Jump to content
CCleaner Community Forums

trium

Experienced Members
  • Content Count

    1,813
  • Joined

  • Last visited

Posts posted by trium


  1. hello smutje,

     

    as hazelnut say, there is an ccleaner-instance running -> perhaps the "smart cleaning" thing

     

    simply deactivate this two temporary

    -> ccleaner -> options -> smart cleaning -> untick the 2 options in the free-version

    1.) tell me when there are junk files to clean

    2.) enable smart cleaning

     

    after your installation - you can activate this 2 options again -> if you want


  2. ... yes, not good.

    perhaps one little step from rejected developer-version to "normal"version in the near future?

    i dont see the pre-realese-notes to the developer-versions since pre-release v1.22.5rc2

     

     

    Quote

     

    Notes:

    Latest Chromium dev builds of uBO are no longer available in the Chrome Web Store, as 1.22.5rc1 has been marked "REJECTED" by the Chrome Web Store.

     

     

     

    but i personally dont use the developer-version - its marked as "pre-release" and i used only the "latest-release"


  3. ff v69.0.1

     

    18. sept. 2019

     

    Fixed

    • Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)

    • Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)

    • Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)

    • Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)

    • Fixed missing stacks in the Developer Tools Performance section (bug 1578354)

    • Security and stability fixes


  4. ublock v1.22.4

     

    gorhill released this

    Sep 26, 2019

     

    This is an emergency fix.

    The issue was fixed in dev build days ago, and it was originally deemed to not be a serious regression.

    However as reported by a user on Reddit, the issue was affecting more than just the logging of cosmetic filters, it was completely breaking cosmetic filtering when the two following conditions were met:

    • uBO's own logger was opened; AND
    • Procedural cosmetic filters were injected on the page.

  5. Changes between 3.0.7.1 and 3.0.8:
    ----------------------------------
    
    Core:
     * Fix stuttering for low framerate videos
    
    Demux:
     * Fix channel ordering in some MP4 files
     * Fix glitches in TS over HLS
     * Add real probing of HLS streams
     * Fix HLS MIME type fallback
    
    Decoder:
     * Fix WebVTT subtitles rendering
    
    Stream filter:
     * Improve network buffering
    
    Misc:
     * Update Youtube script
    
    Audio Output:
     * macOS/iOS: Fix stuttering or blank audio when starting or seeking when using
       external audio devices (bluetooth for example)
     * macOS: Fix AV synchronization when using external audio devices
    
    Video Output:
     * Direct3D11: Fix hardware acceleration for some AMD drivers
    
    Stream output:
     * Fix transcoding when the decoder does not set the chroma
    
    Security:
     * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
     * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
     * Fix a read buffer overflow in the FAAD decoder
     * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
     * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
     * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
     * Fix a use after free in the ASF demuxer (CVE-2019-14533)
     * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
     * Fix a null dereference in the dvdnav demuxer
     * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
     * Fix a null dereference in the AVI demuxer
     * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
     * Fix a division by zero in the ASF demuxer (CVE-2019-14535)
    
    Contribs:
     * Update to a newer libmodplug version (0.8.9.0)

  6. ff v60.9.0 esr

     

    03. sept 2019

     

    Fixed

    Developer

     

     

    Quote

     

    Security vulnerabilities fixed in Firefox ESR 60.9

    Announced
    September 3, 2019
    Impact
    critical
    Products
    Firefox ESR
    Fixed in
    • Firefox ESR 60.9

    #CVE-2019-11746: Use-after-free while manipulating video

    Reporter
    Nils
    Impact
    high
    Description

    A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash.

    References

    #CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML

    Reporter
    Rakesh Mane
    Impact
    high
    Description

    Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements.

    References

    #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

    Reporter
    Paul Stone
    Impact
    high
    Description

    A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft.

    References

    #CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location

    Reporter
    Holger Fuhrmannek
    Impact
    high
    Description

    The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally.
    Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.

    References

    #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB

    Reporter
    Zhanjia Song
    Impact
    high
    Description

    It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash.

    References

    #CVE-2019-9812: Sandbox escape through Firefox Sync

    Reporter
    Niklas Baumstark via TrendMicro's Zero Day Initiative
    Impact
    high
    Description

    Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.

    References

    #CVE-2019-11743: Cross-origin access to unload event attributes

    Reporter
    Yoav Weiss
    Impact
    moderate
    Description

    Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks.

    References

    #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9

    Reporter
    Mozilla developers and community
    Impact
    high
    Description

    Mozilla developers and community members Tyson Smith and Nathan Froyd reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

    References

     

     


  7. ff v69.0

     

    03. sept 2019

     

    Quote

    As of today, Enhanced Tracking Protection will be turned on by default, strengthening the security and privacy for all of our users around the world.

