NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Mar 19, 2019

Heavenly tech support
Pilot fish is helping his pastor fine-tune the church LAN when he notices that the day-care facility next door has a wide-open and unsecured Wi-Fi connection.

Fish's pastor wants to connect to the day-care center's printer and print a document saying, "This is from your neighbors. You need to tighten the security on your Wi-Fi."

Fish suggests that they instead print a document that says, "This is from God. You need to go to church. There's a really nice one right next door."

"Too bad the pastor overruled me," says fish.

Sharky wants your true tale of IT life. If you can't send it directly to my printer, email it to me at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter and read some great old tales in the Sharkives.

To read this article in full, please click here



Computer World Security News
Mar 18, 2019

Slack rolls out enterprise key management, but has no plans for end-to-end encryption
Slack has given large business customers control over the keys used to encrypt and decrypt data created in its team collaboration application. 

The enterprise key management (EKM) feature was initially unveiled at the company's Frontiers event in San Francisco in September, ahead of a closed pilot project; it is now available to all customers of Enterprise Grid, which is targeted at company-wide deployments at large organizations. 

To read this article in full, please click here



Computer World Security News
Mar 13, 2019

March 2019 Windows and Office patches poke a few interesting places
Patch Tuesday has come and gone, not with a bang but a whimper. As of this moment, early Wednesday morning, I don't see any glaring problems with the 124 patches covering 64 individually identified security holes. But the day is yet young.

There are a few patches of note.

Two zero days Microsoft says that two of this month's security holes — CVE-2019-0797 and CVE-2019-0808 — are being actively exploited. The latter of these zero days is the one that was being used in conjunction with the Chrome exploit that caused such a kerfuffle last week, with Google urging Chrome browser users to update right away, or risk the slings of nation-state hackers. If you've already updated Chrome (which happens automatically for almost everybody), the immediate threat has been thwarted already.

To read this article in full, please click here



Computer World Security News
Mar 12, 2019

Apple's Box security scare shows the risk of shadow IT
Until enterprise IT truly gets to understand that its own internal systems need to be as easy to use as any iOS app and as easy to learn as an iPhone, potentially damaging data breaches will take place, threatening business confidentiality. Apple is not immune.

Apple and the human interface The news is that information from some of the world's biggest names in business - including Apple, Edelman and Discovery Channel - could have been accessed through Box Enterprise, which offers companies bespoke company name-based file archiving and sharing services using this URL construction:

https://.app.box.com/v/

To read this article in full, please click here



Computer World Security News
Mar 05, 2019

Microsoft to start selling Windows 7 add-on support April 1
Microsoft plans to start selling its Windows 7 add-on support beginning April 1.

Labeled "Extended Security Updates" (ESU), the post-retirement support will give enterprise customers more time to purge their environments of Windows 7. From Windows 7's Jan. 14, 2020 end of support, ESU will provide security fixes for uncovered or reported vulnerabilities in the OS.

[ Related: Windows 7 to Windows 10 migration guide ] Patches will be issued only for bugs rated "Critical" or "Important" by Microsoft, the top two rankings in a four-step scoring system.

To read this article in full, please click here



Computer World Security News
Mar 05, 2019

Huawei's possible lawsuit, ransomware readiness, old malware resurfaces | TECH(feed)
The ongoing battle between the U.S. and Huawei could soon go to court as Huawei reportedly prepares to sue the U.S. government. Plus, 2019 will see ride sharing companies going public… but which will be first? And as a decade-old malware resurfaces in enterprise networks, a report questions if the world is ready for the next large-scale ransomware attack.

Computer World Security News
Mar 01, 2019

Microsoft Patch Alert: After a serene February, Microsoft plops KB 4023057 into the Update Catalog
Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that's excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a "hallelujah" from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog You've heard me talk about KB 4023057 many times, most recently in January. It's a mysterious patch that Microsoft calls an "update reliability improvement" whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

To read this article in full, please click here



Computer World Security News
Feb 28, 2019

Now you can buy police-grade iPhone hacking tools on eBay
If you want to hack your way into an old iPhone you can get hold of a law enforcement-grade system to do just that for a bargain price on eBay.

I think that's a crime I can't stress this enough.

The very existence of tools like these is a threat to every smartphone user. This is because no matter how many times people argue that these solutions will only see use by law enforcement, these things always proliferate.

The fact that Celebrate systems law enforcement was until recently spending heavily on acquiring are now available on the open market for as little as $100 is a perfect illustration of this.

To read this article in full, please click here



Computer World Security News
Feb 26, 2019

Microsoft CEO supports Apple on privacy
Microsoft CEO Satya Nadella seems to agree with Apple CEO Tim Cook when it comes to privacy, calling this a "fundamental human right".

Microsoft CEO: Privacy a 'human right' Despite the lack of a successful smartphone franchise, Microsoft is still very much part of today's industry with a range of services across the mobile ecosystem. That's probably why Nadella is such an active attendee at Mobile World Congress 2019.

What's really interesting about what he said during a speech at the show is the extent to which his thinking aligns with what Apple is doing around privacy, for example:

To read this article in full, please click here



Computer World Security News
Feb 25, 2019

Microsoft opens top-tier Defender ATP security to Windows 7 PCs
Microsoft's Windows Defender Advanced Threat Protection (ATP) service is now available for PCs running Windows 7 and Windows 8.1.

The decision to add devices powered by those operating systems was first announced a year ago. At the time, Microsoft said ATP's Endpoint Detection & Response (EDR) functionality would be available for the older OSes by summer 2018.

[ Related: Windows 7 to Windows 10 migration guide ] Windows Defender ATP is a service that detects ongoing attacks on corporate networks, then follows up to investigate the attack or breach and provides response recommendations and attack remediation. Software baked into Windows 10 detects attacks, while a central management console allows IT administrators to monitor the status of covered devices and react if necessary. Adding the EDR client software to Windows 7 and Windows 8.1 PCs gives enterprise IT the same visibility into those machines as it has had into Windows 10 systems.

