NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Nov 13, 2018

Get Over 45 Hours Of Immersive Ethical Hacking Training For $25 (90% Off)
Your private data can reveal a lot about you, such as bank information, spending habits, and even the websites you frequent. This makes large companies like Facebook and Yahoo prime targets for data breaches because of their vast library of user data. Nowadays, it's more important than ever for companies to remain vigilant against hackers, lest their customers' privacy and trust be lost.

To defend against such threats, companies hire security professionals who know how to identify and exploit vulnerabilities in security systems. These "ethical hackers" employ the same methods malicious hackers do, but they also patch and report these vulnerabilities to their employers to prevent future intrusions. With data breaches on the rise, the demand for ethical hackers has increased, making this career path both stable and profitable. If you're interested in learning how to hack security systems (legally, of course) then this $39 Ethical Hacking A to Z Training Bundle is for you.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC.

Computer World Security News
Nov 13, 2018

FAQ: Windows 10 LTSB explained
Windows 10 powered to its third anniversary this year, but one branch, identified by the initials L-T-S-B, remained an enigma to most corporate users.

LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

[ Related: Fix Windows 10 problems with these free Microsoft tools ] That hasn't happened, in part because Microsoft has steered customers away from LTSB.

To read this article in full, please click here



Computer World Security News
Nov 07, 2018

BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).

To read this article in full, please click here



Computer World Security News
Nov 01, 2018

Why Apple's Siri is already an enterprise product
The usual suspects love to spend time claiming Siri lags other voice assistants in some ways, but they don't seem to understand that Apple's voice assistant is an enterprise product.

Why is Siri an enterprise product? This is what happens when you use a voice search tool: You activate the assistant, it listens to what you say, identifies that a request is being made and sends that request to the cloud to be resolved and responded to.

This all happens pretty quickly and after a short delay your response arrives, or an action takes place.

To read this article in full, please click here



Computer World Security News
Oct 30, 2018

Google Smart Lock on Chrome OS: 2 fast fixes and a power-user tip
Google's Smart Lock system for Chrome OS is one of those things that sounds spectacular on paper but then frequently falls flat in the real world.

You know about Smart Lock by now, right? It's something Google created to turn your Android phone into a contact-free key for your Chromebook: Anytime the phone is close to the computer, Chrome OS will automatically detect its presence — and as long as the phone is unlocked, the laptop will let you skip the usual password prompt and hop right in with just a quick click on the sign-on screen.

To read this article in full, please click here



Computer World Security News
Oct 26, 2018

Well, do you trust 'em or don't you?
Flashback a few decades to the days when this pilot fish is a supervisor in the call center for a big mail-order PC company.

"Our agents were privy to a customer's credit card information right in the call tracking system," says fish. "We trusted 600 agents with nearly unlimited access to this customer information without ever a single theft from our people."

But the call center manager decides the operation needs a way to approve replacement parts to be shipped to customers.

That leads to a new process: When a call-center agent is sending a simple part -- say, a new mouse or inexpensive sound card -- the agent types in his badge number, then must turn his head to get his supervisor's attention.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Apple appears to have blocked GrayKey iPhone hacking tool
Apple has apparently been able to permanently block de-encryption technology from a mysterious Atlanta-based company whose blackbox device was embraced by government agencies to bypass iPhone passcodes.

Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.

The blackbox technology purportedly worked, as Grayshift's technology was snapped up by regional law enforcement and won contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.

Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security tested the technology.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Win10 1803 big bug bash KB 4462933 joins earlier versions, a week late to the party
Back on Oct. 18, a "C Week" Thursday, Microsoft released hefty rounds of bug fixes for Win10 1607, 1703 and 1709. At the time, I wondered out loud why the latest (unyanked) version of Win10, version 1803, didn't get a similar dose. Now, on a "D Week" Wednesday, it looks like we've seen the deluge.

To read this article in full, please click here



Computer World Security News
Oct 24, 2018

Complete transcript, video of Apple CEO Tim Cook's EU privacy speech
Apple CEO, Tim Cook spoke up for privacy at a conference of European privacy commissioners in Brussels this morning. 

'AI must respect human values' The themes of this year's conference is "Debating Ethics: Dignity and Respect in Data Driven Life", Cook is the first tech CEO to serve as the keynote speaker for the conference and was invited to speak.

He talked about data, put in a bid for a bill of U.S. digital rights, slammed competitors for profiting while unleashing powerfully negative forces, and spoke up for a GDPR-style privacy protection in the U.S.

To read this article in full, please click here



Computer World Security News
Oct 22, 2018

Wonder if they'll ever tell HIM what's going on...
This IT pilot fish has been supporting a customer remotely through a VPN that's usually pretty solid -- but definitely not always.

"Every now and then it disconnected me randomly," says fish. "Then it continued disconnecting me repeatedly every 30 to 60 seconds.

"I went through the usual litany of rebooting, trying a different computer, trying a different network, etc. Every time I got the help desk involved, they pulled a bunch of different logs that basically just said 'disconnected' without any cause given.

"After several rounds of changes that miraculously fixed it, then suddenly stopped working again, the issue got escalated to a high-enough tier that an answer was forthcoming.

To read this article in full, please click here



Computer World Security News
Oct 19, 2018

Policies and paper trails -- our new best friends
This IT pilot fish works with lots of sensitive data -- and that means really sensitive, such as child abuse investigations.

"Until a few years ago, I had access to all that data, so I could write ad-hoc reports against it," says fish. "We 'systems' people were given access to everything, so we could troubleshoot application problems for the users.

"Then one day I was called into the CEO's office. He told me that according to the logs, I did a search against the Child Welfare data for a particular family on a date and time six months earlier -- and wanted to know why I did the search."

As best fish can recall, he was doing the search to troubleshoot a particular report that one caseworker was trying to run. To do that, he used his own workstation to duplicate the steps that the caseworker took to get to the error.

