Top Unpatched Vulnerabilities by Company
So I was watching the HNN show for this week and near the end they showed a list of companies and the counts for unpatched, yet known vulnerabilities in their software. Below is the list. Not surprising me, but Adobe is at the top … again.
| Company | Count |
|---|---|
| Adobe | 25 |
| HP | 18 |
| Apple | 15 |
| Oracle | 14 |
| Novell | 12 |
| Mozilla | 8 |
| Microsoft | 7 |
| Sybase | 6 |
| Symantec | 4 |
| RealNetworks | 4 |
What does this information tell me?
- Stop using Adobe software. I think Adobe needs 3+ more years to create software that includes security by design aspects. Patching their old code-base, which is what they’ve been doing, doesn’t help. The design flaws from a security perspective are too large.
- I’m pretty impressed that Microsoft is so low with their huge number of software products.
- Oracle has never been very good at pushing patches for their products, IME. Their tools tended to be used on internal networks, not on the internet, so being lax wasn’t as big a deal. With the purchase of Sun, Oracle really needs to step up their patch fixes.
- I don’t use any Apple software … but they are involved with CUPS (UNIX printing) in some way.
- The HP issues seem to be mostly connected to backup software that I doubt most people have or use.
First Look at Natty Narwhal - Ubuntu 11.04 and Unity 5
A first look at Natty Narwhal, aka Ubuntu 11.04, under VirtualBox 4.0.6. I’m coming from this as a daily user of Lubuntu 10.04 LTS. I don’t use Gnome much as I find it bloated and slow.
I’ve been using Natty for about a week. In general, I like the new interface. It isn’t nearly as big a change as others would have you think. It is easy to change to a different interface like the old Gnome or even the Unity-2D for the graphics impaired machines, like mine. Give it a week and learn the keyboard shortcuts, I think you’ll like it. I found myself trying to use them on my non-Natty systems and missing those shortcuts when they weren’t available. That says something to me.
Panucci-Nokia N8x0 Podcast Player 1
Sure I’m a little late, but I recently discovered the Panucci Resuming Player for Nokia N800/N810/N900 internet tablets. I’ve tried music playback programs and have always been disappointed since they didn’t support 30 second skip forward, backwards or resume after power off exactly where I was previously. Panucci does all these things.
Windows7 Recent Patches Change Mouse Settings
Last week (4/12/11), Microsoft pushed out a bunch of patches. I didn’t really notice most of the changes, but one changed the way that the mouse snaps to an open window. Yuck. I alt-tab to change programs all the time – all the time – and even the alt-tab moves the mouse over the center of the screen where the program selection window is temporarily located. Some of my automatic scripts open and close new windows. When those windows are opened, the mouse is moved, but when they close, it doesn’t go back where it came from or set the focus back to the prior window. Not good.
Anyway, just typing “mouse” into the superbar under Windows7 offered Change how your mouse works with a checkbox to Activate by hovering …. Uncheck that choice and the mouse behavior works the way I need again.
Why would a patch need to alter this mouse behavior?
Perhaps some security issue with auto-focus?
I dunno. Perhaps it was just there to frustrate UNIX/Linux people who use focus follows mouse.
Gnome3-A Quick Look 2
Gnome3 was released this week. I usually don’t try new releases, since I prefer to let others find the issues, report them and wait for the fixes. After reading an article over at LifeHacker and seeing all the unknown questions about gnome3, I decided to grab an ISO and give it a try. Below is a very short look.
New Linux GUIs Are Missing The Point 2
With the release of Gnome 3 and pending next version of Ubuntu running Unity, there are many things changing in the Linux GUI world.
Scanning and OCR on Linux with gscan2pdf
When you run a business, you will probably need to scan documents and store them into a document management system. Often, those document scans become completely unsearchable since the text is not included for the DMS to index. Entering metadata for each document becomes critical, especially keywords that someone else will likely use to find the document later.
Xsane for Scanning
I’ve been scanning using xsane on Ubuntu/Lubuntu for a few years. The Brother All-in-1 MFC-240C in my home office is used for faxing and scans. It was found and worked just as expected. It runs as a normal user, not root and no sudo needed. It is a great, home-use sheet fed scanner.