To read this article in full, please click here



Computer World Security News
Feb 23, 2019

Get ready for the age of sensor panic
A passenger on a Singapore Airlines flight this week noticed a small, circular indentation below the image playing on the seatback in-flight entertainment system in front of him. Could that be, he wondered, a camera?

The passenger did the only logical thing: He tweeted out a photo and asked the Twitterverse for opinions, setting off a chorus of complainers on Twitter.

Singapore Airlines also responded to the tweets, saying that the camera was not used by the airline to capture pictures or video. It then told media outlets in a statement that the embedded cameras "have been intended by the manufacturers for future developments. These cameras are permanently disabled on our aircraft and cannot be activated on board. We have no plans to enable or develop any features using the cameras."

To read this article in full, please click here



Computer World Security News
Feb 22, 2019

Apple is losing value and that's a good thing
Apple must be doing something right as the cost of Apple ID data on the Dark Web has dropped, even as the value of Fortnite, Facebook, Netflix and Uber accounts has increased.

Apple is losing value Last year, I reported that online scammers were spending up to $15 per account on Apple ID information, making Apple customers, "the most appealing targets" for scammers.

That's changed.

The latest edition of Top10VPN's ?Dark Web Market Price Index? claims scammers are only willing to spend up to $11 for this information today and are targeting arguably less well-secured services instead.

To read this article in full, please click here



Computer World Security News
Feb 20, 2019

Apple is learning why shortcut security is a bad idea
When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through to get their internal apps posted. It chose convenience and, well, you can guess what happened.

Media reports say pirate developers used the enterprise program to improperly distribute tweaked versions of popular apps — including Spotify, Angry Birds, Pokemon Go and Minecraft — while others used the platform to distribute porn apps along with real-money gambling apps. And all the bad guys had to do was lie to Apple reps about being associated with legitimate businesses. Apple didn't bother to investigate or otherwise verify the answers.

To read this article in full, please click here



Computer World Security News
Feb 19, 2019

Microsoft delays Windows 7's update-signing deadline to July
Microsoft has revised its schedule to dump support for an outdated cryptographic hash standard by postponing the deadline for Windows 7.

Microsoft, like other software vendors, digitally "signs" updates before they are distributed via the Internet. SHA-1 (Secure Hash Algorithm 1), which debuted in 1995, was declared insecure a decade later, but it was retained for backward-compatibility reasons, primarily for Windows 7. Microsoft wants to ditch SHA-1 and rely only on the more-secure SHA-2 (Secure Hash Algorithm 2).

[ Related: Windows 7 to Windows 10 migration guide ] Late last year, Microsoft said that it would update Windows 7 and Windows Server 2008 R2 SP1 (Service Pack 1) this month with support for SHA-2. Systems running those operating systems would not receive the usual monthly security updates after April's collection, slated for release April 9, Microsoft promised at the time.

To read this article in full, please click here



Computer World Security News
Feb 19, 2019

Yabba dabba doo!
Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can't find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That's easy enough — but it doesn't work. Fish gets a message saying his account wasn't found or the password didn't match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here



Computer World Security News
Feb 15, 2019

CIOs, you're doing blockchain wrong
IT leaders who've taken the plunge into blockchain are mainly deploying it in proofs-of-concept tests to address the same problems a conventional database could handle, according to research firm Gartner.To read this article in full, please click here

(Insider Story)

Computer World Security News
Feb 14, 2019

Mozilla to harden Firefox defenses with site isolation, a la Chrome
Mozilla plans to boost Firefox's defensive skills by mimicking the "Site Isolation" technology introduced to Google's Chrome last year.

Dubbed "Project Fission," the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device's memory of critical information, such as authentication credentials and encryption keys.

[ Further reading: 14 must-have Firefox add-ons ] "We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities," Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. "To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation." Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here



Computer World Security News
Feb 14, 2019

How to use your Mac safely in public places
Coffee shops across the planet are populated by earnest Apple Mac-wielding remote and/or freelance workers - but are they taking steps to protect themselves in a public place? Follow this checklist to make sure you are protected.

#1: Worry about Wi-Fi Public Wi-Fi networks are dangerous places, not least because you don't really know how the network is set-up or who else is sitting on the same network with you.

Criminals are known to set up legitimate-seeming hotspots on which their software lurks, attempting to take data (including your bank and intranet passcodes) in transit. Please beware:

Do: Make sure the network you are accessing is really the network that belongs to the place you are in - just because someone has called their network Coffee Bean Net doesn't mean it is the network that officially belongs to the shop. Don't: Access your financial, personal, confidential or medical records over unsecured public Wi-Fi - you're better off setting up your own iPhone hotspot and using that when accessing services like that in a public place. Do: Delete free networks from your Mac once you have used them. Your Mac is unable to determine if a network you are accessing is the genuine network, and will simply go by name. #2: Use a VPN So long as you use a VPN from a reputable company then you can make yourself a great deal safer when working in that coffee shop beside your gig economy mates.

To read this article in full, please click here



Computer World Security News
Feb 14, 2019

All about Android upgrades (and why they're late) | TECH(talk)
It's not exactly news that Android upgrades almost always take a lo-o-o-o-o-ng time to roll out to most users. As in months. Often, many months. Sometimes more than a year.

Sometimes never.

(There is an exception: Google delivers new versions of Android to its Pixel line right away, and did just that with the release of Android 9.0 (Pie) last fall.)

It's now been six months since Pie arrived, which means it's time for Computerworld blogger JR Raphael's comprehensive look at how device-makers are doing when it comes to upgrades. 

To read this article in full, please click here



Computer World Security News
Feb 13, 2019

With latest mobile security hole, could we at least focus on the right things?
A bunch of apps from some major players — including Expedia, Hollister, Air Canada, Abercrombie & Fitch, Hotels.com and Singapore Airlines — recently came to grief because of a security/privacy hole in a third-party analytics app they all used, according to a report from TechCrunch. The incident exposed extremely sensitive customer information including payment card and password data shared in clear text. That sort of thing shouldn't be happening — and yet everyone seems focused on the wrong lesson.

