Our latest edition of WIG is filled with news link coverage on topics such as Windows 8 Fast Startup feature can put data at risk on dual-boot systems, a critical Ruby on Rails bug threatens 200,000+ sites, Microsoft confirms Windows Live Messenger – Skype transition bugs, and more.

Skull and crosshair targeting scope clipart courtesy of Clker.com.

Weekly News Links

• Firefox 18 arrives with IonMonkey-powered JavaScript
  Mozilla says the newly released Firefox 18 will be delivering faster JavaScript for web games and other long lived applications. This boost is thanks to the addition of the IonMonkey just-in-time compiler as a replacement for the SpiderMonkey JavaScript engine.
• Firefox 19 betas arrive for the desktop and Android
  Mozilla has released beta versions of Firefox 19 for the desktop and Android. The desktop version enables PDF.js, a built-in JavaScript-based PDF viewer, which brings native integration of the format to the browser and eliminates the need for plugins. The Firefox for Android beta gets additional support for the ARMv6 architecture, including phones from LG, HTC and ZTE, and also now supports themes.
• Chrome 24 brings math formatting, better offline abilities
  Alongside the perpetual effort to speed up JavaScript, Google’s newest browser gets MathML support, offline data storage with IndexedDB, and security fixes.
• Beta for Chrome on Android now available
  Google has made a beta version of Chrome 25 for Android 4.0+ available in the Google Play store, bouncing the version number into synchronisation with the current desktop version.
• Linux and Windows 8: Fast Startup puts data at risk
  The new Fast Startup feature of Windows 8 puts the filesystem’s integrity at risk if other operating systems are used to write to Windows partitions. Data loss is particularly likely with dual-boot configurations that involve Linux and Windows 8.
• Microsoft Allows Some Windows 8 Users to Downgrade to Windows 7 for Free
  Even though Microsoft has already announced that it had sold 60 million copies of Windows 8, there are plenty of users who are disappointed with the operating system and wish to go back to Windows 7.
• Microsoft beefs up SkyDrive with more features
  The SkyDrive Web site now offers better support for dragging and dropping files and sharing files with other people.
• Fedora 18 Spherical Cow Final Is Ready for Launch on January 15
  Fedora 18 (Spherical Cow) is finally ready to ship after numerous delays and it will be available for download on January 15.
• LibreOffice 4.0 to receive Personas support
  The latest LibreOffice release (4.0 RC 1) has received a visual UI refresh with the ability to add Personas themes, allowing for a more customized UI experience.
• Report: ZTE to bring Firefox OS to Europe
  The Chinese phone maker ZTE says that it is working with an unnamed European wireless carrier to bring smartphones based on Mozilla’s Firefox OS to the market this year.
• Mobile Hotmail and Outlook.com users hit by multi-day access issue
  Those trying to access Microsoft’s Hotmail and Outlook.com from iPhones, iPads, Android phones and other mobile devices are continuing to encounter problems.
• Microsoft’s Messenger service to live on
  Redmond is killing off its Live Messenger client in favor of Skype, but the underlying Messenger service will continue to run, at least until next year.
• Microsoft Confirms WLM – Skype Transition Bugs
  Microsoft has recently announced that it would discontinue Windows Live Messenger on March 15, so users have no other option that to make the move to Skype. The problem is that many of those who indeed decided to migrate to Microsoft’s VoIP platform have encountered a problem that erased most of their contacts, with no workaround to get the lost information back.
• Dropbox rolls out Windows 8 app
  The cloud-based file storage service unveils its own dedicated Windows 8 app, though it’s lacking some key features.
• Google adds high-res photo zoom to Google+
  People now can immerse themselves in high-resolution photos posted on Google+ instead of seeing a blurry version when zoomed in all the way.
• Amazon lets rip with AutoRip music service
  When you buy an AutoRip-enabled CD, you automatically get the MP3 version for free, and those MP3 versions will be available via Amazon’s Cloud Player.
• Facebook yanks Instagram usage data from public view
  The social network now no longer reveals standalone data for its photo-sharing service, just weeks after a flap over whether those numbers showed a major loss of Instagram users.
• MacBook Air EFI update fixes freezes and boot issues
  A new firmware update for mid-2012 MacBook Airs fixes Thunderbolt-related freezes and other problems.
• How to set up an Eject All hot key in OS X
  OS X requires that you manually eject all drives before disconnecting them, which can be a bit of a burden if you have multiple drives attached. Here’s a way to simplify things a little.
• Vint Cerf: Your shirt shouldn’t have Internet access
  Google’s chief Internet evangelist arrives at CES still bullish on the connected world — with limits.