To read this article in full, please click here



Computer World Security News
Oct 18, 2018

How to use the Shodan search engine to secure an enterprise's internet presence
Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities. Senior writer J.M. Porup and content producer Juliet Beauchamp talk through the security scenarios.

Computer World Security News
Oct 17, 2018

Microsoft Patch Alert: October's been a nightmare
This month's bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked "Check for updates" and got all of the files in your Documents and Photos folders deleted. Even if you didn't become a "seeker" (didn't manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP ("Metro" Store) apps might have been kicked off the internet.

You didn't need to lift a finger.

[ Further reading: Windows 10 update (and retirement) calendar: Mark these dates ] Worst Windows 10 rollout ever Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked "Check for updates" wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20
The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

"In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Stats make iOS a hard OS to ignore
The latest version of Apple's mobile operating system — iOS 12 — was released just a few weeks ago, and yet it's already installed on 53% of relatively newer iPhones (introduced since September 2014) and 50% of all iPhones. Bottom line: It's the fastest acceptance of any Apple OS.

This is more than a minimally interesting statistic. It illustrates the key difference between Apple mobile devices and Android mobile devices: Although there are more Android users on the globe, Apple's users are much more of a community. That means many things from an Apple marketing perspective, but for IT, it means far greater security.

To read this article in full, please click here



Computer World Security News
Oct 15, 2018

Economist Nouriel Roubini: Blockchain and bitcoin are the world's biggest scams
New York University professor and global economist Nouriel Roubini testified before the U.S. Senate Committee on Banking last week, saying cryptocurrencies such as bitcoin are the mother of all scams and bubbles.

He followed that assertion up by calling blockchain, the technology unpinning bitcoin, "the most over-hyped — and least useful — technology in human history."

[ Further reading: What is FinTech (and how has it evolved)? ] Today, Roubini doubled down on his claims in a column published on CNBC.com in which he said blockchain has promised to cure the world's ills through decentralization but is "just a ruse to separate retail investors from their hard-earned real money."

To read this article in full, please click here



Computer World Security News
Oct 12, 2018

Regulating the IoT: A conversation with Bruce Schneier | Salted Hash Ep 49
Security expert and author Bruce Schneier talks with senior writer J.M. Porup about that widespread use of connected chips -- allowing hackers to access cars, refrigerators, toys and soon, even more home consumer items.

Computer World Security News
Oct 12, 2018

How secure are electronic voting machines? | Salted Hash Ep 48
With the midterm elections looming, electronic voting machines are getting increased scrutiny. J.M. Porup, senior writer at CSO, sits in the hosts chair this episode, breaking down the security risk with content producer Juliet Beauchamp.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, Chinese whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, spy chip whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

Computer World Security News
Oct 11, 2018

Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'
Data breaches have become so common, and so frequent, that when companies like Facebook or Google admit to data leaks or outright hacks, users fret, the companies pledge to do better, and government regulators (sometimes) issue stern warnings.

Lather. Rinse. Repeat.

In recent weeks, Facebook acknowledged a breach affecting 50 million users and Google had to fess up to a breach affecting Google Plus users after initially deciding to keep quiet.

To read this article in full, please click here



Computer World Security News
Oct 11, 2018

Mingis on Tech: Data breaches in a world of 'surveillance capitalism'
Facebook and Google recently acknowledged data breaches affecting millions of users. This won't be the last time that happens. CSO's J.M. Porup and Computerworld's Ken Mingis examine what's really going.

Computer World Security News
Oct 10, 2018

Why Apple must be looking into using blockchain
Everyone who can is looking into using Blockchain and Apple is no exception, though it will be a long time before we see any consumer-facing implementations of this.

Apple looks at lots of technologies If it's on the Gartner Hype Cycle you can bet a few bucks Apple is looking at it.

That's why I think it will eventually introduce a 3D printer that works in conjunction with ARKit (unverified prediction), and also why it must be thinking about how to use blockchain.

To read this article in full, please click here



Computer World Security News
Oct 10, 2018

What the heck is it with Windows updates?
To help make life better for you, my loyal readers, I suffer by running Windows 7 and 10 on two harmless — never hurt anyone in their lives — PCs. Well, I did. But, in the last week I ran into not one, but two, showstopper update bugs.

First, on Windows 10, I was one of those "lucky" people who had files vaporize when I "updated" to Windows 10 October 2018 Update (version 1809). Because I only use Windows for trivial tasks, I didn't lose anything valuable when the patch decided to erase everything in the My Documents folder.

[ Related: How to block the Windows 10 October 2018 Update, version 1809, from installing ] Somehow, I think most Windows users use Windows for more important work than I do. I hope you have current backups. At least Computerworld's Woody Leonhard has some good news: You can get those deleted files back.

To read this article in full, please click here



Computer World Security News
Oct 06, 2018

Spy chips on servers? Lessons learned (and questions to ask)
On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 05, 2018

Apple, Amazon server spy story is wake-up call to security pros
Apple and Amazon have strenuously deniedBloomberg's claims of a sophisticated hardware exploit against servers belonging to themselves and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it's claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer, Super Micro. That company's server products are/were also used by Amazon, the U.S. government and 30 other organizations. The chips were (it is alleged) put in place by employees bribed by Chinese government agents.

To read this article in full, please click here



Computer World Security News
Oct 05, 2018

Apple, Amazon server spy story is wake-up call to security pros (u)
Apple and Amazon have strenuously denied Bloomberg's claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it's claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company's server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here



Computer World Security News
Oct 05, 2018

Time to lock the security team in a hotel room?
IT security has laptops at this company really locked down, and that includes only limited admin rights, reports a road warrior pilot fish.

"On a recent trip, at my hotel I had to make an internet connection and open a web page to log into the hotel's internet service before I could get a connection to the real internet," fish says.

"Problem was, the work laptop was not going to let me use the browsers until I had established a VPN connection, which of course I could not do without the web page login.

"In a way, that was good -- I took some real vacation time.

"In another way, it was bad, I have big hands and fingers, so using an iPhone and those stupid virtual keyboards is a one-finger, error-prone task. An email that could take seconds to type on a full-size keyboard takes minutes on the phone.

