NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Oct 16, 2019

Can Facebook's Libra cryptocurrency survive the exodus?
After the withdrawal of seven of the 29 founding members of the Libra Association, the governing council for Facebook's planned global cryptocurrency, the project's fate  looks increasingly uncertain.

PayPal, Visa, Mastercard, eBay, Stripe, Mercado Pago and Brooking Holdings have backed away from participation on the Libra Association; their hands were forced when  all members met Monday in Switzerland for formalize their commitment to the project.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Why we need Apple's HomeKit-enabled routers
How secure are the connected smart devices you keep in your home? How much protection have you put in place, and have you even taken a minute to change your default router password?

Computer says no The truth is many smart home device users (and those running connected devices in smart offices, enterprises, manufacturing and beyond) may not yet have taken stock of their security.

This is a particular problem when it comes to older smart devices, many of which are still in use even though a large number of them shipped with weak or non-replaceable factory default passcodes.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Microsoft's Windows, Office 365 advice for secure elections
Microsoft has issued guidance and offered resources to help election officials and candidate campaigns to better protect their Windows and Office 365 systems.

Computer World Security News
Oct 15, 2019

9 ways to use Windows 7 (safely) when support ends
With support ending in January, our Windows 7 Survival Guide for 2020 offers ways to protect your older machines that can't or won't be upgraded.

Computer World Security News
Oct 10, 2019

A Chrome security setting you shouldn't overlook
We spend tons o' time talking about Android security settings — like the added Android 10 option to limit how and when apps are able to access your location. Often lost in the shuffle, though, is the fact that the Chrome desktop browser has some significant security options of its own, and they're just as critical to consider.

In fact, Chrome has an easily overlooked setting that's somewhat similar to that new location control feature in Android. It's attached to every Chrome extension you install, as of not that long ago, and it lets you decide exactly when an extension should be able to see what you're doing on the web and be made privy to all the details (yes, even those details) of your browsing activity.

To read this article in full, please click here



Computer World Security News
Oct 08, 2019

Top enterprise VPN vulnerabilities
Don't assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

Computer World Security News
Oct 04, 2019

IoT dangers demand a dedicated group
The internet of things (IoT) brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars.

Internal problem No. 1: Departments that typically have little to no interactions with IT are now directly ordering corporate IoT devices. Maybe you've got Facilities purchasing IoT door locks or Maintenance buying a ton of IoT light bulbs. Given that those departments have been purchasing door locks and light bulbs for as long as anyone can remember and have never needed IT or security's signoff, this can be a problem.

Internal problem No. 2: In many ways, IoT devices (think of devices for tracking pallets on ships or for monitoring where every fleet car is and how fast it's been driven) are very different from anything else that IT or security has dealt with. The units are capturing data that has never been tracked before — Hello, Compliance. Go away, GDPR regulator — and in different ways, such as bypassing enterprise LANs and cloud networks and using internal antennas to directly communicate.

To read this article in full, please click here



Computer World Security News
Oct 04, 2019

Will 5G increase mobile security?
We love our smartphones, but there's a dark side. Their prevalence and users' tendencies to connect over public Wi-Fi make mobile devices a common target of bad guys. Analyst Jack Gold looks at how to mitigate the risk.

Computer World Security News
Oct 04, 2019

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day
You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn't go out through Windows Update, or through the Update Server. 

Sept. 24: Microsoft released "optional, non-security" cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn't bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they're "optional" and "Preview," which means most savvy individuals and companies won't install them until they've been tested.

To read this article in full, please click here



Computer World Security News
Oct 04, 2019

Google launches leaked-password checker, will bake it into Chrome in December
Google has launched a web-based hacked-password checker, part of its efforts to bake an alert system into Chrome.

Called "Password Checker," the service examines the username-password combinations stored in Chrome's own password manager and reports back on those authentication pairings that have been exposed in publicly-known data breaches.

[ Further reading: Google's Chromium browser explained ] The web version can be found at passwords.google.com, the umbrella site for Chrome users who run the browser after logging in with their Google account, then use that to synchronize data - including passwords - between copies of Chrome on different devices.

To read this article in full, please click here



Computer World Security News
Oct 03, 2019

5 industries that will be disrupted by blockchain
Here are five major industries that will benefit from blockchain technology in the near future: financial services and banking, government, healthcare, energy, and transportation and logistics.