Security News

Skull and crosshair targeting scope clipart courtesy of Clker.com.

Special Note: You can view our article on how to disable and/or unistall Java on your computer here.

• Critical Java zero-day bug is being “massively exploited in the wild”
  Your fully patched installation of Java isn’t safe. – A previously unknown and currently unpatched security hole in the latest version of the Java software framework is under attack online, according to security researchers and bloggers.
• Apple blacklists Java on OS X to prevent latest “critical” exploits
  Apple has blacklisted the latest version of the Java browser plugin to protect Mac users from the latest Java exploits. As noted by MacRumors, OS X now requires a newer, as-yet unreleased version of the Java plugin which is expected to patch a flaw that resulted from an incomplete patch added to Java last year.
• Mozilla touts ‘Click to Play’ in defense against Java vulnerability
  Mozilla has chimed in with its own tips and resources amidst the brewing Java vulnerability scare. – As worries about the Java 7 Update 10 vulnerabilities continue to escalate, Mozilla has addressed the issue in reference to how this concerns Firefox.
• What You Need to Know About the Java Exploit
  On Thursday, the world learned that attackers were breaking into computers using a previously undocumented security hole in Java, a program that is installed on hundreds of millions of computers worldwide. This post aims to answer some of the most frequently asked questions about the vulnerability, and to outline simple steps that users can take to protect themselves.
• Extremely critical Ruby on Rails bug threatens more than 200,000 site
  Servers that run the framework are by default vulnerable to remote code attacks. – Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability in the Ruby on Rails framework that gives remote attackers the ability to execute malicious code on the underlying servers.
• Microsoft Admits It Has to Fix Its Fix for Internet Explorer
  Microsoft is still working on a patch to fix a recently discovered bug in Internet Explorer 8 and older, but security companies across the globe warn that several websites are getting compromised to take advantage of the flaw.
• Current Foxit Reader can execute malicious code
  Security expert Andrea Micalizzi has discovered a critical vulnerability in the current Foxit Reader’s browser plugin; according to the researcher, the hole can be exploited to inject malicious code. When a web page instructs the npFoxitReaderPlugin.dll plugin to open a PDF document from a very long URL, a buffer overflow is created on the stack.
• Adobe warns of critical ColdFusion hole being exploited in the wild
  ColdFusion developers have been warned by Adobe to set usernames and passwords for the remote development service and to disable access to certain directories in order to avoid risk of being compromised.
• Critical security update for MoinMoin wiki released
  The developers of MoinMoin have closed a critical security vulnerability with the release of version 1.9.6 of their open source wiki software. A vulnerability in the twikidraw and anywikidraw components which could be exploited to execute arbitrary code has been closed. The problem affects MoinMoin 1.9.5 and earlier versions.
• Critical vulnerabilities in Asterisk
  Digium has fixed several critical vulnerabilities which could be exploited by an attacker to inject code onto the server into its open source telephone system application Asterisk. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols.
• VLC Media Player 8 Banned on Windows 8
  While everyone’s waiting for the official app, a so-called VLC Media Player 8 has been approved for Windows Store, so it may trick people into believing that they’re downloading the software solution developed by VideoLAN. The app is, however, a fake, even though it promises to play “most of the latest formats of video as well as audio files.”
• Another Fake VLC for Windows 8 App Available for Download
  Even though an official VLC media player for Windows 8 is yet to be released, some software developers across the world are trying to make the most of VideoLAN’s success with similar apps that copy one or more of the original features.
• Hack turns the Cisco phone on your desk into a remote bugging device
  No fix yet for attack that allows eavesdropping on private conversations. – Internet phones sold by Cisco Systems are vulnerable to stealthy hacks that turn them into remote bugging devices that eavesdrop on private calls and nearby conversations.
• Nokia ‘hijacks’ mobile browser traffic, decrypts HTTPS data
  A security researcher has found that some Nokia phones pass secure HTTPS data through Nokia’s servers, and this data is decrypted so it can be compressed, in order to reduce data bills.
• Lost+Found: Password klutzes, cat payloads and a lulzy-PoC
  Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been been on The H’s radar this week. In this edition: the offensive uses of plain text, proof of concepts for the lulz, 29C3 videos, payload enabled cats and Inception opens up Windows 8.
• Crimeware Author Funds Exploit Buying Spree
  The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.
• Yahoo adds HTTPS support to Yahoo mail
  Yahoo has begun to catch up with the other webmail providers and is now offering HTTPS as an option on its service.
• Polish prof discovers way to encrypt secret messages into silence on Skype (even if the FBI is listening)
  Skype calls use 256-bit advanced encryption by default, but that’s not secure enough for some people. So a prof at the Warsaw University of Technology has created a way to communicate even more privately on Skype — by using silence.
• Windows RT Jailbreak Tool available, makes running unsigned apps a breeze
  Jailbreaking Windows RT just got easy. Merely days after a complicated method to run unsigned apps on Microsoft’s tablet operating system was uncovered, there is now an automated method available, dubbed RT Jailbreak Tool. No more messing around with debuggers and assemblers.
• Microsoft Not Pleased with Windows RT Jailbreak Tool, Says It May Block the Hack
  Microsoft is apparently having a change of heart over the recently-released jailbreak tool for Windows RT devices, with the company now suggesting that it may block the hack after all.

TinyHacker Links

Image courtesy of Microsoft.

• How good is the Surface Pro?
  Learn all about it from this review from The Verge.
• How good is the Surface RT in daily use?
  Ed Bott has published an overview of his 60 day experience with the Surface RT and shares some interesting insights.
• Three ways to learn when Windows was installed
  More details are found in this tutorial.
• SAMSUNG Launches its First Windows Phone 8 Smartphone in the U.S. with Verizon Wireless
  Samsung has finally jumped onto the Windows Phone 8 bandwagon by launching the ATIV S. It’s essentially a Galaxy S III in Windows Phone clothing.
• Useful PS3 Guides
  PS3 users, check out some of these helpful guides to enhance your experience with the device.
• Do More With Your Microwave
  Are you one of the millions of microwave users who use it only for reheating? You should take a look at this article then.

How-To Geek Weekly Article Recap

• How to Service Your Own Computer: 7 Easy Things Computer Repair Places Do
• How to Downgrade Windows 8 Pro to Windows 7
• Have You Ever Wondered What Gmail’s shva=1 URL Parameter Means?
• HTG Explains: Why You Shouldn’t Host an Open Wi-Fi Network
• Beginner Geek: How to Reinstall Windows on Your Computer
• How to Use NTFS Compression and When You Might Want To
• Does Windows Still Rely on MS-DOS?
• 6 Tips For Improving Game Performance with Steam on Linux
• The Best Free Ways to Share Photos With Friends and Family Other Than Facebook
• Desktop Fun: Snow Covered Trees Wallpaper Collection Series 2

Geeky Goodness from the ETC Side

• “Confidential” User Name and Password Handbook [Humorous Image]
• Facebook Euphemisms [Comic]
• A Visual History of Windows – Windows 1.0 through Windows 8 [Video]
• Modern Day Communication [Comic]
• Life in Mars [Wallpaper]
• Aerial View Map of Minas Tirith [LOTR Wallpaper]
• $20 Router Hacked into Internet Radio
• The Last Day of the Hyrule Bottle Factory
• Privacy Violation is a Matter of Perspective [Comic]
• The Mobile Phone Life Cycle [Comic]

One Year Ago on How-To Geek

• How To Add (and Remove!) Watermarks, Text, or Logos To And From Images
• Quick Digital Makeup Tips To Make Yourself Look Ten Years Younger
• Stupid Photoshop Tricks: Create An Optical Illusion Double Portrait
• How To Make Photoshop Cartoons In About One Minute
• How To Customize Photoshop’s Panels, Shortcuts and Menus
• What Do I Need To Know Before Buying A New Lens For My Camera?

How-To Geek Comics Weekly Roundup

• The Problem with Old TVs
• Geeky Marriage Proposal
• Volume Frustration
• Content Creators’ Lament
• Very Pale Complexion

How-To Geek Weekly Trivia Roundup

• Which Novelist Indirectly Contributed To Particle Physics?
• The First Steam Engine Was Known As What?
• Who Coined The Term Meme?
• What Is The Tallest Structure In The United States?
• If You Suffer From Prosopagnosia You Are Unable To See What?
• Which Game Console Was The First To Have Downloadable Content?
• Which Company Used Euler’s Number As Part Of A Recruiting Riddle?