To read this article in full, please click here



Computer World Security News
Oct 01, 2018

Open door policy
This server room is getting keycard access to make sure only those on the approved list are allowed to enter, reports a pilot fish on the scene.

"A card reader is installed on the outside of the door to get in," fish says. "But how to handle exiting the room? Someone has the bright idea that a system administrator inside the server room might have their hands full when they're trying to leave.

"So a motion sensor is installed on the inside, looking down on the doorway. That way, if someone walks up to the door from the inside, it will automatically unlock.

"But whoever created this system is a much more trusting soul than one of the sysadmins, who looks over the already installed system and sees the flaw.

To read this article in full, please click here



Computer World Security News
Sep 27, 2018

Easy-to-prevent Apple flaw may threaten enterprise security
An obscure flaw in Apple's Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing Duo Security researchers say they've figured out how to enrol a rogue device onto an enterprise's MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple's Device Enrolment Program (DEP), but not yet set-up on the company's MDM server, they said.

To read this article in full, please click here



Computer World Security News
Sep 27, 2018

Easy to prevent Apple flaw may threaten enterprise security
An obscure flaw in Apple's Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing Duo Security researchers say they've figured out how to enrol a rogue device onto an enterprise's MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple's Device Enrolment Program (DEP), but not yet set-up on the company's MDM server, they said.

To read this article in full, please click here



Computer World Security News
Sep 21, 2018

Apple's dropping Back To My Mac Remote Access. Here's an Alternative, Currently Discounted.
Apple is dropping the Back To My Mac remote access feature, and in a recent support document they urge you to be prepared by looking for alternatives.

RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.



Computer World Security News
Sep 21, 2018

Back to the ol' spam-fighting drawing board
Pilot fish returns from an extended holiday weekend to find his inbox full of spam -- and for once, dozens of the messages seem to be related.

"I was curious, so I didn't delete all 50 of them right away," says fish. "The first one was obviously spam -- a 'Hi, do you remember me, can we talk?' message with a phishing link.

"But the first reply was from an autoresponder at a legal-services company: Thank you for your email. You have reached the email inbox for... Please let us know if you have any questions."

The next message is from another autoresponder, replying not to the spam but to the first autoresponder: Thank you for contacting us. This is an automated response confirming the receipt of your ticket. Our team will get back to you as soon as possible.

To read this article in full, please click here



Computer World Security News
Sep 20, 2018

Microsoft Patch Alert: Despite weird timing, September's Windows and Office patches look good
As we near the end of patching's "C Week" (which is to say, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft's patches for Intel's Meltdown/Spectre bugs, you should be in good shape.

[ Related: Windows 10 October 2018 Update: Key enterprise features ] Why a Patch Monday? On Sept. 17, Microsoft released two very-out-of-band cumulative updates for Windows 10:

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

Why Windows 10 is the most secure Windows ever
Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features - namely Device Guard and Credential Guard - in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft's cloud-based forensic analysis tool.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

Easy way to bypass passcode lock screens on iPhones, iPads running iOS 12
Update for iOS 12 With iOS 12 and iPhones that have Touch ID, you can still bypass the iPhone lock screen and trick Siri into getting into a person's phone. The bypass is the same as it was in earlier versions of the operating system:

Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up. Say to Siri: Cellular data. Siri then opens the cellular data settings where you can turn off cellular data.

[ Further reading: How to use a strong passcode to better secure your iPhone ] As was the case before, anyone can do this. It doesn't have to be the person who "trained" Siri.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

9 iOS 12 security improvements you should know about
Apple has shipped iOS 12 and it's packed with new security improvements and settings every user needs to know about.

Ad tracking Apple has made it much harder for data harvesting companies to exfiltrate your data without you knowing.

Safari in iOS 11 blocked third-party cookies that tracked you across multiple websites and cookies older than 30-days in age.

iOS 12 also gives you the option to block social media sharing icons and comment boxes from tracking you. Apple has also made it much harder for fingerprinting technologies to track and identify you by gathering information about your device, such as capacity or installed apps.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

W. Va. to use blockchain-based mobile app for mid-term voting
West Virginia this fall will let members of the military and their families deployed overseas to vote by smartphone or tablet using a blockchain-based app developed by a Salt Lake City start-up, Voatz.

The voters using the app would otherwise have to submit paper absentee ballots via mail or vote over a land line telephone.

The move means the state will become the first in the U.S. to use blockchain in a voting system in a general election.

[ Further reading: What is blockchain? The most disruptive tech in decades ] After being elected in January 2017, West Virginia Secretary of State Mac Warner  tasked IT staff to investigate mobile voting options for 8,000 West Virginian military members overseas. Warner, a retired U.S. Army officer with four children who are also all current or former Army officers, cited his own inability to vote when deployed in Afghanistan as one reason for his efforts.

To read this article in full, please click here



Computer World Security News
Sep 17, 2018

SharePoint Workflows go belly-up when you install the September .Net Security Only patch
‘Softie Rodney Viana has posted details and a workaround for the "System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized" bug.

Apparently, installing last Tuesday's KB 4457916 Security Only updates for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 causes a hard stop with any SharePoint Workflows. (Workflows are set up by an admin to handle the flow of documents through a series of steps.)

To read this article in full, please click here



Computer World Security News
Sep 14, 2018

One small step forward, one giant leap back
This pilot fish is paying his monthly bills online when he discovers one of his utilities has changed the payment part of its website -- a lot.

"I clicked on the 'Payment' button, and saw that I now had the option of paying with or without logging in," says fish.

"OK, the no-login option could be handy, but I've been paying this bill online for years, so I clicked on the login option. It asked me for my user name and eight-digit PIN. What PIN? I have a long, secure password. I tried that. It didn't work."

And after several unsuccessful attempts, fish tries the no-login version -- which just takes him to the same screen asking his PIN.

