Bugs & Fixes: Making Synology's VPN private again

Jon L. Jacobi Freelance Writer, PCWorld

If you've been reading PCWorld Norway (you know you have) or scouring our own reports on the same subject, you know that many Internet devices such as routers and NAS boxes leave their data disturbingly easy to access. One of the most recent examples comes courtesy of the OpenVPN module in Synology's 4.3-3810 update to its DiskStation Manager operating system.

A hardcoded password in said module makes the devices very easy to invade. Fortunately, Synology has released version 5 5.0-4458 already, but if you haven't updated, do so now. Or update the VPN module in the package center. Or stick with the PPTP and L2TP/IPSec protocols. Our VPN guide by Eric Geier could help, too.

Read more »

1

Bugs & Fixes: With exploit roaming in the wild, Adobe updates Flash and Air

Jon L. Jacobi Freelance Writer, PCWorld

You don't want some evildoer to take over your system remotely, and neither does Adobe. Citing this potential vulnerability, Adobe patched its Flash Player to 12.0.0.7—and version 11 to 11.7.700.269 (Windows and Macintosh), and 11.2.202.341 (Linux). 

This is an update well worth doing. Adobe identifies each specific vulnerabilty by a Common Vulnerabilities and Exposure numbers: For instance, this update addresses CVE-2014-0498, describing a remote execution vulnerability, and CVE-2014-0499, which covers some unsecured code addresses.

But the third one's the kicker: CVE-2014-0502 involves a bizarre situation where the same memory is being freed twice, possibly leading to a buffer overflow. You may wonder what this has to do with anything, but Adobe is "aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations."

Read more »

0

Bugs & Fixes: 18 vulnerabilities in IE, squashed

Jon L. Jacobi Freelance Writer, PCWorld

March's Patch Tuesday listed only five updates, but they concealed a multitude of ills. One of the items (MS14-012) fixes eighteen vulnerabilities in Internet Explorer alone. The highlight: a fix to thwart remote-code execution from a "specially crafted webpage."

Another patch fixes Silverlight (MS14-014) so someone can't steer users to a bad Web site. Yet another elevation-of-privilege bug (MS14-015) is stomped out in Windows, and DirectX is relieved of a creepy remote-code execution (MS14-013). Also squashed was an account log-in vulnerability (MS14-016).

Read more of the gory details thanks to our colleagues at Computerworld.

Read more »

0

Bugs & Fixes: Iobit's Start Menu 8 startles with ads

Jon L. Jacobi Freelance Writer, PCWorld

The frustration that sets in when you think you're being subjected to a malware attack is no fun. It's hardly better when you realize that the source of the out-of-blue, pop-up advertisement is not malware, but a program like Start Menu 8 (a start menu replacement for Windows 8.x) that you may have had on your system for months or years. Iobit's loss-leader for its Advanced System Care product started popping up ads in the last couple of months, which in some circumstances, can stop the Start Menu 8 program from running during the first reboot after installing Start Menu 8.

There's nothing harmful about the ads, and the program will return to normal operation after the pop-up disappears. The company seemed a bit at sea about the cause but promised a fix soon.

Read more »

2

Bugs & Fixes: The Moon Worm slinks by Linksys E-series routers

Jon L. Jacobi Freelance Writer, PCWorld

A slimy piece of malware called the moon worm has managed to slither past the login for Linksys E-series routers. SANS ISC said that it's the CGI script for the administration interface that's vulnerable, and recommends that you upgrade your firmware--when an upgrade that fixes the problem is made available. As of now, you're invited to switch off your E-series router's Remote Management Console to avoid possible hacking. If you never turned it on, you're in luck, it's disabled by default.

Read more »

0

Bugs & Fixes: Asus router vulnerability gives Plug and Play a new meaning

Jon L. Jacobi Freelance Writer, PCWorld

Though there are security issues with many Internet devices, Asus's routers have been vulnerable to a situation where turning on UPnP would expose the FTP and SMB ports to the Internet--without password protection. Any storage attached directly to the router is completely exposed. PCWorld Norway's Clas Mehus says that combing these exposed devices for user's personal data of an especially revealing nature has become a pastime among loser Web surfers with nothing better to do. Asus fixed this problem with firmware release 3.0.0.4.374.4561, but you'll need to download it and install it as there's no auto-update feature.

Read more »

1

Bugs & Fixes: Dropbox improves performance and setup

Jon L. Jacobi Freelance Writer, PCWorld

Though there wasn't anything particularly severe about the problems in the Dropbox 2.4.x desktop clients, the 2.6.2 version (as per the release notes) improves the speed of the UI quite a bit and offers improved setup—which you don't need if you're satisfied with your current version. You can now handily pause synching from the system tray pop-up and users are no longer unlinked from the online service if they roll back to a previous version. Of course, the only reason most users would want to roll back is a bug. So far, 2.6.2 seems relatively stable.

Read more »

2