The analytics app, called Glassbox, captures all information from a user's interaction with the app, including keystrokes entered and spots on the touchscreen the user touched or clicked. It also may include some screen captures. In every case, the apps give insufficient privacy disclosures to app users, or none at all. And, as already mentioned, it shares sensitive data in clear text.

To read this article in full, please click here



Computer World Security News
Feb 11, 2019

It's time to block Windows Automatic Updating
Those of you who feel it's important to install Windows and Office patches the moment they come out - I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you'll drop by AskWoody.com and tell us all about them.

For those who feel that, given Microsoft's track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft's Security Response Center says that only a tiny percentage of patched security holes get exploited within 30 days of the patch becoming available.

To read this article in full, please click here



Computer World Security News
Feb 11, 2019

Does Workplace have a Facebook problem?
Facebook emerged from 2018 bruised from a series of revelations that undermined trust in the popular social media platform and raised questions about its commitment to privacy.To read this article in full, please click here

(Insider Story)

Computer World Security News
Feb 08, 2019

How to stay as private as possible on Apple's iPad and iPhone
Apple believes in your right to privacy. Here is some advice on how to use the tools it has given you to protect your privacy on an iOS device.

Use a better passcode You probably already use a 4-digit passcode, but you can improve that with a 6-digit or alphanumeric code.

You change this in SettingsTouch ID/Face ID & Passcode, select Change Passcode and then tap the small Passcode Options dialog. Alphanumeric codes are harder to decipher, just make sure you remember the code.

To read this article in full, please click here



Computer World Security News
Feb 08, 2019

Microsoft: Watch out for zero days; deferred patches, not so much
Matt Miller's presentation at Blue Hat yesterday included some startling statistics, based on data gathered by Microsoft's Security Response Center. The numbers starkly confirm what we've been saying for years: The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Get TotalAV Essential AntiVirus for $19.99 (80% off)
The term "computer virus" calls to mind imagery of pathogenic creepy-crawlies bringing down a device's operating system, their flagella wriggling as they multiply into hordes that infiltrate its chips and wires. And while it's true that our computers can be infected with literal biological bacteria like staphylococci, per Science Illustrated, the threat of malicious codes and programs intent on corrupting data and files looms far larger: According to a recent study from the University of Maryland's Clark School of Engineering, attacks on computers with internet access is virtually ceaseless, with an incident occurring every 39 seconds on average, affecting a third of Americans every year.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Why Apple is disabling Safari's Do Not Track feature
Apple takes privacy very seriously. It takes its leadership in that care seriously, and getting rid of the voluntary ‘Do Not Track' setting in its Safari browser is the right decision.

Why disabling Safari's Do Not Track feature is the right thing to do Apple introduced support for Do Not Track (DNT) in iOS 7, but removed the feature in Safari 12.1.

The problem with DNT is that the signal it sends to websites, analytics firms, plug-in makers and ad networks is a voluntary request, and can be ignored.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Throwback Thursday: Pick a card, any card ...
This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

"An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers," fish says. "He sent out emails bragging about how insecure NT was and giving the NT team a hard time."

Fish isn't on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it's all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here



Computer World Security News
Feb 01, 2019

The January Windows and Office patches are good to go
Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.

We've seen a few more problems raise their ugly heads in the past few days:

Microsoft has confirmed that the latest version of Office Click-to-Run (which you're likely using if you have Office 365) makes the conversation window disappear in Skype for Business 2016. The Windows 8.1 Monthly Rollup, KB 4480963, breaks the Live Migration feature on older AMD Opteron machines. We're still waiting for confirmation on that one. Citrix confirms (but Microsoft hasn't acknowledged) that the latest Win10 1803 cumulat

Computer World Security News
Jan 31, 2019

Huawei in hot water, more on Apple's rocky first-quarter | TECH(feed)
Today's episode features more on Apple's first-quarter report, news that Google and the Internet Advertising Bureau are profiling users, collaboration software spending, and more problems for Huawei.

Computer World Security News
Jan 30, 2019

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs
In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we've seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates "optional" because you only get them if you click "Check for updates."

[ Related: How to clean up your Windows 10 act ] Windows 7 and 8.1 got their usual Monthly Rollups, but there's a problem. Specifically, this month's Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February's Monthly Rollup. Which makes no sense at all, but that's Microsoft. There's another Win7 Monthly Rollup bug that's fixed by installing a different "silver bullet" patch.

To read this article in full, please click here



Computer World Security News
Jan 30, 2019

It's a hack!
It's a few years after Y2K, and this pilot fish has overall responsibility for all things related to his company's website.

"Like most corporations, our company had a policy that computers and laptops were to be used only for company business, along with policies governing the appropriate use of the internet in the work environment," fish says.

"After arriving at work one morning, I opened my email to find a frantic message from our CEO to me and our internet security manager, stating that our website had been hacked."

The big boss knows this is the case because there are spammy images and text on the home page, among other issues. Not surprisingly, the CEO is adamant that this must be resolved ASAP.

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

Blockchain: The complete guide
Blockchain, which began to emerge as a real-world tech option in 2016 and 2017, is poised to change IT in much the same way open-source software did a quarter century ago. And in the same way Linux took more than a decade to become a cornerstone in modern application development, Blockchain will likely take years to become a lower cost, more efficient way to share information and data between open and private business networks.

Based on a distributed, peer-to-peer (P2P) topology, blockchain or distributed ledger technology (DLT) allows data to be stored globally on thousands of servers - while letting anyone on the network see everyone else's entries in real-time. That makes it difficult for one user to gain control of, or game, the network.

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

Get 140 Hours Of CompTIA Certification Training For $59 (90% Off)
Knowing how to design, build out, grow, and manage Internet Technology (IT) firms, departments, and facilities provides what you need to take charge in today's most challenging and lucrative IT environments. And lifetime access to the Complete CompTIA Certification Training Bundle is exactly what you need to get the required training and ensuing certifications.