To read this article in full, please click here



Computer World Security News
Sep 13, 2018

Throwback Thursday: Just one more thing to worry about
This pilot fish and his wife are planning a long-overdue vacation to an all-inclusive resort -- one of those places where you don't have to worry about things like meals or tipping.

"I log onto the resort's website in order to make some reservations ahead of our arrival," fish says, "and am presented with the standard registration page."

He enters his information on the page, which also asks "for security reasons" that he set up a password.

It's not until after he has clicked "OK" that fish looks at the icon in his web browser and realizes the page isn't encrypted. He does a quick browse of the source code for the page, and finds that there's no SSL anywhere securing the data he's just typed in.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Time to turn off Windows Automatic Update and brace for impact
August 2018 was a relatively innocuous patching month, although the final resolution to the August problems didn't appear until late Friday night just as the month was coming to a close — on a three-day weekend in the US.

We've seen the same pattern repeat itself almost every month since the beginning of the year: The first round of Microsoft security patches (notably including Win10 patches) introduce bugs, while subsequent rounds of patches each month squash most of them. If we're lucky.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Mac and iOS apps stealing user data -- an enterprise take
Reports claiming numerous apps distributed through Apple's App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data On the surface, the data being extracted is kind of … personal, such as location and browser histories. Information like that provides additional insight into what individual users are up to. Why should that concern an enterprise?

That's a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Mac and iOS apps stealing user data, an enterprise take
Reports claiming numerous apps distributed through Apple's App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data On the surface, the data being extracted is kind of… personal: Location, browser histories, information like this provides additional insight into what individual users are up to. Why should that concern an enterprise?

That's a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Why security is the first thing to go, episode 65,723
IT contractor has a project to upgrade some software for a client -- and the project is way behind schedule, says a pilot fish on the client side.

And why is that such a problem? "The existing product goes End-of-Life soon, at which time it will no longer be an approved product for us," fish explains.

"The contractor's people come in and pitch their schedule to upper management. In the briefing, they bring up the fact that the new product is not even approved to be on our highly secured network, and they have not even started on getting it approved.

"Essentially, if they have to get it approved, they can never get it deployed on time.

To read this article in full, please click here



Computer World Security News
Sep 06, 2018

Throwback Thursday: Well, trial and error IS a mechanism
New regulations go into effect requiring more physical and electronic security at this health insurance company, so the company hires a chief security officer to oversee the efforts, says a pilot fish there.

"I was involved in the original security implementation on most of the systems and offered to help, but the new CSO refused our input," fish says. "He put keycard access on the computer room and UPS room and confiscated any physical keys he could find.

"When asked what would happen if the keycard system went down, he responded that 'mechanisms are in place,'" fish recalls.

Soon, only three people have physical keys: the CSO, chief financial officer and facilities manager.

To read this article in full, please click here



Computer World Security News
Sep 05, 2018

Get caught up on your July and August Windows/Office patches
With the arrival of "Fourth Week" patches on the last working day of August, and having had a few days to vet them, it looks as if we're ready to release the cracklin' Kraken.

The steaming pile of Windows Intel microcode patches Microsoft continues to unleash microcode patches for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n =4). You won't get stung by any of them, unless you specifically go looking for trouble.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

VirusTotal Intelligence, a search engine for malware | Salted Hash Ep 45
In this episode, host Steve Ragan talks with Karl Hiramoto, technical solutions consultant for VirusTotal, maker of VirusTotal Intelligence, a searchable detection tool for malware.

Computer World Security News
Aug 31, 2018

Firefox to auto-block ad trackers
Mozilla this week said that its Firefox browser will soon start to automatically block some ad tracking technologies that the company claimed impact page load performance and shadow users wherever they go.

"In the near future, Firefox will — by default — protect users by blocking tracking," wrote Nick Nguyen, Mozilla's top Firefox executive, in an August 30 post to a company blog.

Mozilla added what it dubbed "Tracking Protection" to Firefox 57, a.k.a. "Quantum," last fall. Since then, the feature has remained opt-in, meaning people must manually enable it from the browser's Preferences display if they want to use it. When switched on, Tracking Protection blocks a wide range of content, not just advertisements but also in-page trackers that sites or ad networks implant to follow users from one website to another. Such trackers are the reason why an ad for underwear from a specific vendor seemingly pops up wherever one goes after one has browsed the underwear selection at the seller's website.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

Apple insists developers ramp up their privacy commitments
Apple recently told the U.S. Congress that is sees customer privacy as a "human right", though the explanation didn't at that time extend to how third-party developers treat data they get from iOS apps. Now it does.

Privacy for the rest of us Starting October 3, Apple will insist that all third-party apps (including new apps and app updates) submitted to the App Store include a link to the app developer's own privacy policy.

This is a big change as until now only subscription-based apps needed to supply this information - and it also extends to the privacy policy itself, which Apple insists must be clear and explicitly in explaining:

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

Windows and .Net finally get their 'D Week' patches, as Intel microcode fixes go wacko
Time for the final August patching shoe to drop.

Late last night Microsoft released a flurry of patches, posting them on the Microsoft Update Catalog. Some are available through Windows Update, some aren't.

As of early Friday morning, the Win10 patches are not available through WSUS, the update server service. It's not clear if that's a mistake, a hesitation — or if somebody just went home last night and forgot.

Let's hear it for patching predictability. And transparency.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

You've got malware!
Flashback to the early 2000s, when this non-IT pilot fish works in a building where the level of computer literacy is hovering near absolute zero.

"I was the only person in my department who had any computer skills at all," fish grumbles.

"One day we all got an email notice from management about a virus that was going around, spread by email. We were warned about clicking links and opening pages and all the other standard warnings."

Fish suspects that most people in the department will just delete the warning, since they don't use their computers for anything but the bare minimum required by company business -- and they barely understand even that.

To read this article in full, please click here



Computer World Security News
Aug 28, 2018

University-customized Alexa devices will answer students' questions
Saint Louis University (SLU) has rolled out 2,300 Alexa-powered Echo Dot virtual assistants to all of its student living spaces to provide answers to university-related queries about events, speakers on campus and more.

