Categories Menu

Posted on May 21, 2014 in Newsletter, Welcome | 0 comments

TWT Newsletter NG – Issue 12 – Heartbleed, is it cause for concern?

Click here to go back to the back issues page or click here if you want to subscribe.

Top Windows Tutorials
TWT Newsletter NG – Issue 12

Welcome to the May 2014 TWT Newsletter

Twelve “next generation” newsletters already? How time flies! We hope you are all enjoying our new improved website. The improved visitor numbers certainly seem to suggest you are. Here’s to another year of great content and fantastic tutorials so that everyone can get more from their PC.

Important! A number of our subscribers have had difficulty receiving our newsletter. At Top-Windows-Tutorials.com we never send out unsolicited e-mails. To make sure your TWT newsletter reaches your inbox, please add topwindo@top-windows-tutorials.com to your contacts, buddy list or white list.

In  this months issue:-

What’s new at Top-Windows-Tutorials.com?
Windows 8 Superguide updates
Does the Heartbleed bug mean it’s time to reset your passwords again?
Tip of the Month – Are you running 32 or 64 bit Windows? Here’s how to tell
Free Utility of the Month – VMWare Player
Windows Store App of the Month – Flipboard
Start menu set to return in next Windows 8 update

 

What’s new at Top-Windows-Tutorials.com?

Most of our time this month was taken up with Windows 8.1 Update 1. We’ll have more on that in the next article. We understand that the Windows 8 coverage has been quite extensive these last couple of months, don’t worry Windows 7 users, we know that you still make up the bulk of our audience! We will have some great new tutorials for Windows 7 users in May.

We also launched a new initiative in April, which we have named the “Outreach programme”. If you have friends or family who work in marketing or sales for Windows software, they may be interested in this new opportunity for some free publicity.

 

picture Top-Windows-Tutorials.com Outreach programme

Would you like to get some free publicity for your software? Here at Top-Windows-Tutorials.com we realise that covering every useful program for Windows is impossible. We’re also frequently approached by software companies who would like us to cover their software. Often this simply isn’t possible due to time constraints. However, we’re now offering the opportunity for interested parties to submit their own tutorial videos to us. Click here if you are interested and want to find out more.

 

Windows 8 Superguide updates

Last month we told you how Microsoft had updated Windows 8 once again by launching Windows 8.1 Update 1. This time, Microsoft have changed how Modern or Tile apps behave on the desktop, amongst other things. If you missed last months newsletter or you aren’t familiar with this new update, check out our article here.

We have now updated our best-selling Windows 8 Superguide for Windows 8.1 Update 1. Any copies sold on DVD or digital download will now contain the latest, up to date edition.

If you already purchased or upgraded to the second edition of the guide, you can download a completely free patch that will update your product to the third edition guide. Download this patch now by visiting this page.

Updates for the e-book and physical book versions are also now available. Customers who purchased the e-book will receive a free update through Amazon’s Kindle service.

 

Does the Heartbleed bug mean it’s time to reset your passwords again?

It has not been a great few months for computer security. No sooner had Apple patched a serious online security vulnerability in its iPhone and desktop operating systems, than another huge bug cropped up, this time affecting mainly Linux systems and open source software. By now many of you will have read about Heartbleed, but what is it and what does it mean for Windows users?

Heartbleed in a nutshell

Heartbleed is a bug (a programming error) that affects the Secure Sockets Layer or SSL protocol. SSL is a means of quickly establishing a secure connection between two PCs. When you connect to a secure website, such as online banking, a SSL connection is established to encrypt the connection between you and the computer running the website.

What happened with Heartbleed is that a mistake in the programming code of the OpenSSL software allows a third party to connect to the same website as you and basically steal passwords and authentication tokens. So for instance, if you logged onto a website that had the Heartbleed security problem, an attacker could simply connect from another computer anywhere in the world and grab your password from the website without you or even the website operators ever knowing about it.

Is Windows affected?

Windows itself does not use the OpenSSL code, so is not directly vulnerable. However, this doesn’t mean Windows users were unaffected. Remember for SSL to work, both computers (your PC and the website you are connecting to) need to be using it. Just because your Windows PC doesn’t have the problem, certainly doesn’t mean the computer you are connecting to does not. Furthermore, software that runs on Windows, such as the popular OpenVPN system was affected and should be updated immediately.

Websites claim to have fixed the problem, so why is the media claiming it will be an issue for years?

Properly fixing Heartbleed is actually a huge headache for systems administrators all around the world. It requires patching the vulnerability and changing and updating security certificates with a central authority. Many smaller websites are struggling to respond in a timely fashion. Furthermore, OpenSSL is used on more than just PCs and web servers. A large number of consumer routers are vulnerable, as are other smart gadgets such as heating monitors, webcams etc. Most smartphones were not affected, though a small number of Android devices were. If you are concerned that a device you use is affected, your best course of action is to contact the manufacturers technical support department.