     

    New

    • Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:

      • The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.
      • The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.
    • The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.

    • For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.

    • Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.

    • Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.

    • For our users on Windows 10, you’ll see performance and UI improvements:

      • Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).
      • For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar.
    • For our users on macOS, battery life and download UI are both improved:

      • macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.
      • Finder on macOS now displays download progress for files being downloaded.
    • JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler.

    Fixed

    Changed

    • As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.

    • With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.

    • Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability.

    Enterprise

    • For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments.


  8. ublock v1.22.0

     

    gorhill released this

    Aug 30, 2019

     

    New

    Toolbar icon badge color

    The toolbar icon badge color will now reflect the current blocking mode. This should help with usage of the "Relax blocking mode" shortcut. The way uBO relaxes the current blocking mode is configurable through the advanced setting blockingProfiles.

    Static network filter options

    redirect-rule=

    This new option allows to create a pure redirect directive, without a corresponding block filter as would be the case with the redirect= option. For example, consider the following filter:

    ||example.com/ads.js$script,redirect=noop.js
    

    The above filter will result in a block filter ||example.com/ads.js$script and a matching redirect directive. Now consider this following filter:

    ||example.com/ads.js$script,redirect-rule=noop.js
    

    The above filter will not cause a block filter to be created, only a redirect directive will be created. Standalone redirect directives are useful when the blocking of a resource is optional but we still want the resource to be redirected should it ever be blocked by whatever mean -- whether through a separate block filter, a dynamic filtering rule, etc.

    empty and mp4

    Support for AdGuard's empty and mp4 filter option has been added.

    !#if false ... !#endif

    Support for the directive !#if false to easily disable a block of filters, which is more convenient than having to delete them all or prefix them all with !.

    Scriptlet injection

    Ability to wholly disable scriptlet injection for a given site using broad scriptlet injection exception:

    example.com#@#+js()
    

    It is also possible to disable scriptlet injection everywhere with a generic exception:

    #@#+js()
    

    This is useful when creating specific exception filters is inconvenient.

    Closed as fixed:

    Commits with no entry in issue tracker:


  9. hello hussam,

     

    if you want this so - yes

     

    ccleaner -> options -> include

    --> add -> "drive or folder" -> c:\windows\logs\cbs

    --> "file types" -> choose "all files" or "file types" -> if "file types" = "*.cab"

    --> options -> "include files only" -because i have no sub-folder found in the c:\windows\logs\cbs

    ok

     

    and

     

    in cleaner -> windows -> advanced -> tick "custom files and folders"

     

    done


  10. 6 hours ago, John9210 said:

    I just downloaded the latest version of CCleaner free. All my short icons have changed to image.png.ac4d778905f095a443d3c59762957191.png. How can I get the old Windows 10 default icon image for shortcuts?

    it seems to be a shortcut with html or other browserbendings "to open with the standard-browser"

    normally takes windows-shortcut automatically the icon image from the target that open it (perhaps word, excel, firefox, txt or so) -> if it is an html or pdf-file association for the "default-browser" to open it -> in this case ccleaner-browser than takes this icon -> you can change this with choose another default-browser (i think in w10 there is internet-explorer or edge-browser...or what you will) and pdf and other file association in context with browser-openings

    if you make an office-shortcut for example with an *.docx -> is there also the ccleaner-browser-icon?


  11. i take a look in c:\windows\installer...

     

    i found also a lot of temorary empty folders with no function for w8.1 -> i think this behavior of windows is the same in w10 too and diskcleanup dont work correctly how it seems

     

    "msif761.tmp-" (122 of this kind of empty folders from year 2016) -> i can delete it safely but manually

     

    i mean it would be nice if ccleaner can take it to nirvana


  12. 1 hour ago, trium said:

    Currently, IT security experts are finding new ways of attacking every two or three months - but the chip industry is unwilling to give up the mechanism of "speculative execution" because it brings such huge performance improvements, Botezatu said. He criticized Intel's decision to rely solely on Microsoft to plug the gap - because the security update, for example, give it not for the older operating systems Windows XP and Vista. dpa

    and

    2 hours ago, trium said:

    Basically, SwapGS Attack is similar to known side channel attacks like Specter V1. According to Bitdefender's paper, SwapGS Attack only works on Intel x86_64 architectures, not AMD. For all processors off the x86 world, the researchers give all-clear - in ARM, MIPS, Power, Sparc or RISC-V, they expect that SwapGS Attack have no success.

    and

    Quote

    Intel in turn does not intend to proceed by means of a CPU microcode update against SwapGS Attack, but sees currently held software as sufficient.