The university also plans to extend use of the artificial intelligence assistant into classrooms and meeting rooms in future and aims to use the technology to support workplace productivity for its faculty staff, according to CIO, David Hakanson.

Students arriving at SLU this month can access a custom skill that answers questions relating to university services, such as "When does the library open?" or "Where is the registrar's office?"

To read this article in full, please click here



Computer World Security News
Aug 25, 2018

Here comes ‘antidisinformation as a service'
Disinformation was in the news again this week. Facebook, Twitter, Google and Microsoft said they removed accounts linked to Russian and Iranian disinformation campaigns.

And if you think it's all about politics and rogue nations, think again. The real story is about a new enterprise business service that fights disinformation.

I'll tell you all about that below. But first, the real news about the fake news.

Facebook said that 652 Facebook pages and groups run by the Iranian and Russian governments were deleted because they were found to be "misleading," by which it meant that the pages and social profiles presented themselves as something other than what they really were.

To read this article in full, please click here



Computer World Security News
Aug 24, 2018

Get serious about privacy with the Epic, Brave and Tor browsers
Privacy is one of the hardest things to find today — and one of the most prized, especially online. Most people, even those not technologically adept, are concerned about the amount of personal information that is being harvested by governments, corporations, third-party advertising agencies and/or unethical hackers.To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 23, 2018

Microsoft Patch Alert: Mainstream August patches look remarkably good, but watch out for the bad boys
So far this month we've only seen one cumulative update for each version of Windows 10, and one set of updates (Security only, Monthly Rollup) for Win7 and 8.1. With a few notable exceptions, those patches are going in rather nicely. What a difference a month makes.

We've also seen a massive influx of microcode updates for the latest versions of Windows 10, running on Intel processors. Those patches, released on Aug. 20 and 21, have tied many admins up in knots, with conflicting descriptions and iffy rollout sequences.

Big problems for small niches At this point, I'm seeing complaints about a handful of patches:

The original SQL Server 2016 SP2 patch, KB 4293807, was so bad Microsoft yanked it — although the yanking took almost a week. It's since been replaced by KB 4458621, which appears to solve the problem. The Visual Studio 2015 Update 3 patch, KB 4456688, has gone through two versions — released Aug. 14, pulled, then re-released Aug. 18 — and the re-released version still has problems. There's a hotfix available from the KB article, but you'd be well advised to avoid it. Outlook guru Diane Poremsky notes on Slipstick that the vers

Computer World Security News
Aug 23, 2018

China once again cracks down on cryptocurrencies, news outlets
In an ongoing campaign to tamp down the growth of once-flourishing cryptocurrencies it sees as a threat, the Chinese government has ordered more than a half dozen online news outlets to shut down and banned physical venues from hosting crypto-related events.

On Tuesday, eight blockchain and cryptocurrency-focused media outlets were banned on WeChat, China's most influential instant communication and mobile payment app, for allegedly violating new government regulations forbidding the publishing of information related to initial coin offerings (ICOs) or cryptocurrency trading speculation.

To read this article in full, please click here



Computer World Security News
Aug 23, 2018

Detecting bot attacks | Salted Hash Ep 44
In this episode, host Steve Ragan talks with Engin Akyol, CTO at Distil Networks at the Black Hat 2018 conference, about bot account takeovers and how they can be detected.

Computer World Security News
Aug 17, 2018

2 undocumented patches from Microsoft may solve the 1803 TLS 1.2 blocking problem
Microsoft's KB 4458166, released on Tuesday, explains that the push to Win10 version 1803 has been halted for machines running .Net applications that use the TLS 1.2 security protocol. Presumably, effective Tuesday, if you have a Win10 1709 or 1703 machine that's running one of those programs (including, notably, QuickBooks Desktop), Microsoft won't try to push 1803 on it.

To read this article in full, please click here



Computer World Security News
Aug 17, 2018

IBM, Maersk launch blockchain-based shipping platform with 94 early adopters
After launching a proof of concept earlier this year, IBM and Maersk have unveiled TradeLens, the production version of an electronic ledger for tracking global shipments; the companies say they have 94 participants piloting the system, including more than 20 port and terminal operators.

The jointly developed electronic shipping ledger records details of cargo shipments as they leave their origin, arrive in ports, are shipped overseas and eventually received.

To read this article in full, please click here



Computer World Security News
Aug 16, 2018

Throwback Thursday: How did...er, DIDN'T he do that?
It's 1977, and this network analyst pilot fish is working at a newly constructed data center -- one with a big fence.

"The company had just gotten a new sense of needing physical security, so they had included a new, state-of-the-art security system," says fish.

"It had electronic locks at a handful of doors in the building, a 10-foot-high fence with a motorized gate, and key-card reader stations by each of the locked doors and the gate."

One day, company needs to bring a new communications line up between the data center and an office 10 miles away. Fish's team leader decides the best way to do this without disrupting the users is to have fish go to the remote office at 4:30 a.m., while his team leader goes to the data center.

To read this article in full, please click here



Computer World Security News
Aug 15, 2018

Patch Tuesday fallout: Bad docs, but so far no major problems
Microsoft may have fixed July's horrible, no good, very bad patches. Although the initial documentation for this month's patches included warnings about many of the bugs that persisted from July, it ends up that the docs were wrong, and most of the known problems seem to be fixed.

As of early Reboot Wednesday morning, the patches seem to be behaving themselves. Of course, it frequently takes days or even weeks for bugs to appear, so you'd be well advised to avoid jumping into the unpaid battle zone for now.

To read this article in full, please click here



Computer World Security News
Aug 15, 2018

Blockchain phase 2: Will it scale?
More than one organization has been working on solving a major blockchain conundrum: how to improve sluggish transaction performance.To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 14, 2018

A hidden Android Pie security setting everyone should enable
Google's new Android 9 Pie release has plenty of fresh features and interface changes, but one of the software's most significant security improvements has managed to stay mostly off the radar.