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

Apple's Group FaceTime: A place for spies?
Apple has disabled Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people's devices without permission. What's going on and what can you do about it?

The bug, in brief A 9to5Mac report based on a video published to Twitter by @BmManski revealed that this flaw lets a user listen to audio captured using another person's device before they accept or reject the call requesting a FaceTime chat. The problem only affects iOS devices running iOS 12.1 or later (pending an update).

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

The race to lock down industrial control systems | Salted Hash Ep 44
Guest host Juliet Beauchamp and CSO senior writer J.M. Porup talk about the challenges around securing the systems and networks used to control industrial plants and infrastructures.

Computer World Security News
Jan 28, 2019

Sharding: What it is and why many blockchain protocols rely on it
As blockchains are being rolled out in an increasing number of pilot programs for everything from cross-border financial transactions to supply chain management, one persistent issue remains: a lack of scalability.

As more computers join the peer-to-peer network, the efficiency of the whole system typically degrades.

[ Further reading: What is FinTech (and how has it evolved)? ] Scalability has already been identified as an issue with cryptocurrencies such as bitcoin and Ethereum's Ether. If a distributed ledger is to achieve adoption by financial technology (FinTech) companies and compete with payment networks hundreds of times faster, it must find a way to boost scalability and throughput and address latency problems.

To read this article in full, please click here



Computer World Security News
Jan 18, 2019

Get 3 Years of NordVPN Service for Just $2.99 Per Month - Deal Alert
NordVPN promises a private and fast path through the public internet, with no logs, unmetered access for 6 simultaneous devices and access to 5,232 servers worldwide. They are currently running a promotion, but you'll have to use this link to find it. Its typical price has been discounted for 3 years of service -- a good deal at just $2.99 per month.  See the $2.99/month NordVPN deal here.

To read this article in full, please click here



Computer World Security News
Jan 17, 2019

'We need new privacy laws' urges Apple CEO, Tim Cook
In a sidelong slap at the business model of Facebook, Google and others, Apple CEO Tim Cook has published an article in which he urges the U.S. government to put surveillance capitalists/data brokers under transparent legal oversight.

Stand up for your rights "In 2019, it's time to stand up for the right to privacy - yours, mine, all of ours." Cook writes in an article for Time Magazine.

To read this article in full, please click here



Computer World Security News
Jan 17, 2019

'We need new privacy laws,' urges Apple CEO Tim Cook
In a sidelong slap at the business model of Facebook, Google and others, Apple CEO Tim Cook has published an article in which he urges the U.S. government to put surveillance capitalists/data brokers under transparent legal oversight.

Stand up for your rights "In 2019, it's time to stand up for the right to privacy — yours, mine, all of ours." Cook writes in an article for Time Magazine.

To read this article in full, please click here



Computer World Security News
Jan 17, 2019

Start-up Devvio claims its blockchain can handle 8M transactions a second
A start-up firm claims its highly efficient distributed ledger protocol can address all the major problems facing blockchain networks, including being able to scale for global financial business by executing up to eight million transactions per second (TPS).

The new blockchain protocol, called Devv, was unveiled and demonstrated at CES in Las Vegas last week.

If the claims prove true, Devv would be able to compete with traditional financial networks in terms of scalability, be far less expensive to use and would address fraud, theft and privacy issues. Like many blockchain protocols, Devv is not just a peer-to-peer (P2P) database technology but also a digital currency or cryptocurrency called Devcash.

To read this article in full, please click here



Computer World Security News
Jan 11, 2019

Exploring the economic realities of cybersecurity insurance | Salted Hash Ep 43
Guest host Juliet Beauchamp talks with senior writer J.M. Porup about the newly created cybersecurity insurance industry, and how a policy could fit into an organization's overall security strategy to help minimize risk.

Computer World Security News
Jan 10, 2019

How to create and open compressed files on iPhone, iPad
Many enterprises rely on zip files to exchange data, particularly confidential data - compression helps keep information safe, even against inquisitive ads trackers lurking inside "free" email or online storage services. How do you handle these things on iPad or iPhone?

How to handle zip files on iPhone While it isn't especially obvious, iOS provides some limited features that let you archive and decompress zip files. You can even create a nice little Shortcut to do this for you:

Open Shortcuts, Tap Create Shortcut In the search bar, type Extract Archive: That shortcut should appear in the list below, tap it to add it to your workflow. Returning to the search bar, type Save File. When it appears tap it to add it to the workflow you are building. Tap the switch button at top right of the shortcut name In the next pane you can name the shortcut and give it an icon. The most important change you should make is to enable Show in Share Sheet (flick to green). You can create a second Shortcut to make archives. Just tupe Make Archive to find the relevant flow and then add Save File and Show in Share Sheet as decribed above. Don't forget to give it a name, such as Make Archive. Shortcuts can work with multiple compression formats, including .tar, .zip and .iso. How to use it:

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Enterprise iPhones will soon be able to use security dongles
Enterprise security professionals will be pleased to learn that it will soon be possible to enhance the already considerable device security of Apple's iPhones with hardware-based physical authentication dongles using the Lightning port.

A highly secure proposition Announced at CES 2019, the key fits on a keyring and comes from the authorization experts at Yubico. The hardware connects to iOS systems using the Lightning connection and is also equipped with USB-C for Macs. This is quite a big deal.

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Details, details
It's a few years after Y2K when the IT security team at this university gets a rude awakening, reports a pilot fish in the know.

"They discovered that persons unknown had hacked into a university server," fish says. "It was being used to launch denial-of-service attacks against a victim somewhere outside the university."

The team's first job is finding the server -- which turns out to be in the alumni office -- and taking it offline.

Then they start digging into the security logs. That's when they find out that the attackers have been making use of the server for more than a year.

And once they start checking on the IP addresses of whoever it is that has accessed the server, they discover it's not just one or two hackers. It seems people from all over the world have been using this server to launch attacks.