     

     

    perhaps this is the reason why AMD can sell its server processors to Google and Twitter! ;-)

    https://t3n.de/news/amd-gewinnt-google-twitter-1186473/

    german:

     

    Quote

    09.08.2019, 19:28 Uhr

    Mit zwei neuen Großkunden gelingt AMD ein Erfolg gegen Intel. Außerdem stellt der Chiphersteller seine neueste Prozessoren-Generation vor.

     

    AMD hat die zweite Generation seiner Prozessorchips für Rechenzentren herausgebracht und gleichzeitig mitgeteilt, dass Google und Twitter als Kunden gewonnen werden konnten, wie Reuters berichtet. Weiter heißt es, dass Google die Serverchips der zweiten Generation in seinen internen Rechenzentren einsetzen und im Laufe des Jahres im Rahmen seiner Cloud-Computing-Angebote auch externen Entwicklern anbieten wird.

    Die neue Generation der Serverchips, die EPYC genannt wird, verwendet in der Herstellung eine neue Technologie, dank der die Chips eine höhere Leistung erzielen und gleichzeitig weniger Strom verbrauchen. Im Gegensatz zu Intel vertraut AMD nicht auf eigene Fabriken, sondern lässt die Chips von Vertragspartnern herstellen.

    Intel bleibt unangefochten Marktführer

    Die größte Konkurrenz für AMD geht nach wie vor von Intel aus. Beide Unternehmen konkurrieren um die Lieferung von Chips für Rechenzentren, die internetbasierte Dienste bereitstellen. Spezialisiert haben sich die beiden Unternehmen aktuell auf Rechenzentrumschips, da ein Großteil der Benutzer auf mobile Geräte umgestiegen ist und der Markt für PC-Chips immer kleiner wird.

    Marktführer bleibt weiterhin Intel mit knapp 90 Prozent Marktanteil. Experte Patrick Moorhead schätzt gegenüber Reuters, dass AMD Intel mit der ersten Generation der EPYC-Serverchips einen niedrigen einstelligen Marktanteil abgenommen hat, der mit der neuen Generation noch einmal wachsen könnte. Moorhead sieht AMD auf einem guten Weg, geht aber auch davon aus, dass Intel gerade im Bereich des maschinellen Lernens noch deutliche Vorteile hat.

     

     

    english (google translation):
     

    Quote

     

    With two new major customers AMD succeeds a success against Intel. In addition, the chip manufacturer introduces its latest generation of processors.

    AMD has released the second generation of its data center processor chips, while announcing that Google and Twitter have been acquired as customers, Reuters reports. It also states that Google will use the second-generation server chips in its internal data centers, and will also offer them to external developers over the year as part of its cloud computing offerings.

    The new generation of server chips, called EPYC, uses a new technology in its production, which allows the chips to perform better while consuming less power. Unlike Intel, AMD does not rely on its own factories, but lets the chips of contractors make.


    Intel remains the undisputed market leader

    The biggest competition for AMD is still from Intel. Both companies are competing to deliver data center chips that provide Internet-based services. The two companies are currently specialized in data center chips, as a large proportion of users have switched to mobile devices and the market for PC chips is becoming smaller and smaller.

    The market leader remains Intel with almost 90 percent market share. According to Reuters, expert Patrick Moorhead estimates that AMD's Intel first-generation EPYC server chips have lost a low single-digit market share, which could grow even further with the new generation. Moorhead sees AMD on the right path, but also assumes that Intel has significant advantages, especially in the field of machine learning.

     

     


  13. additionally in the same context this article:

     

    https://t3n.de/news/neue-sicherheitsluecke-gestopft-1185997/

     

    german:

     

    Quote

     

    09.08.2019, 19:28 Uhr

    Es ist schon eineinhalb Jahre her, dass eine gravierende Sicherheitslücke im Design moderner Prozessoren vor allem von Intel die Computerindustrie erschütterte. Aber auch jetzt werden noch neue Angriffswege bekannt.

     

    Die Probleme mit Sicherheitslücken in Prozessoren von Intel sind noch lange nicht vorbei: Die IT-Sicherheitsfirma Bitdefender machte eine weiteren Angriffsweg öffentlich, der inzwischen mit Updates unter anderem von Microsoft geschlossen werden kann. Die von Bitdefender entdeckte Methode umgehe alle bisherigen Schutzmechanismen, die im Frühjahr 2018 nach Bekanntwerden der Schwächen im Chipdesign eingesetzt wurden, sagte Bitdefender-Forscher Bogdan Botezatu der dpa. Es sei zu befürchten, dass in Zukunft noch weitere ähnliche Sicherheitsprobleme auftauchen, warnte er zur Branchenkonferenz Black Hat.

