inject ads into sites you are viewing.
My perspective on JavaScript-based browser extensions has been far too naïve until this point. We were all burned by bad toolbars or evil ActiveX add-ons in the past, so when I run IE I run it with no add-ons enabled, or very few. However, with Google Chrome and it's sync feature, as well as its rich extension store, it's easy to add a bunch of add-ons and get them synced to other machines. I wanted to download a YouTube video recently so I installed a "U-Tube Downloader" extension. It is highly rated, seemed legit, so I added it. It puts a nice Download button next to any YouTube video. Like greasemonkey script it was there when I needed and it, and out of sight otherwise. I installed it and forgot about it. So, put a pin in that and read on...
Here is a list of "known" tracking extensions for Firefox and Chrome. Do note that this list was from January of 2014, so there are likely many more that are not on this list. via GSD

Meet MatchStick by Mozilla

One of our Facebook followers shared this on our Facebook Page today. MatchStick is Mozilla's ($25) alternative to Google's Chromecast.
Mozilla is expanding beyond its Firefox browser and trying its hand in the suddenly hot streaming video business. Its take: the MatchStick HDMI streaming stick, which will sell for a limited time through Kickstarter at a starting price of $12 before it goes to retail. It's final price of $25 sets its sights on the Chromecast, the $35 streaming dongle from search giant Google. Matchstick runs on Firefox OS, the open source mobile operating system built by Mozilla on Firefox's underlying engine.
This one area of technology that I have't really gotten much into yet. I don't even really do much in the lines of streaming video and when I do it is just on my PC. via C|Net

Microsoft Announces Windows 10

No, the title is not a typo. Microsoft has announced today they are skipping over Windows 9 and going directly to Windows 10.
Originally codenamed Windows Threshold, the new operating system essentially does away with the tiled "Metro" user interface that Microsoft had attempted to implement across its entire device line, from desktop PCs to Surface tablets and Widows Phone devices. It is such a substantial leap, according to Microsoft's executive VP of operating systems, Terry Myerson, that the company decided it would be best to skip over Windows 9, the widely expected name for the next version.
So it sounds like Microsoft learned their lessons with Windows 8 in that consumers are still using traditional desktop/laptop PCs with mouse and keyboard. I guess Microsoft also realized that consumers weren't going to ditch their traditional PCs and go out and buy Surface tablets. Touchscreen computers (laptop or all-in-ones) could be seen as a mid-point or a compromise to completely ditching the traditional computer and going to a Surface tablet. The problem with these devices when they first came out was they were considerably more pricier than the traditional computers. Also, at that time there were not many applications that truly supported the touch interface. When I needed to get a new computer a couple year ago, I looked at the all-in-one PCs and while they were nice, they were much more expensive. The processing power and the on-board memory were lacking. I've said it many of times, that while I am not a fan of Apple, I do like they had sense enough not to combine their desktop (OS X) and mobile (iOS) operating systems into one. Something that took Microsoft almost 2-years (Windows 8 debuted in October 2012) to realize.
"Windows 8's focus on touch, the large start screen, the notion of apps running full-screen as they do on tablet devices...that was to salute the idea that this would be more productivity," Belfiore added. "But we didn't get it right .With Windows 10, we think we got it right."
Microsoft is being hushed about a release date for Windows 10 and for that matter how upgrades are going to be handled. via C|Net

No iPads for the LA Clippers

First off, had no idea the former Microsoft CEO had purchased the Los Angeles Clippers. Anyway, he still supports Microsoft and has told the staff (including the head coach) 'no iPads'.
Ballmer has told the staff at the L.A. Clippers — including head coach Doc Rivers — that he doesn’t want iPads around the front office or on the bench. Ballmer tells Reuters that most of the Clippers organization is already using Windows, though he conceded that some of the coaches and players are not.
So, guess that means they will be using Surface Tablets. via GeekWire