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Mingis on Tech: As blockchain hype cools, a 'trough of disillusionment' for 2019?
Ok, so maybe blockchain isn't ready yet to become the biggest new technology since the internet.

But the distributed ledger technology clearly made strides in 2018, when it was embraced by companies from Walmart to shipping bigwig Maersk to top tech venders like IBM, SAP, Oracle and Microsoft who see potential in blockchain-as-a-service. (Walmart's vice president in charge of food safety, Frank Yiannas, compared his embrace of blockchain to a "religious conversaion.")

To read this article in full, please click here



Computer World Security News
Jan 07, 2019

In 2019, look for AI-enabled mobile devices - and a UEM push
This year, artificial intelligence will continue its push into mobile hardware and enterprise communication devices, challenging IT shops' enterprise mobility management (EMM) capabilities while at the same time offering potential security benefits.To read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 07, 2019

Top 4 enterprise tech trends to watch in 2019
If 2018 was the year of the data breach, the thinking among IT pros is that this will be the year companies take concrete steps to prevent future breaches.

That was the sentiment among tech professionals who took part in a recent @IDGTechTalk Twitter chat about enterprise tech trends for 2019.

In fact, a recent @IDGTechTalk poll found privacy and security to be the top enterprise tech issue for 2019 (45 percent), followed by artificial intelligence (30 percent), cloud computing (16 percent), and blockchain (9 percent).

To read this article in full, please click here



Computer World Security News
Jan 04, 2019

Apple wants to stop you from using dangerous USB-C devices
Apple wants to make it harder for its customers to use cheap USB-C cables — and it's for your own good.

The risks of USB-C cables Cables are complicated, and that's why friends don't let friends connect cut-price or otherwise unverified USB-C cables to their systems — and soon, you won't be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

To read this article in full, please click here



Computer World Security News
Jan 04, 2019

Apple wants to stop you using dangerous USB-C devices
Apple wants to make it harder for its customers to use cheap USB-C cables - and it's for your own good.

These are the risks of USB-C cables

Cables are complicated and that's why friends don't let friends connect cut-price or otherwise unverified USB-C cables to their systems -and soon, you won't be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

To read this article in full, please click here



Computer World Security News
Jan 03, 2019

New year, same old users
IT support pilot fish takes a call to help a user change a password on a webpage form -- and it reminds fish of just how much help-desk techs love password resets.

"I spent 25 minutes talking to him," fish groans. "There were only two buttons to press, Submit and Reset.

"You'd think that after pressing Reset three times and having it erase the passwords he typed in, he would try Submit -- right?

"But no -- our customer tried a fourth and then a fifth time, until he got the idea to hit the other button.

"This person was by all accounts a functional, employed adult..."

Sharky needs a new year's worth of stories of users, management and IT gone off the rails. So send me your true tales of IT life at sharky@computerworld.com. You can also comment on today's tale at Sharky's Google community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here



Computer World Security News
Jan 02, 2019

If the CTO says it's OK, what could go wrong?
Medical rehab facility is facing a compliance deadline for HIPAA privacy regulations, and that could be a problem, says a cybersecurity pilot fish working there.

"The HIPAA regulations are strewn with potential issues," fish says. "When some aspect isn't followed and a patient's data privacy is compromised, the fines can be substantial."

And that's the headache fish faces because of his facility's use of Gmail. As the site's cybersecurity engineer, fish knows that ordinary Gmail isn't HIPAA compliant.

Fortunately, there's a fix -- one that involves additional paperwork and agreements, along with some added security verification. But that's still easier and less complex than moving everyone off Gmail.

To read this article in full, please click here



Computer World Security News
Dec 31, 2018

Q&A: Experian exec says biometrics won't save you from mobile hacks
If you think your new iPhone's Face ID facial recognition feature or your bank's fancy new fingerprint scanner will guarantee privacy and block hackers from accessing sensitive personal or financial data, think again.

In the coming year, cyberattacks will zero in on biometric hacking and expose vulnerabilities in touch ID sensors, facial recognition technology and passcodes, according to a new report from credit reporting agency Experian Plc. While biometric data is considered the most secure method of authentication, it can be stolen or altered, and sensors can be manipulated, spoofed or suffer deterioration with too much use.

Even so, as much as 63% of enterprises have implemented or plan to roll out  biometric authentication systems to augment or replace less-secure passwords, Experian said in its report. The push toward biometric systems dates back to the turn of the century in the financial services industry.

To read this article in full, please click here



Computer World Security News
Dec 27, 2018

Tech luminaries we lost in 2018
Remembering our industry's innovators In Memoriam 2018 Tech luminaries we lost this year [slideshow cover]" data-license="Getty Images"/Image by FreedomMaster / Getty Images

They were the founders of such household names as Atari and Microsoft. They built the hardware and software that powers the Internet. They used computers to give voice to the young and the disabled. And they rarely did so in the spotlight. Whether they ever achieved fame or fortune, these 13 women and men deserve a place in the history books for their lives, accomplishments, and contributions to science and information technology around the world.

To read this article in full, please click here



Computer World Security News
Dec 26, 2018

The top 10 stories of 2018: Blockchain rises, open source reigns, trust wanes
2018: The year in reviewImage by Rob Schultz, Stephen Lawson, Pete Linforth, Natascha Eibl, NegativeSpace.co, modified by IDG Comm

To read this article in full, please click here



Computer World Security News
Dec 21, 2018

Microsoft Patch Alert: Mystery patches for IE and Outlook 2013 leave many questions, few answers
Just when you're ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn't pass the smell test.

Mysterious bug fix for IE Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809- KB 4483235 - build 17763.195

To read this article in full, please click here



Computer World Security News
Dec 19, 2018

Microsoft delivers emergency patch for under-attack IE
Microsoft rarely mentions Internet Explorer (IE) anymore, but when it does, it usually means bad news.

So it was Wednesday, when Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] According to Microsoft, attackers are already exploiting the vulnerability, making it a classic "zero-day" bug. Because of that, the company released a fix before the next round of security updates scheduled for Jan. 8.