In addition to all of the oft-discussed privacy and security enhancements, y'see, Pie has an out-of-sight and semi-advanced option. It's not something you'd use every day — or often at all, really — but if the right sort of occasion ever comes along, you'll be glad you have it enabled.

To read this article in full, please click here



Computer World Security News
Aug 13, 2018

Patch Tuesday's coming: Block Windows Update and pray we don't get fooled again
July 2018 patches for both Windows and Office brought bugs and bugs of bugs — many of which haven't been solved, even now. We have even reached the unprecedented stage where the .NET team openly warned people against installing buggy updates, and the Monthly Rollup previews got shoved down the Automatic Update chute to fix bugs in the primary Monthly Rollup.

July was more galling than most months because the patches caused widespread problems for many, while plugging security holes for exactly zero widespread infections.

To read this article in full, please click here



Computer World Security News
Aug 10, 2018

Blue Team Village, DEF CON 2018 | Salted Hash Ep 43
Host Steve Ragan talks to Munin, a staffer at the DEF CON Blue Team Village about what's happening and what you can expect.

Computer World Security News
Aug 10, 2018

Blue Team village, Deffcon 2018 | Salted Hash Ep. 43
Host Steve Ragan talks to Munin, a staffer at the DEF CON Blue Team Village about what's happening and what you can expect.

Computer World Security News
Aug 10, 2018

A word to the wise: Skip Microsoft's July patches
On July 9, I recommended that you disable Windows Automatic Update and wait to see if the July Microsoft patches brought more mayhem than relief. With the August patches just a few days away, it's time to put a nail in the July coffin. I strongly recommend that you not install any of the July patches, and pray that Microsoft treats us better in August.

It's been a tumultuous month.

To read this article in full, please click here



Computer World Security News
Aug 08, 2018

An inside look at hybrid Office 365 phishing attacks | Salted Hash Ep 41
In this episode, Steve Ragan shows what a hybrid phishing attack looks like as it starts off on one service, and quickly moves to another.

Computer World Security News
Aug 07, 2018

Grand Theft IT? Not quite
The time has come for the sales team at this financial services company to get new top-of-the-line laptops -- and they're being upgraded 80 at a time, reports an IT pilot fish there.

"Late one night, the guy in charge of the upgrade got a call from Security saying that a break-in had occurred," fish says. "They told him that on the security cameras they saw the thieves making off with a lot of laptops.

"The upgrade project manager arrived at the scene to meet the police -- who were very puzzled when he started laughing.

"Turns out the thieves stole 80 decommissioned laptops with no hard drives, while ignoring the 80 new laptops sitting in boxes beside the decommissioned ones."

To read this article in full, please click here



Computer World Security News
Aug 07, 2018

What is a phishing kit? Watch this in-depth explainer | Salted Hash Ep 39
What is a phishing kit? In this video, Steve Ragan offers an answer and a look at some of the kits Salted Hash has collected.

Computer World Security News
Aug 06, 2018

TSMC's iPhone chip attack is a wake-up call for enterprise security
Apple chipmaker TSMC suffered a serious WannaCry-related ransomware infection that closed down production at some of its factories. The incident should be a wake-up call for manufacturers across every industry.

Manufacturing is under attack TSMC has said the incident was not the result of a direct attack. Instead it says its systems were exposed to the malware "when a supplier installed tainted software without a virus scan."

The malware spread fast and impacted some of the company's most advanced facilities used to build Apple's A-series chips.

To read this article in full, please click here



Computer World Security News
Aug 06, 2018

How Microsoft became tech's good guy
Once upon a time, Microsoft symbolized all that was wrong with the tech world: greedy, monopolistic, single-mindedly focused on profits while caring little about the public good. In the heyday of Bill Gates and Steve Ballmer, the company ran roughshod over competitors in its attempt to corral the worldwide market for both operating systems and application software.

But today, Microsoft has embraced the role of the tech world's better angel. And as events show in recent weeks, that's not hype. The company has, to some extent, tried to act as the industry's conscience as well as taking actions for the greater good.

One case in point: Microsoft's recent revelation that it had uncovered evidence that the Russian government had targeted three congressional campaigns in the upcoming midterm elections — and that it had helped thwart the plot. Microsoft discovered the attempts as part of its long-running battle against the Russian government-backed hacking cyber-espionage group called Fancy Bear. Microsoft, which has been playing whack-a-mole with the group for well over a year, targets the command-and-control servers that control malware that Fancy Bear plants on victims' computers, as well as associated websites that install malware on targets' computers when the victims visit them as a result of a spearphishing attack.

To read this article in full, please click here



Computer World Security News
Aug 06, 2018

An introduction to Kit Hunter, a phishing kit detector | Salted Hash Ep 40
Kit Hunter, a basic Python script written by host Steve Ragan, searches on common tag elements to find hidden phishing kits on a web server.

Computer World Security News
Aug 03, 2018

Windows updaters express frustrations. Microsoft responds.
No doubt you recall patching guru Susan Bradley's open letter to Microsoft brass, summarizing the results of her Windows update survey. The results were quite damning in many ways, with complaints about the quality and frequency of patches topping the list.

[ Related: The best places to find Windows 10 ISOs] Microsoft has responded to the open letter in a rather roundabout way. Two days after Computerworld posted the open letter, Bradley received an email that says:

To read this article in full, please click here



Computer World Security News
Aug 01, 2018

Brush up on your IT skills with this comprehensive CompTIA training bundle
Whether you're a veteran Cloud professional with numerous IT certifications, or you've just started your career after earning an A , it's always in your best interest to stay up-to-date with the fundamentals. The Complete 2018 CompTIA Certification Training Bundle includes 12 courses covering several CompTIA exams, so you can stay sharp and potentially add another notch to your belt of IT certifications. It's available on sale today for $59.

To read this article in full, please click here



Computer World Security News
Aug 01, 2018

Apple users ‘most appealing' to cybercriminals' online scams
Apple's platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security — partly because hacked Apple user credentials are among the most valuable properties you'll find on the so-called dark web.