Improved Scanning + OCR With gscan2pdf
Installation was uneventful. The standard install method for Ubuntu/APT worked and brought in necessary dependencies.
sudo apt-get install gscan2pdfNext I tried to run the application as a normal user – I wasn’t hopeful, since whenever you connect to hardware, there are probably group permissions that need to be worked out. Since I’d already been scanning with the same user using xsane, I was cautiously optimistic. It didn’t work – got stuck scanning for the scanner hardware and properties. Ok, so perhaps it needs the first run to setup the hardware as root –
sudo gscan2pdfIt found the scanner, set some properties (I guess), so I dropped a 6 pg document into the sheet feeder, set the resolution to 600 dpi, greyscale and told the program to scan all the pages. I heard the sheet feeder pull the first page and heard the scanner go. As the 2nd page was pulled in to be scanned, some of the applications brought in due to dependencies were spawned and notifications that they were running displayed. The scanning continued, uninterrupted.
As each page was scanned, a thumbnail was displayed in the left border and the main page area showed the scan for page 1.
OCR – Optical Character Recognition
I don’t recall whether the OCR was a checkbox or automatically included in the job. I do recall there were choices for where the text would be placed inside the resulting PDF. I chose to place the text under the image for the page, other options were before or after. With that choice, text searches would locate the correct page. At the bottom of each scanned page is an area with the text results of the OCR process. For the first page, the word accuracy was about 90% with many consistent mistakes. 90% accuracy sounds better than it turns out to be. To correct 10% of the words on a page takes longer than I would have liked. There is no spell checker built into this tool, so I copied each page of text into LibreOffice and used that spell checker to correct the problems. Some of the OCR created words that are in the dictionary, but didn’t make any sense in context. This is a common issue for OCR. The good news is that the PDF file has the fairly high resolution scan which definitely shows the words just as you’d expect.
The Results
I’ve found a new scanning tool. It works and creates image-based PDF files. At this point, the only drawback is that running this tool without elevated privileges doesn’t work, at least not so far. For most home users, this is a minor issue.
I forgot to mention that I ran this program over an ssh -X connection. No issues.
Enable Do Not Track in Firefox 4
Whether the Do Not Track settings have any legal support or not, it is worth enabling this for anyone who would like to tell websites not to track them. It may be a worthless effort, but thankfully, it doesn’t take much effort, so why not?
On my Linux system, running Firefox 4.0, the Tell web sites I do not want to be tracked setting, yes, that is the exact wording, is under the Advanced tab of the General tab in the Firefox Preferences.
Steps:
- Edit
- Preferences
- Advanced
- General
- then under the Browsing heading, check box to Tell web sites I do not want to be tracked
Simple.
On other operating systems, it should be easy to find.
Making KeePassX work with Pinentry and Enigmail 3
KeePassX is my password manager of choice.
Enigmail is the GnuPG signature and encryption add-on for Thunderbird.
Pinentry is used by Enigmail to enable secure entry of PINs, passwords and pass phrases. It blocks copy/paste and forces all keyboard entry into the pinentry textfield. That’s great if you have trivial or easily typed pass phrases. I do not.
These are all fantastic, until you depend on KeePassX to hold non-trivial pass phrases to gain access to your certificates. Since pinentry doesn’t allow copy/paste, there is a major issue. If your passphrase is non-trivial and long, then manually entering them whenever you need to read or send a sensitive email is beyond a hassle. It sucks. pinentry also grabs both the keyboard and copy/paste events, so you are probably unable to alt-tab to the window you really need. Anything typed on the system gets placed into the pinentry text field. How rude.
Workaround
There is a workaround – it is a hassle, but better than trying to type 50 characters of assorted keys.
Use the Perform Autotype option by mousing for your specific KeePassX entry. Doing this means that the Userid needs to be empty and you need to already have KeePassX unlocked before you begin any encryption work. Using the mouse to cause the paste/autotype works.
You’ll probably want to setup gpg-agent to hold your keys for a while too. Anything to avoid going through this crap to retype pass phrases for certificate access.
I’m running Enigmail v1.1.2, Pinentry-gtk2 v0.7.6 and Thunderbird v3.1.8.
101 Uses For a Password Manager
Ok, not really 101 uses for a Password Manager, but many more than you thought, about 30.
Use A Password Manager
For the last few years, I’ve been trying to get anyone with more than 5 passwords to remember to start using a password manager, PM, as part of increasing your desktop security. Below I’ll go into a few alternate uses for that password database beyond just storing computer and website passwords.