To read this article in full, please click here



Computer World Security News
Dec 14, 2018

How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.To read this article in full, please click here

(Insider Story)

Computer World Security News
Dec 12, 2018

Android security audit: An easy-to-follow annual checklist
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.

As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)

To read this article in full, please click here



Computer World Security News
Dec 12, 2018

Google Smart Lock: The complete guide
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

And that's to say nothing of the number of times you type your password into your laptop or enter your credentials into an app or website during the day. Security's important, but goodness gracious, it can be a real hassle.

To read this article in full, please click here



Computer World Security News
Dec 11, 2018

And that was actually the CLEAN version!
It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there.

"It was part of an email security product," fish says. "The filter could identify emails containing language that was not considered business appropriate.

"We'd had HR incidents involving inappropriate language in the past, especially from field hands emailing to office staff -- it gave a new meaning to 'crude oil workers' -- so it was decided we should enable the feature with its default settings and give it a run.

"Only a few hours later we received an alert that a message had been identified with inappropriate language.

To read this article in full, please click here



Computer World Security News
Dec 10, 2018

Innovative anti-phishing app comes to iPhones
We're always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated, but what if our email app warned us before we clicked malicious links?

Can this app offer you protection? MetaCert isn't fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defence against clicking on malicious links received in email messages.

The solution emerged from the developer's earlier work building an API to help app developers add a layer of security to WebView.

To read this article in full, please click here



Computer World Security News
Dec 10, 2018

Forbidden names, revisited
Flashback a few decades to the glory days of online service CompuServe, when anyone could get an account -- but not everyone could use their real names, according to a pilot fish in the know.

"You logged in with your account number, but to join a forum -- a chatroom focused on a specific topic -- you had to give a real name," fish says. "The name on your billing record was the default.

"Of course there were fraudsters who used an official-sounding name to phish people for personal info and credit card data. So users were not allowed to have words like 'billing' as any part of their in-forum real name. This could only be overridden by the forum sysop. I was one.

To read this article in full, please click here



Computer World Security News
Dec 06, 2018

5 handy Google Fi features you shouldn't forget
Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi this fall, but its core proposition remains the same: Pay only for the data you use, and avoid all the traditional carrier gotchas and nonsense.

For the right kind of person, especially among those of us on Android, Fi can be a real cost- and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.

To read this article in full, please click here



Computer World Security News
Dec 06, 2018

Will Apple's iPhone replace your password?
Imagine using Face ID on your iPhone alongside a password and Touch ID on your computer in order to access highly secure websites, such as online banks, enterprise intranets and confidential online data services.

That's a possibility as Apple begins testing a new security standard called WebAuthn.

What is WebAuthn? Apple has begun beta-testing support for the standard in Safari Technology Preview Release 71, thought it does warn this support is an "experimental feature", so it may go no further than that.

To read this article in full, please click here



Computer World Security News
Dec 05, 2018

Blockchain: What's it good for? Absolutely nothing, report finds
In a joint report for the Monitoring, Evaluation, Research and Learning (MERL) Technology conference this fall, researchers who studied 43 blockchain use cases came to the conclusion that all underdelivered on claims.

And, when they reached out to several blockchain providers about project results, the silence was deafening. "Not one was willing to share data," the researchers said in their blog post.

To read this article in full, please click here



Computer World Security News
Nov 30, 2018

Amazon launches patient data-mining service to assist docs
Amazon this week announced its latest data analytics product, one aimed at scouring unstructured data within electronic medical records (EMRs) to offer up insights that physicians can use to better treat patients.

Amazon's new Comprehend Medical AWS cloud service is a natural-language processing engine that purports to be able to read physician notes, patient prescriptions, audio interview transcripts, and pathology and radiology reports - and use machine learning algorithms to spit out relevant medical information to healthcare providers.

[ Further reading: A.I. and speech advances bring virtual assistants to work ] Amazon's Comprehend Medical software service is one of 13 new machine learning software products the company announced on Tuesday.

To read this article in full, please click here



Computer World Security News
Nov 29, 2018

Microsoft Patch Alert: After months of bad news, November's patching seems positively serene
By far the most important reason for this month's relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.

[ Related: Windows 7 to Windows 10 migration guide ] What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes - including two buggy patches that have been pulled and one that's been fixed - the usual array of Flash excuses and Preview patches.

To read this article in full, please click here



Computer World Security News
Nov 27, 2018

Microsoft's multi-factor authentication service flakes out - again
Just one day after Microsoft came clean with an explanation of a Nov. 19 outage that blocked users of Office 365 from logging into their accounts using Multi-Factor Authentication (MFA), today the service again went on the fritz.

"Starting at 14:25 UTC on 27 Nov 2018, customers using Multi-Factor Authentication (MFA) may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when MFA is required by policy," read the Azure status dashboard. Two and a half hours later, the dashboard reported that after resolving a problem with an earlier DNS (Domain Name Service) issue, engineers rebooted the services. "They observed a decrease in the failure rate after the reboot cycles," the dashboard concluded.

To read this article in full, please click here



Computer World Security News
Nov 26, 2018

Windows Hello for Business: Next-gen authentication for Windows shops
Authentication: the act of proving one's identity to the satisfaction of some central authority. To most, this process means typing in a username and a password. It's been this way for years and years.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 26, 2018

What is Windows Hello? Microsoft's biometrics security system explained
Windows Hello is a biometrics-based technology that enables Windows 10 users to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

"Windows Hello solves a few problems: security and inconvenience," said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. "Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords."

To read this article in full, please click here



Computer World Security News
Nov 22, 2018

Gmail encryption: Everything you need to know
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business, for personal use, or a combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

10 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — starting with the core elements and moving from there into some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

ProtonMail launches standalone iOS app
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.

VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

ProtonMail launches standalone iOS VPN app
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.

VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

The big fix
Pilot fish at a federal agency gets a visit from a power user who can't get access to the data he needs -- and he's not at all happy.