A complex crime There is no doubt at all that Apple is growing in the enterprise, which is why every iOS or macOS user needs to understand that the new cyber threats aren't confined to annoying viruses, trojans, or malware attacks.

Enterprise security chiefs are becoming increasingly aware that network, device, location-based, and user security must also be seen as part of the mix. Platform security is only one element to an overall security picture.

To read this article in full, please click here



Computer World Security News
Aug 01, 2018

Conversation hijacking attacks | Salted Hash Ep 38
Troy Gill, manager of security research at AppRiver, explains conversation hijacking attacks, or CHAs, with host Steve Ragan, including who is typically targeted and how to prevent them.

Computer World Security News
Jul 31, 2018

If at first you don't succeed, .Net, .Net, .Net again
July will go down in the Microsoft Patching Halls of Infamy as one of the worst months ever. Every version of Win10 got three big cumulative updates, and a fourth should be hot on their heels. Let that sink in for a second: Windows patches used to come out once a month, then twice, and now we're up to three or four a month, sprinkled on random days of the month. And they're big bunches of fixes.

To read this article in full, please click here



Computer World Security News
Jul 30, 2018

An open letter to Microsoft management re: Windows updating
From: Susan Bradley

To: Mr. Satya Nadella, Mr. Carlos Picoto and Mr. Scott Guthrie

Dear Sirs:

Today, as Windows 10 turns three years old, I am writing to you to ensure that you are aware of the dissatisfaction your customers have with the updates released for Windows desktops and servers in recent months. The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don't install updates and leave machines subject to attack.

To read this article in full, please click here



Computer World Security News
Jul 30, 2018

Phishing problems: 3.2M emails blocked in a month | Salted Hash Ep 37
Asaf Cidon, vice president of email security at Barracuda Networks, talks with host Steve Ragan about a recent uptick in phishing attacks, including a spike in business email compromise (BEC) attacks.

Computer World Security News
Jul 30, 2018

New MacBook Pros at work? Here's how to manage them right
Earlier this month, Apple unveiled its newest generation of MacBook Pros; all feature a significant bump in performance, a redesigned butterfly keyboard, the arrival of "Hey Siri" commands and a second generation of Apple's T-series chips. The T2 chip works to improve performance and includes a Secure Enclave for encryption operations to secure the laptops and power Apple's TouchID as well as the Touch Bar. (The T2 chip is already in Apple's iMac Pro.)To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 26, 2018

Microsoft Patch Alert: Still reeling from one of the worst patching months ever
If you ever wondered why people — and organizations — are taking longer and longer to willfully install patches, take a look at what happened this month. After a disastrous start, Windows 10 patches seem to be OK, but .NET and Server patches still stink.

For most of the year, we've seen two big cumulative updates every month for each of the supported Win10 versions. This month, so far, we've had three. Microsoft's claim that it will install the Win7 and Win8.1 Monthly Rollups defies logic. The .NET patches are in such bad shape that the .NET devs have thrown in the towel. And here we sit not knowing exactly which way is up.

Three Win10 cumulative updates for each version in July On Patch Tuesday, July 10, as usual, Microsoft rolled out cumulative updates for all of the supported versions of Windows 10. Almost immediately we heard screams of pain as four big bugs, later officially acknowledged, hit the fan. Six days later, Microsoft released a second set of cumulative updates, again for all versions of Win10. Those updates were specifically designed to fix the bugs introduced by the original updates. The build numbers in the Knowledge Base articles didn't match the build numbers that people actually installed but, well, that's Microsoft.

To read this article in full, please click here



Computer World Security News
Jul 26, 2018

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Jul 25, 2018

The risks associated with global Internationalized Domain Names | Salted Hash Ep 36
Paul Vixie, CEO of Farsight Security, explains how global Internationalized Domain Names, or global IDNs, sparked the emergence of confusingly similar website addresses with nefarious goals -- and how to combat them.

Computer World Security News
Jul 23, 2018

The MacBook Pro's T2 chip boosts enterprise security
You may have missed an all-new enterprise-focused feature woven inside of Apple's all-new MacBook Pro - its new T2 chip which fundamentally enhances the security of these computers.

What is the T2 chip? The successor to the T1, Apple's T2 chip enables secure boot and encrypted storage on the machine. It first appeared on the iMac Pro.

What does the T2 chip do? The most widely-reported task handled by the T2 chip is the provision of "Hey Siri" support for the first time on a Mac.

To read this article in full, please click here



Computer World Security News
Jul 23, 2018

July Windows .Net patches appear, disappear, reappear, disappear again
Microsoft's July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks after they were first unleashed, poorly documented versions of the patches now appear to be available, but are not being actively pushed. There's no indication from Microsoft if and/or when they'll be fixed.

These patches, originally released on Patch Tuesday, July 10, are baring their FAANGs:

KB 4340556 — Security and Quality Rollup updates for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4340557 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4340558 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT

Computer World Security News
Jul 23, 2018

Nice to know our financial world is in safe hands
This company is the target of a spear-phishing attack, but it doesn't actually get very far, according to an IT pilot fish working there.

"It was the typical 'CEO is out of the office and needs a wire transfer done right away' message," fish says.

"Our people are pretty good at spotting phishing attempts, and our administrative assistant was immediately suspicious because we do wire transfers approximately never. She strung the guy along over multiple emails and got all the transfer information -- amount, routing number, account number and so on.

To read this article in full, please click here



Computer World Security News
Jul 23, 2018

Don't ignore application security | Salted Hash Ep 35
In this episode, Michael Feiertag, CEO and co-founder of tCell, joins host Steve Ragan to talk about why application security is more critical than ever and why it's just now getting more attention from security teams.

Computer World Security News
Jul 21, 2018

Fake products? Only AI can save us now.
Half a trillion dollars.

That's the rough amount of money that counterfeiters displaced last year by selling phony products. Some 2.5% of all trade is for fake goods.

The United States is hit hardest by the scourge of counterfeit products — U.S. brands accounted in 2013 for 20% of the world's infringed intellectual property.

When most people think about counterfeiting, they think of knock-off Louis Vuitton handbags sold on the sidewalk. But fake products also include business and enterprise products, as well as everyday consumer goods.

To read this article in full, please click here



Computer World Security News
Jul 20, 2018

Microsoft dives down a bizarre non-cumulative rabbit hole with July patches
If you're trying to apply this month's patches — an exercise in futility that I continue to discourage — you may have found that this month's patches and their documentation read like a da Vinci script, mirrored upside down and backwards.

Take this astounding bit of bafflegab, from the official Microsoft Exchange blog:

To read this article in full, please click here



Computer World Security News
Jul 20, 2018

It was a JOKE, OK?
Pilot fish's workplace is upgrading to use smart cards, but he's not thinking about that when he sees a pop-up about an update -- one that strikes fish as a little, um, fishy.

"I thought, if something like that was to occur and need user intervention, IT would have sent a notice out about it," says fish.

"So a screen shot and email went off to IT security. They responded much faster than I expected, and in person: There was something wrong and they needed my laptop hard drives ASAP."

Fish turns over his machine, and the next day he receives replacement hard drives. But it turns out his backup wasn't configured for all the folders and file types he stores data in -- and now he's missing about a terabyte of data.

To read this article in full, please click here



Computer World Security News
Jul 19, 2018

Why Windows 7 updates are getting bigger
Windows 7's security rollups, the most comprehensive of the fixes it pushes out each Patch Tuesday, have doubled in size since Microsoft revamped the veteran operating system's update regimen in 2016.

According to Microsoft's own data, what it calls the "Security Quality Monthly Rollup" (rollup from here on) grew by more than 90% from the first to the twenty-first update. From its October 2016 inception, the x86 version of the update increased from 72MB to 137.5MB, a 91% jump. Meanwhile, the always-larger 64-bit version went from an initial 119.4MB to 227.5MB, also representing a 91% increase.

The swelling security updates were not, in themselves, a surprise. Last year, when Microsoft announced huge changes to how it services Windows 7, it admitted that rollups would put on the pounds. "The Rollups will start out small, but we expect that these will grow over time," Nathan Mercer, a Microsoft product marketing manager, said at the time. Mercer's explanation: "A Monthly Rollup in October will include all updates for October, while November will include October and November updates, and so on."

To read this article in full, please click here



Computer World Security News
Jul 19, 2018

Is mobile sensor-based authentication ready for the enterprise? Some big players think it might be.
An Arizona security company is working on an interesting approach to mobile authentication, one that leverages the exact angle a user holds the phone as a means of making replay attacks a lot more difficult. Aetna has been testing the method internally (according to the security company's CEO) and the company — Trusona — has announced about $18 million in funding, from Microsoft Ventures ($10 million) and Kleiner, Perkins, Caufield and Byers ($8 million).

The Microsoft Ventures funding is interesting because one of the more popular mobile authentication methods today is Microsoft's Authenticator app. Is Redmond covering its bases, or does it see the Trusona effort as threatening to displace Authenticator, at least in the enterprise IT world?

To read this article in full, please click here



Computer World Security News
Jul 18, 2018

Mingis on Tech: The blockchain evolution moves from services...to smartphones?
If 2017 was the year many tech firms suddenly looked around and realized they needed to be part of the blockchain craze, this is the year companies in a variety of industries have begun actively experimenting with the distributed ledger technology.

Helping to make that possible - especially for firms with no experience in building out blockchain systems themselves - are IT vendors like IBM, Microsoft, HPE and Amazon Web Services. They now offer blockchain-as-a-service.

To read this article in full, please click here



Computer World Security News
Jul 18, 2018

Mingis on Tech: The blockchain evolution, from services...to smartphones
Oracle joins other major tech vendors by rolling out its blockchain-as-a-service offering, and two smartphone makers plan to include the technology in new devices this year. Get the latest on the blockchain craze.

Computer World Security News
Jul 17, 2018

Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches
In what is becoming a common occurrence, Microsoft's Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month, unusually, it took only six days to get the exterminators out.

Since these fixes are aimed at four specific bugs introduced on Patch Tuesday, they don't include the massive patches normally appearing on the second Patch Whateverday of the month. My guess is we'll see at least one more big set of Windows patches before the month is out. Oh, boy.

Windows July patches, version 2 Yesterday, Monday, July 16, Microsoft released 27 new security patches for Windows, bringing the total number of patches so far this month up to 156. The new patches fall into six separate groups:

To read this article in full, please click here



Computer World Security News
Jul 13, 2018

Microsoft yanks buggy Office 2016 patch KB 4018385, republishes all of this month's patch downloads
As I reported yesterday, the July 2018 Windows and Office patches teem with bugs. We're just beginning to see the fallout.

The July 3 non-security Office 2016 patch KB 4018385 is officially yanked. If you don't recall KB 4018385 — a small patch in a sea of Office fixes — the original KB article describes it thusly:

To read this article in full, please click here



Computer World Security News
Jul 13, 2018

Here come the first blockchain smartphones: What you need to know
After months of speculation, Taiwanese electronics company Huawei Technologies Ltd. (HTC) has confirmed it will be releasing a blockchain-enabled smartphone this year that will allow users to securely store cryptocurrency offline and act as a compute node in a blockchain network.

"We want to double and triple the number of nodes of Ethereum and Bitcoin," HTC said in its marketing material for the device. The new smartphone is expected to be able to work with multiple blockchain protocols allowing for interoperability between them.

[ Further reading: Review: Samsung's new Galaxy S9 phones make excellence routine ] In addition, the HTC Exodus blockchain-enabled smartphone will allow owners to play CryptoKitties, a decentralized app (Dapp) game. Dapps are applications that run across multiple nodes on peer-to-peer (P2P) networks.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact

©1999-2018 CEOExpress Company LLC