It was only a couple weeks back I posted about needing to update your flash player.
Well, a new version was just released a couple of days ago and if you haven’t updated then I would advise you to do it since this update fixes a number of security flaws.
Here’s the post and instructions from last time.
I promise some lighter fair here in the next couple of days but Adobe just published an update to a couple of versions of Adobe Reader that are labeled critical so you really need to update.
Start up Adobe Reader and in the Help menu select “Check for Updates”.
If there are updates available for your version they will be applied.
I would even suggest that if your not running version 10.0.1 (which I’m not in the picture above but I’m in the process of upgrading) that you go and update to this version. You can get it from Adobe at http://get.adobe.com/reader/
I’m a couple of days late posting this but if you haven’t done so already make sure that you update your Adobe Flash player. There are currently exploits out on in the internet lands that take advantage of certain security flaws in flash that could compromise your system. If there is anything that security experts can agree on is that if you need to run flash you need to keep it updated.
Validate Your Version
Go to the Adobe Web site and validate the version of flash that you are currently running: http://www.adobe.com/software/flash/about/ The version you are running will be displayed in the box “Version Information” which should look the the one below.
Your browser and operating system will dictate the correct version you need to be running but for the majority of users you are going to need version 10.2.159.1.
Update If Necessary
If you need to update you can go to http://get.adobe.com/flashplayer/ and you should be prompted to download the correct version for your browser and OS.
You can also use the Manual downloader if you don’t like the whole Adobe download system by following the download instructions at http://kb2.adobe.com/cps/191/tn_19166.html#main_ManualInstaller
Validate Your Version
After you update double check that you are now running the correct version by going back to http://www.adobe.com/software/flash/about/
Multiple Browsers
If you run multiple browsers like Internet Explorer, Firefox, Opera, Safari, etc, on the same computer you may need to update each browser separately. Double check that each browser is running the latest version.
Over the past weekend there was a fairly significant data breach at a company called Epsilon. Epsilon manages various aspects of online marketing and marketing services to companies like Best Buy, Disney Vacations, Citibank, JP Morgan Chase, Kroger, and others.
According to the press release from their website a “subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system.” The breach was “limited to email addresses and/or customer names only.”
What does that mean to you?
Hopefully if your email was stolen as part of this you have received a notification letting you know. I’ve received three notices so far and I’ve read one report of a person who received six.
If you received a notice you need to be on the lookout for targeted or “spear” phishing attacks. Whoever stole the data has your email address and knows which company you gave it to. Spammers can target you with a specifically crafted message that looks like it comes from a company you do business with but try and fool you into giving up your login credentials or sending a message that contains a virus.
So what should you do?
Any email you get from companies, whether they were part of this data breach or not, make sure that any hyper links in the message point back to the actual company. You can typically see this by hovering over the link and looking at the bottom left corner of the browser and it will display the site address. For example, this link to www.google.com isn’t really going to take you to google. (You didn’t click on it did you…..) Phishers will get a lot more crafty then my simple example so you really need to be cautious.
If you receive an email requesting that you log in and verify your information, change your password, tells you your account has been compromised, or any other similar request asking for information, don’t believe it. Don’t follow any of the links in the email, go directly to the companies site as you normally would, either via bookmark or manually typing it in, and log in. If they want something from you chances are you will be prompted for it after you log in.
Don’t open any attachments that may accompany emails from companies. I don’t believe I’ve ever received an email with an attachment from a company that I wasn’t specifically expecting. Like purchasing tickets to an event and they send them in a .pdf file for printing. Any attachments should raise the red flag.
Other good practices include using different passwords for all your sites. I know, this can be a real pain, but if your email account gets hacked you don’t want the same password to provide access to your banking account. You also don’t want your email address to be easy to guess. How many times have you forgot your password to a site and the only information needed to reset it or get a temporary password was to enter you email address and the company sends you an email to complete the process. If I have access to your email account I could reset your password at lots of places before you know it.
While your at it for sites that allow it make sure you passwords contain special characters like * & # ! and don’t contain words found in the dictionary. This will make it more difficult for automated programs to guess your password. Additionally, passwords should be at least 8 characters long.
Lastly, make sure you are running some type of antivirus on your computer. I’m not real big on actually paying for software, I’m more of the free software kind of guy, but antivirus is the one thing I actually buy. Whatever product you choose make sure you keep it up to date. My AV updates at least once a day if not more frequently, that’s how fast they discover and block new viruses.
Adobe has been busy the last couple weeks fixing security holes in both Flash Player and Acrobat Reader and patches for both products were just released. Take a minute to update your system to keep yourself safe. Additionally, if you use Adobe AIR they also recommend that you update that as well.
For Flash Player you need to be running version 10.0.32.18 no matter what operating system your using. To find out what version of flash player your running check this page. If your not running the latest download it from Adobe here. Remember, no downloading from any old web site, get it right from the source.
One thing to consider is that if you run Windows and you use Firefox, Opera, Chrome, or Safari as your primary browser you will need to download the update for those and then go back and do the upgrade for Internet Explorer. You get the same version it’s just that IE and the other browsers use different update mechanisms.
To update Adobe Acrobat start it up and select the “Help” menu item then “Check for Updates.” It should automagically update itself and when done you should be running version 9.1.3. If your running version 8, or heaven forbid 7 or even older, you might have to download the full 9.1.3 version instead of using the using the update feature.
If you have Adobe AIR installed you can find the update on Adobe on this page. Your chances of running this are a lot smaller and you would probably know if you have it. It’s used as a platform to create applications that run on Windows, Mac, and Linux boxes without the programmer having to worry too much about your specific system. If you download an app from the web that requires AIR it will automatically install it for you. If your curious and want to find out if you have this, on Windows box you can go to the “Control Panel” and select “Add or Remove Programs”. It will show up in the program list as “Adobe AIR”.
A couple of months back I installed Google Analytics on the web site as an experiment. Analytics collects various information about who visits the site, what browser you use, what pages you visit, if you got here via a search engine what search terms got you here, and other interesting stuff. I’m an information junkie and love sifting through this type of information.
One of the things it reports is the version of Adobe’s Flash Player installed. Since I work with computers and try and keep with the latest goings on in the security front I feel I need to tell you it’s time to update your flash player.
Why does it matter you might wonder? Virus writers and purveyors of spyware exploit vulnerabilities in software that lots of people use. Things like Flash Player, Acrobat Reader, Internet Explorer, Windows, etc. A couple of weeks back Adobe released an update to Flash to address a vulnerability Players 10.0.12.36 and earlier which can allow attackers to take complete control of the affected machine.
Based on my Google Analytics results 93% of users visiting here in the last two weeks are running outdated flash versions. Nine different versions in fact.
How can you figure out what version of flash your running? Go to Adobe’s web site at the following link:
http://www.macromedia.com/software/flash/about/
and it will show you the version you have installed. Here’s a screen shot:
If the version you have installed doesn’t match the version you should be running then upgrade from the following link:
http://get.adobe.com/flashplayer/
The installation should be pretty straight forward. I use Firefox and my install was to download the install program, close my browser and run the installation. Once you have upgraded go back to the about web site and verify that your installed version has been upgraded.
This is also where I warn you never to install flash from any web site other then Adobe. If you surf your way onto a site that tells you your running an old version of flash don’t believe them, check with the official Adobe site and verify. A very popular phishing technique is to tell you your running an old version and provide you with a convenient download to upgrade but it’s actually just spyware. Any reputable site will direct you to Adobe’s site to get the correct version if you really are running and outdated version.
Once you’ve upgraded flash go ahead and upgrade Adobe’s Acrobat reader if you use it for reading pdf files. On Wednesday they released version 9.1 which fixes a number of critical vulnerabilities . You can get that here:
http://get.adobe.com/reader/