"We used a very effective security product that could narrow down access to a specific user or dataset," says fish. "But you had to be careful to install any new rules in the right place, because once a rule was found it was applied, even if one with more relaxed access followed.

"As soon as I checked, I could see that I had misplaced the rule I had created for him.

"Now, normally if I made a mistake I'd admit to it and apologize. This particular day this fellow, an otherwise nice guy, was at it like a dog with a bone, demanding How did it happen? Who did this? over and over.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

What Apple's T2 security chip brings to the enterprise table
There's been a lot of discussion about Apple's T2 security chip, particularly the restrictions it places on repairs not sanctioned by Apple. The controversy centers on an Apple utility needed to make changes like swapping out the built-in SSD drives. The overall argument ties into the right-to-repair fight, allowing hardware owners to make changes to their own devices.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 19, 2018

Microsoft yanks two buggy Office patches but keeps pushing one that crashes
Two related Office 2010 non-security patches issued on Nov. 6 were pulled on Nov. 17. KB 4461522 and KB 2863821 are both related to changes coming in the Japanese calendar next month attributed to the abdication of Emperor Akihito in favor of his son, Naruhito. The event has been compared to the Y2K problem in the west. It's not clear why two patches were released on Nov. 6 to accommodate that calendar change, but both KB articles now sport the admonition:

To read this article in full, please click here



Computer World Security News
Nov 19, 2018

Download Malwarebytes Today and Protect Your Data for Free
Everyone lives on the internet, period. Whether you're streaming a standup special on Netflix, answering emails from your boss, chatting on Tinder, or completing everyday errands like paying bills online, you're likely spending most of your day tangled up in the world wide web.

Unfortunately, that makes you a high-risk candidate for a cyber attack at some point along the way, be it through malware, phishing, or hacking. Best-case scenario, it sucks up your time to fix (or your money by paying someone else to fix it). Worst case scenario, it puts you and your computer out of commission for days and damages your files beyond repair. Not to mention the sheer terror of knowing some hacker has complete and total access to virtually everything about you, including all of your banking and credit card information. Malwarebytes is a free program built to help you avoid the above scenarios altogether — and it makes traditional antivirus look old, tired, and played out (seriously it's free,

Computer World Security News
Nov 16, 2018

Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser's users when their email address and credentials may have been obtained by hackers.

Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone -- not only Firefox users -- can steer to the service website, enter an email address and be told if that address was among those involved in successful, publicly-known breach attacks. Next steps were up to the user, including the obvious of changing the password(s) connected to that email address and/or website(s).

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Notifications of the latest breaches were sent by Firefox Monitor to the user-submitted address. "Your email address will be scanned against those data breaches, and we'll let you know through a private email if you were involved," wrote Nick Nguyen, Mozilla's vice president of product strategy, in a Sept. 25 post to a company blog.

To read this article in full, please click here



Computer World Security News
Nov 16, 2018

Amid calls for a Windows bug status dashboard, Microsoft belatedly agrees to build one
A Windows expert this week urged Microsoft to put its money where its mouth is and produce a status dashboard or website that reports and tracks problems with the operating system.

Coincidentally or not, on Wednesday Microsoft said it would launch a "Windows update status dashboard," but did not name a timetable except for a broad "in the coming year."

[ Related: The best places to find Windows 10 ISOs ] "I can go to this page and see if something happening with Office 365 is just a me thing or if everyone else is seeing the same," said Susan Bradley in a Nov. 13 email reply to questions, referring to the Office 365 Admin Center. (Note: Only those with administrative credentials have access; it's not meant to provide information to end users.) "(But) if I want to find out if something is a known issue with Windows 10, I have to dig through - and monitor for changes - these pages," she continued, listing two separate support documents for one such known issue.

To read this article in full, please click here



Computer World Security News
Nov 14, 2018

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get Over 45 Hours Of Immersive Ethical Hacking Training For $25 (90% Off)
Your private data can reveal a lot about you, such as bank information, spending habits, and even the websites you frequent. This makes large companies like Facebook and Yahoo prime targets for data breaches because of their vast library of user data. Nowadays, it's more important than ever for companies to remain vigilant against hackers, lest their customers' privacy and trust be lost.

To defend against such threats, companies hire security professionals who know how to identify and exploit vulnerabilities in security systems. These "ethical hackers" employ the same methods malicious hackers do, but they also patch and report these vulnerabilities to their employers to prevent future intrusions. With data breaches on the rise, the demand for ethical hackers has increased, making this career path both stable and profitable. If you're interested in learning how to hack security systems (legally, of course) then this $39 Ethical Hacking A to Z Training Bundle is for you.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC.

Computer World Security News
Nov 13, 2018

FAQ: Windows 10 LTSB explained
Windows 10 powered to its third anniversary this year, but one branch, identified by the initials L-T-S-B, remained an enigma to most corporate users.

LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

[ Related: Fix Windows 10 problems with these free Microsoft tools ] That hasn't happened, in part because Microsoft has steered customers away from LTSB.

To read this article in full, please click here



Computer World Security News
Nov 07, 2018

BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).

To read this article in full, please click here



Computer World Security News
Nov 01, 2018

Why Apple's Siri is already an enterprise product
The usual suspects love to spend time claiming Siri lags other voice assistants in some ways, but they don't seem to understand that Apple's voice assistant is an enterprise product.

Why is Siri an enterprise product? This is what happens when you use a voice search tool: You activate the assistant, it listens to what you say, identifies that a request is being made and sends that request to the cloud to be resolved and responded to.

This all happens pretty quickly and after a short delay your response arrives, or an action takes place.

To read this article in full, please click here



Computer World Security News
Oct 30, 2018

Google Smart Lock on Chrome OS: 2 fast fixes and a power-user tip
Google's Smart Lock system for Chrome OS is one of those things that sounds spectacular on paper but then frequently falls flat in the real world.

