Firefox 52.0 update

Firefox 52.0 was released earlier this week with some noticeable changes. This new version increases awareness of insecure sites by showing a warning message where there are username and password fields.

One other big change is the removal of NPAPI-based plugins with the exception being Adobe Flash. So if you need sites that use Java and Silverlight, you will need to use a different browser or stick to an older version of Firefox.

To update, try the following steps:

Windows: Go to the Help menu and select About.

Mac: Go to the Firefox menu and select About Firefox.

To download a fresh copy of Firefox on either Windows or Mac, you can go to the link below and click the green Download Firefox button:

Link –> Mozilla Firefox

SOURCE: Mozilla

Update your iPhone/iPad to iOS 9.3.5 ASAP

Apple released iOS 9.3.5 today for iPhone and iPad that patches a serious security vulnerability. I recommend installing it as soon as possible.

To download and install the patch, perform the following steps:

Go to Settings –> General –> Software Update and follow the prompts.

As with any update, please make sure you have at least 50% battery or plug in your device so you don’t lose power during the update process.

For more information on what triggered this patch, click the link below.

SOURCE: Citizen Lab

Heartbleed bug and solutions

Heartbleed
While the title sounds more like a metal band or a dangerous heart condition, this one has to do with a web vulnerability. This bug allows malicious users to see various information that is normally secured like usernames, passwords, credit card numbers, etc. In other words, it’s a very serious problem.

Most website providers should have patched their systems by the time you are reading this if they were impacted by this issue. However, here are a few resources you can check to make sure the sites you visit are patched.

Heartbleed Test (Filippo Valsorda)
Heartbleed Bug Websites Affected (Mashable)
Top 10,000 sites that were affected
Google Chrome Heartbleed plug-in

How can you protect yourself? Normally in these situations, changing your password is the first choice. While that is a good idea, make sure the site is patched or not affected before changing it. Use a long password with uppercase, lowercase, numbers and symbols if they allow. I recommend using a password manager like 1Password which can help you generate and remember strong passwords.

Websites are not the only things that are affected by this bug. Many internet modems and routers offer secure remote management which could be at risk. If you have this feature turned on (normally it’s disabled by default), you may want to disable it and check with the manufacturer to see if there is an update that fixes it.

Here are a few of the bulletins from these manufacturers regarding their equipment and the Heartbleed bug.

Note: I was not able to find any official information on Netgear routers regarding Heartbleed.

Cisco
D-Link
Juniper
Linksys

For the technical details of this bug, check out the Heartbleed website.

http://heartbleed.com/

Have you found sites that are still not patched? What about your online banking and shopping sites? Post your feedback in the comments section below.