Fortunately, none of the websites in our network were affected and you can safely continue to use them, including our secure checkout and online ordering which is handled through E-junkie, who were not affected by the problem.

Should I change all my passwords?

No, you only need to change passwords for affected sites. This bug is big news, but doesn’t affect every site that uses SSL.

I’m getting really concerned about all these security problems! Should I stop shopping and banking online?

It’s a good question. Like most things in life, it is all about managed risk. If you stopped internet banking and instead conducted all your business in-branch or via an ATM/Cash machine, there are still risks. You could be observed entering your PIN and then have your card stolen. The clerk or cashier you dealt with over the counter or phone could be corrupt. Worse still, if you start to carry larger amounts of cash you could be the victim of a street robbery. British comedian Jasper Carrot once said, “if there’s one thing certain in life, other than death and taxes, it is that someone somewhere will try to con you out of your money”. That was true before the internet came into our lives and remains true no matter how you conduct your business.

OpenSSL is free and “Open source” software, what does that mean? Did the bug occur because the programmer wasn’t paid enough?

No, that’s just silly. Open source software is software where the programming code, also known as the source code, is available for programmers and IT professionals to view. When a computer program is completed, it is translated from a language that programmers can read into an executable file that a computer can run (a process called compiling). Without the original programming code it is often very difficult to see exactly how a computer program works. Companies like Microsoft closely guard their source code as it contains trade secrets, but the open source community takes a different approach and allows anyone to view this original code.

Doesn’t this mean that hackers can peek inside the inner workings of the software and find out nefarious ways to exploit it?

Maybe, but whatever the potential hacker can see, so can the legitimate security researcher. This means that open source software is often more secure since mistakes and bugs are more quickly spotted.

People write free, open source software for their own benefit as well as the benefit of others. When software is open source, it can be audited by security professionals all around the world and you don’t need to take the word of the developers or publishers that it is safe and does what it is intended to do. There’s no way to know, but if OpenSSL had been a closed source (privately developed and programmed) project the Heartbleed bug may have taken even longer to spot.

People make mistakes when writing paid, closed source software too and just because people can’t see the programming code doesn’t mean these mistakes aren’t discovered and potentially exploited by cyber criminals. Microsoft for instance, only just recently patched a severe security vulnerability in Internet Explorer, that if correctly exploited could allow an attacker to take control of a Windows PC.

I am struggling to remember all these passwords I have to keep changing

Bite the bullet and learn to use a password manager. Arguably, this will make you more secure online than any antivirus or firewall could. Password managers store all your passwords in a central vault, either on your own PC (the most secure option) or in the cloud (convenient, but potentially more risky). When you need a password, you simply unlock your password vault. You only need remember the one password to unlock your vault, all the rest are simply stored in the vault. Since computers have much better memories than us humans, this means you can use a long, multi character and unique password for every site you visit.

We have several tutorials for the most popular password managers here.

What about the XKCD “Horse battery staple” method for remembering passwords?

For those not in the know, XKCD is a web comic aimed at a technical audience with lots of geeky humour. One month, they ran a comic on remembering complicated passwords, that suggested remembering pictures as memory clues. The original comic is here.

After this strip was published, it began to circulate around the internet as a solution to remembering longer, more complex passwords. However the method is rather flawed. Even with this technique most users can only remember three or four passwords. Many of us use far more websites than that, so typically users start recycling their passwords again. Hackers know that users re-use passwords and will typically try a password they steal from one insecure website on bigger websites like Facebook or Twitter.

You can certainly use the XKCD method to remember your master password for your password manager, but it is not a solution for most users unless you only use a handful of websites.

 

Tip of the Month – Are you running 32 or 64 bit Windows? Here’s how to tell

64 bit editions of Windows are now commonplace. Now that computer users are adding more RAM to their systems, the 64 bit edition of Windows becomes very attractive. Did you know that 32 bit Windows only supports 4 gigabytes of memory, and that this includes the memory on your graphics card? When choosing software, you may need to know if you are running the 32 or 64 bit version of Windows, here’s how to tell quickly.

Windows Vista and Windows 7 – Open the Start Menu, right click on computer and choose “Properties”. A computer properties window will open. Under “System” on this window, there is an entry labelled “System Type:” which will let you know if you are running 32 or 64 bit.

Windows 8 – Open the Start Screen and search for “This PC”. Right click on the icon that appears in the search results and choose “Properties”. A computer properties window will open. Under “System” on this window, there is an entry labelled “System Type:” which will let you know if you are running 32 or 64 bit.

 

Free Utility of the Month – VMWare Player

Windows XP is officially retired now and for most users a transition to Windows 7 or Windows 8 should be painless enough thanks to our tutorials. Although we strongly advise against using XP as your main operating system, there are some times when revisiting the venerable OS might be worthwhile. Perhaps you have a favourite game you simply can’t get working on your new PC? Maybe an older piece of hardware you use occasionally that never got Windows 7 drivers? One solution is to configure your computer to dual boot, but that can be extremely complicated. Another, less difficult solution is Virtualisation software. This incredible software creates another PC inside of your PC, meaning you can run Windows XP in a window on your desktop! This is similar to the Windows XP mode Microsoft included with Windows 7 Professional, only it works on all versions of Windows 7 as well as Windows Vista and Windows 8 too.

VMWare Player is one such virtualisation package that is available for free. VMWare software is known for its excellent performance even with demanding applications such as games and great compatibility with USB devices. You can download the program for free here.

Note that although VMWare player is free, Windows XP is not, you will still need a copy of Windows XP in order to use VMWare player.

 

Windows Store App of the Month – Flipboard

Do you ever wonder what our ancestors would make of our modern technology? Imagine sending a tablet PC a couple of hundred years back in time, a device no thicker than a book that can display millions of pages of content. When you put it in perspective, the modern world is really amazing.

Of course, the problem these days isn’t getting to information, it’s sifting through it all. Flipboard is a really cool application for tablet users because it lets you create your own, personalised magazine. Flipboard draws its content from top news and information sources such as the BBC, National Geographic, the New York Times and many more. Simply browse through the services and select the ones that interest you. You can also share interesting stories to Facebook and Twitter.

Flipboard is a great addition to any Windows 8 tablet, grab your free copy from the Windows store here.

 

Start menu set to return in next Windows 8 update

It’s official, after claiming nobody used the Start menu any more and insisting we would all get used to the new Start screen, Microsoft has made another U-Turn and announced that the Start menu will be returning once again. At last months build conference, Microsoft operating system head Terry Myerson officially announced that a Microsoft developed Start menu would be returning. Rumours had indicated that we would need to wait until Windows 9 before the Start menu returned, but now it seems there will be yet another update to Windows 8 which will bring the Start menu back.

The final design of the returned menu hasn’t been confirmed, but early screenshots indicate that Microsoft isn’t quite ready to give up on getting us all to love the Windows 8 tiles, as the right of the Start menu is likely to incorporate at least a handful of the tiles you typically see on the Start screen. Speaking of the Start screen, it isn’t going anywhere either and will likely remain as an option for users that prefer it, or for users who are using touch only PCs or convertibles.

Also at the conference, Microsoft announced to programmers that their new software development tools will allow developers to write a program once and run it across Windows Phone, Windows tablets, Windows PCs and even the Xbox One games console. While this seems like a good idea on the surface, there are usually big differences in programs that we typically use on our smartphones and those that we run on our PCs, though Microsoft did stress that developers could tailor the app to behave differently across each platform. At the very least this will give users the chance to run a wide range of programs on whatever device they are currently using, even if the experience isn’t always optimal.

Another notable announcement from the Build conference was made relating to Windows 8 tile or modern apps. Modern applications will currently only run full screen on Windows 8 systems, regardless of what kind of PC you have. In future however, it will be possible to run them in a window on the desktop, just like a traditional desktop app. This is exactly what Stardock’s ModernMix tool already does on Windows 8, but now this functionality will be built in to the OS. Again this is expected to happen in a future update to the OS.

All these Windows 8 updates are certainly keeping us busy! While it’s great to get new features so quickly, such rapid changes could be distracting for users who simply want to get to grips with their computers quickly and easily. What do you think? Are Microsoft right to keep rolling out new features or is it simply getting in the way of you learning your computer? Let us know on Facebook, Twitter or in the Forum.

That concludes our newsletter for May. On behalf of the team here at TWT, I’d like to say thank you to all our readers, new and old for your continued support. The TWT Newsletter will return on the 10th June 2014 and will bring you more tips, tricks and techniques to help you get the best out of your PC, be it Windows Vista, Windows 7 or Windows 8. We hope that you found this newsletter informative and useful. If you did not then please let us know why, you can contact us by visiting this page. If you have enjoyed this newsletter, feel free to pass it on to all your friends and family, or better still encourage them to sign up for their own copy. Until next month, keep checking Top-Windows-Tutorials.com and enjoy happy, safe and stress-free computing!

Post a Reply

Your email address will not be published. Required fields are marked *

Advertisment ad adsense adlogger