You know about Smart Lock by now, right? It's something Google created to turn your Android phone into a contact-free key for your Chromebook: Anytime the phone is close to the computer, Chrome OS will automatically detect its presence — and as long as the phone is unlocked, the laptop will let you skip the usual password prompt and hop right in with just a quick click on the sign-on screen.

To read this article in full, please click here



Computer World Security News
Oct 26, 2018

Well, do you trust 'em or don't you?
Flashback a few decades to the days when this pilot fish is a supervisor in the call center for a big mail-order PC company.

"Our agents were privy to a customer's credit card information right in the call tracking system," says fish. "We trusted 600 agents with nearly unlimited access to this customer information without ever a single theft from our people."

But the call center manager decides the operation needs a way to approve replacement parts to be shipped to customers.

That leads to a new process: When a call-center agent is sending a simple part -- say, a new mouse or inexpensive sound card -- the agent types in his badge number, then must turn his head to get his supervisor's attention.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Apple appears to have blocked GrayKey iPhone hacking tool
Apple has apparently been able to permanently block de-encryption technology from a mysterious Atlanta-based company whose blackbox device was embraced by government agencies to bypass iPhone passcodes.

Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.

The blackbox technology purportedly worked, as Grayshift's technology was snapped up by regional law enforcement and won contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.

Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security tested the technology.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Win10 1803 big bug bash KB 4462933 joins earlier versions, a week late to the party
Back on Oct. 18, a "C Week" Thursday, Microsoft released hefty rounds of bug fixes for Win10 1607, 1703 and 1709. At the time, I wondered out loud why the latest (unyanked) version of Win10, version 1803, didn't get a similar dose. Now, on a "D Week" Wednesday, it looks like we've seen the deluge.

To read this article in full, please click here



Computer World Security News
Oct 24, 2018

Complete transcript, video of Apple CEO Tim Cook's EU privacy speech
Apple CEO, Tim Cook spoke up for privacy at a conference of European privacy commissioners in Brussels this morning. 

'AI must respect human values' The themes of this year's conference is "Debating Ethics: Dignity and Respect in Data Driven Life", Cook is the first tech CEO to serve as the keynote speaker for the conference and was invited to speak.

He talked about data, put in a bid for a bill of U.S. digital rights, slammed competitors for profiting while unleashing powerfully negative forces, and spoke up for a GDPR-style privacy protection in the U.S.

To read this article in full, please click here



Computer World Security News
Oct 22, 2018

Wonder if they'll ever tell HIM what's going on...
This IT pilot fish has been supporting a customer remotely through a VPN that's usually pretty solid -- but definitely not always.

"Every now and then it disconnected me randomly," says fish. "Then it continued disconnecting me repeatedly every 30 to 60 seconds.

"I went through the usual litany of rebooting, trying a different computer, trying a different network, etc. Every time I got the help desk involved, they pulled a bunch of different logs that basically just said 'disconnected' without any cause given.

"After several rounds of changes that miraculously fixed it, then suddenly stopped working again, the issue got escalated to a high-enough tier that an answer was forthcoming.

To read this article in full, please click here



Computer World Security News
Oct 19, 2018

Policies and paper trails -- our new best friends
This IT pilot fish works with lots of sensitive data -- and that means really sensitive, such as child abuse investigations.

"Until a few years ago, I had access to all that data, so I could write ad-hoc reports against it," says fish. "We 'systems' people were given access to everything, so we could troubleshoot application problems for the users.

"Then one day I was called into the CEO's office. He told me that according to the logs, I did a search against the Child Welfare data for a particular family on a date and time six months earlier -- and wanted to know why I did the search."

As best fish can recall, he was doing the search to troubleshoot a particular report that one caseworker was trying to run. To do that, he used his own workstation to duplicate the steps that the caseworker took to get to the error.

To read this article in full, please click here



Computer World Security News
Oct 18, 2018

How to use the Shodan search engine to secure an enterprise's internet presence
Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities. Senior writer J.M. Porup and content producer Juliet Beauchamp talk through the security scenarios.

Computer World Security News
Oct 17, 2018

Microsoft Patch Alert: October's been a nightmare
This month's bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked "Check for updates" and got all of the files in your Documents and Photos folders deleted. Even if you didn't become a "seeker" (didn't manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP ("Metro" Store) apps might have been kicked off the internet.

You didn't need to lift a finger.

[ Further reading: Windows 10 update (and retirement) calendar: Mark these dates ] Worst Windows 10 rollout ever Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked "Check for updates" wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20
The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

"In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Stats make iOS a hard OS to ignore
The latest version of Apple's mobile operating system — iOS 12 — was released just a few weeks ago, and yet it's already installed on 53% of relatively newer iPhones (introduced since September 2014) and 50% of all iPhones. Bottom line: It's the fastest acceptance of any Apple OS.

This is more than a minimally interesting statistic. It illustrates the key difference between Apple mobile devices and Android mobile devices: Although there are more Android users on the globe, Apple's users are much more of a community. That means many things from an Apple marketing perspective, but for IT, it means far greater security.

To read this article in full, please click here



Computer World Security News
Oct 15, 2018

Economist Nouriel Roubini: Blockchain and bitcoin are the world's biggest scams
New York University professor and global economist Nouriel Roubini testified before the U.S. Senate Committee on Banking last week, saying cryptocurrencies such as bitcoin are the mother of all scams and bubbles.

He followed that assertion up by calling blockchain, the technology unpinning bitcoin, "the most over-hyped — and least useful — technology in human history."

[ Further reading: What is FinTech (and how has it evolved)? ] Today, Roubini doubled down on his claims in a column published on CNBC.com in which he said blockchain has promised to cure the world's ills through decentralization but is "just a ruse to separate retail investors from their hard-earned real money."

To read this article in full, please click here



Computer World Security News
Oct 12, 2018

How secure are electronic voting machines? | Salted Hash Ep 48
With the midterm elections looming, electronic voting machines are getting increased scrutiny. J.M. Porup, senior writer at CSO, sits in the hosts chair this episode, breaking down the security risk with content producer Juliet Beauchamp.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, spy chip whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC