Tag Archives: Chrome

ChromeOS Flex – a free Google operating system for older computers

Google released ChromeOS Flex, a free cloud-based secure operating system for older PCs and Macs in July 2022. Potential users should check if their device is on Google’s list of computers models that are certified to work with ChromeOS Flex. Documentation is available at chromeenterprise.google/os/chromeosflex and at the Chrome OS Flex Help site.

Ransomware decryption tools and victim resources

The No More Ransom project website has free decryption tools for many known ransomware typesAvast Decryption Tools, Trend Micro Decryptor, and ID Ransomware are other websites that can help victims of ramsomware.  A list of antivirus software providers for Windows may be found here.

The United States Cybersecurity & Infrastructure Security Agency (CISA) has a site with tips on how to prevent ransomware attacks.

Google Chrome comes with Chrome Cleanup, a web browser feature that creates alerts when it detects unwanted software and allows the user to remove the software and return Chrome to its default settings.

If a decryption tool is not found, one option is to replace the hard drive and operating system and save the locked drive offline. A decryption tool for the ransomware strain may become available months later to free the data at that point.

 

Chrome OS automatic updates may not be available for older devices

Google’s Chrome OS is a secure choice for an operating system, but older devices may no longer be supported.  When a Chrome device reaches its Auto Update Expiration (AUE) date, automatic updates from Google will no longer be provided.

IFixit has instructions on how to convert a working Chromebook past its expiration date to use CloudReady.

Secure HTTPS websites for free using Let’s Encrypt

Google Chrome will display all non-HTTPS sites as “not secure” with the release of version 68 in July 2018HTTPS websites will also be ranked slightly higher in Google searches when compared to HTTP sites.

Let’s Encrypt is a free certificate authority that can be used to create HTTPS websites.  This project is managed by the non-profit Internet Security Research Group (ISRG).   Let’s Encrypt works well for low and medium traffic websites.  Websites that experience a great deal of web traffic or need warranty coverage should consider a paid certificate authority.  Let’s Encrypt certificates also expire every 90 days and have to be renewed.

Certbot is a free tool made by the Electronic Frontier Foundation (EFF)  in order to automatically use Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

More information is available at:

Visual Studio Extensions Marketplace

Extensions for the Microsoft Visual Studio suite of products can be found at marketplace.visualstudio.com.  Extensions add support for languages not included in Visual Studio, aid in IDE development, or perform a specific task.

Some current popular extensions are:

Extensions can be free, preview, or paid.  Paid extensions are often charged per user per month.  Preview extensions are eventually converted to paid extensions. Extensions are either written by Microsoft, third party vendors, or individual developers.

More information can be found at code.visualstudio.com/docs/extensions/overview.

Meltdown and Spectre security flaws forces tech companies to release updates

Two recently detected security flaws currently named “Meltdown” and “Spectre” are causing Apple, Microsoft, Google, Intel, and others to release security updates to fix any potential problem.  The flaws potentially affect all recent computers, smartphones, and tablets that use a CPU performance feature called speculative execution.  There is no evidence that the flaws have been exploited at this time.  The general recommendation is to download updates for all devices.

Current Apple products may have the security flaws with the exception of the Apple Watch.  Apple is continuing to work on updates and released a statement at https://support.apple.com/en-us/HT208394.

Microsoft issued guidance for Windows users, SQL Server, Windows Server, and has updated most of its Azure infrastructure and will continue to do so.  Security update KB4056890 also updates Internet Explorer and Edge browsers.   Microsoft also issued update KB4056892 for various Windows versions but notes that some AMD processor machines to stop working after installing it.

Google recommended that Chrome users should turn on site isolation.  Google also responded with these blog posts:
https://support.google.com/faqs/answer/7622138
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Mozilla is working on updates and a fix is available in Firefox 57.0.4 version.

Amazon has updated its servers already and will continue to do so.

Intel released a statement as well and is releasing updates.  It also reported some systems rebooted more frequently after the updatesAMD also released a statement on their CPUs and speculative execution.

Oracle issued updates for MySQL, Java, PeopleSoft and other products that it maintains.

The CERT Vulnerability Notes Database has logged this issue as Vulnerability Note VU#584653.

eWeek reported that Linux 4.15 was released with Meltdown and Spectre patches and that further patches would be made for this issue.

More information can be found at https://spectreattack.com.

How to disable Video Autoplay in Mozilla Firefox Browser

Follow these steps to disable nearly all video playbacks in Firefox.

To disable non-Flash Player video:

Type this into web address and press Enter: about:config

Click the “I accept the risk” button when this warning appears.

firefoxaboutconfigwarning

Right-click on the following lines under media prefixes to set the value to False:

firefoxaboutconfigmediaautoplay

media.autoplay.enabled
media.directshow.enabled
media.eme.enabled
media.encoder.webm.enabled
media.ffvpx.enabled
media.gmp-eme-adobe.enabled
media.gmp-widevinecdm.enabled
media.mediasource.enabled
media.mediasource.mp4.enabled
media.mediasource.webm.enabled
media.mp4.enabled
media.navigator.enabled
media.ogg.enabled
media.peerconnection.enabled
media.peerconnection.video.enabled
media.play-stand-alone
media.raw.enabled
media.wave.decoder.enabled
media.wave.enabled
media.webm.intel_decoder.enabled
media.webvtt.enabled
media.wmf.enabled

To disable Adobe Shockwave Flash video, click the “Open Menu” button at the top right part of the screen, then select “Add-ons”.

firefoxaddons

Select “Plug-ins”, then change the Shockwave Flash setting to “Ask to Activate” or “Never Activate.”

firefoxflashasktoactivate

Non-Flash video playback can be disabled in the Chrome browser by installing a free add-on such as Disable HTML5 Autoplay.

To see all Firefox About menus, type this into the web address and press Enter: about:about