    Von der neuen Schwachstelle waren alle Rechner mit neueren Intel-Prozessoren betroffen, auf denen das Windows-Betriebssystem läuft. Der Kern des Problems ist derselbe wie bei den Anfang 2018 bekanntgewordenen Angriffsszenarien Spectre und Meltdown, nämlich ein Mechanismus im Prozessor, der versucht, die nächsten Befehle vorherzusagen. Ziel der bereits seit mehreren Jahren eingesetzten „Speculative Execution“-Technologie war, den Prozessor schneller zu machen. Die Methode hinterlässt jedoch Daten im internen Speicher der Chips, die Attacken ermöglichen.

    Angriffe funktionierten weiterhin

    Die Gefahr war mit Software-Updates im Frühjahr 2018 weitgehend eingedämmt worden. Der von Bitdefender entdeckte neue Angriffsweg funktionierte jedoch weiterhin im Zusammenspiel mit einem bestimmten Befehl des Windows-Systems. Angreifer, die die Schwachstelle kennen, könnten damit „die wichtigsten und am besten geschützten Daten von Unternehmen und Privatanwendern stehlen“, warnt Bitdefender.

    Da die Attacke komplex und aufwendig sei, dürften als Angreifer eher hoch professionalisiert agierende Geheimdienst-Hacker als gewöhnliche Cyberkriminelle in Frage kommen, schränkte Botezatu ein. Zugleich sei aber besonders gefährlich, dass die betroffenen Prozessoren auch in Servern von Rechenzentren stecken könnten, wo Zugriff auf Daten vieler verschiedener Dienste möglich wäre. Die Attacke hinterlasse keine Spuren im Prozessor, betonte der Sicherheitsforscher. Bitdefender habe mit den betroffenen Anbietern rund ein Jahr daran gearbeitet, die Lücke zu schließen.

    Aktuell fänden IT-Sicherheitsexperten alle zwei, drei Monate neue Angriffswege – die Chipindustrie sei aber nicht bereit, den Mechanismus der „Speculative Execution“ aufzugeben, weil er so große Leistungsverbesserungen bringe, sagte Botezatu. Er kritisierte die Entscheidung von Intel, sich beim Stopfen der Lücke allein auf Microsoft zu verlassen – denn das Sicherheitsupdate gebe es zum Beispiel nicht für die älteren Betriebssysteme Windows XP und Vista. dpa

     

     

    english (google translation):
     

    Quote

     

    It's been a year and a half since a serious security hole in the design of modern processors, especially from Intel, shook the computer industry. But even now new attack paths are known.

    The problems with security gaps in processors of Intel are far from over: The IT security firm Bitdefender made another attack path public, which can be closed now with updates among other things by Microsoft. The method discovered by Bitdefender circumvent all previous protection mechanisms, which were used in the spring of 2018 after becoming aware of the weaknesses in chip design, said Bitdefender researcher Bogdan Botezatu dpa. It is to be feared that other similar security problems will emerge in the future, he warned at the industry conference Black Hat.

    The new vulnerability affected all computers with newer Intel processors running the Windows operating system. The crux of the problem is the same as the Specter and Meltdown attack scenarios that became known in early 2018, namely a mechanism in the processor that tries to predict the next commands. The aim of the "Speculative Execution" technology used for several years was to make the processor faster. However, the method leaves data in the internal memory of the chips, which allow attacks.


    Attacks continued to work

    The threat was largely contained with software updates in the spring of 2018. However, the new attack path discovered by Bitdefender still worked in conjunction with a specific command from the Windows system. Attackers aware of the vulnerability could use it to steal "the most important and best-protected data from businesses and home users," warns Bitdefender.

    Since the attack was complex and time-consuming, attackers might be more likely to be highly professionalized intelligence hackers than ordinary cybercriminals, Botezatu said. At the same time, however, it is particularly dangerous that the affected processors could also be located in data center servers, where access to data from many different services would be possible. The attack leaves no traces in the processor, stressed the security researcher. Bitdefender worked with the affected providers for about a year to close the gap.

    Currently, IT security experts are finding new ways of attacking every two or three months - but the chip industry is unwilling to give up the mechanism of "speculative execution" because it brings such huge performance improvements, Botezatu said. He criticized Intel's decision to rely solely on Microsoft to plug the gap - because the security update, for example, give it not for the older operating systems Windows XP and Vista. dpa

     

     

×
×
  • Create New...