Computer World Security News
Oct 03, 2019

Throwback Thursday: Everybody gets an F
As the IT communications manager at this university, pilot fish is the person who sends out memos about IT policy to users. And he does just that when a phishing email starts circulating on campus.

Never send your user name and password to anyone via email, he warns them, and to give them an example of what to look out for, he pastes in the text of the phishing attempt.

Within minutes, his inbox is flooded with responses from students sending him their campus passwords, their Gmail passwords, their Yahoo passwords and more.

Sharky is looking for fish, not phish. Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here



Computer World Security News
Oct 02, 2019

Time to install Microsoft's mainstream September patches - and avoid the dregs
It's a smelter-weight slapdown. 

In one corner you have the Chicken Little contingent, which insists that September's IE zero-day patch must be important because Microsoft marked it as "Exploited: Yes" and memorialized it with an extremely odd patch on a Monday, followed in Keystone Kops fashion with a stumbling trail of follow-ons. 

To read this article in full, please click here



Computer World Security News
Oct 02, 2019

Post-retirement Windows 7 patches: Not just for the big dogs now
Microsoft on Tuesday changed its plans for selling Windows 7 post-retirement support, saying that it will offer patches-for-a-price to any business, no matter how small, that's willing to pay.

"Through January 2023, we will extend the availability of paid Windows 7 Extended Security Updates (ESU) to businesses of all sizes," Jared Spataro, an executive in the Microsoft 365 group, wrote in a post to a company blog.

[ Related: How to clean up your Windows 10 act ] Microsoft had announced the ESU program in September 2018. Since April, when the company started selling ESU, only customers with volume licensing deals for Windows 7 Enterprise or Windows 10 Professional have been eligible to purchase the support add-on.

To read this article in full, please click here



Computer World Security News
Oct 02, 2019

How to safely erase data under Windows
Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the "crypto-erase" method works.

Computer World Security News
Sep 30, 2019

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming
So you think Windows 10 patching is getting better? Not if this month's Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of "The Windows sky is falling!" right after the local weather. It wasn't. It isn't - no matter what you may have read or heard.

The fickle finger of zero-day fate Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an "Exploitability Assessment" consisting of:

To read this article in full, please click here



Computer World Security News
Sep 27, 2019

Cheers!
Pilot fish has a sweet deal with one of the owners of a local drinking establishment he frequents. The bar owner is in the habit of using the main office computer for what fish calls "nonstandard business activity." What does that mean? Suffice to say that that computer gets infected by viruses a couple of times a year. Bar owner would then call fish and ask for expedited service.

Fish stops by on his way home, grabs the tower, and disinfects the hard drive at home. He usually returns the system to the bar late that night or on his way to work the next morning.

Either way, the next time he stops by for an adult beverage, he receives a gift card that usually covers several rounds.

To read this article in full, please click here



Computer World Security News
Sep 25, 2019

What do we know about the big, scary, exploited, emergency-patched IE security hole CVE-2019-1367?
Microsoft set the patching world on its ear on Monday when it released an "out of band" patch to fix a vulnerability known as CVE-2019-1367. Susan Bradley raised the alarm immediately. I chimed in a few hours later with more details.

To read this article in full, please click here



Computer World Security News
Sep 25, 2019

Apple just made Safari a better fit for the enterprise
Enterprise users can now wrap a new layer of security around their web services, thanks to Apple's introduction of support for USB security keys in Safari 13.0.1.

Enterprise class security Dongles aren't a terribly convenient security protection for most people, but government, military and regulated industries are always searching out new ways to secure themselves, and their data.

FIDO2-compliant USB security keys - such as those made by Yubico - add a layer of security to the verification process:

To read this article in full, please click here



Computer World Security News
Sep 25, 2019

How to move users to the Outlook app with Intune
Microsoft is turning off basic authentication, so it's wise to move mobile users to the Outlook app to better protect them from attackers.

Computer World Security News
Sep 24, 2019

Microsoft releases emergency IE patches inside 'optional, non-security' cumulative updates
I've seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed - the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

[ Related: How to clean up your Windows 10 act ] In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They're "optional non-security" and "Monthly Rollup preview" patches, so you won't get them unless you specifically go looking for them.

To read this article in full, please click here



Computer World Security News
Sep 24, 2019

Microsoft delivers emergency security update for antiquated IE
Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers.

The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google's Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic "zero-day," a vulnerability actively in use before a patch is in place.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] In the security bulletin that accompanied the release of the IE patch, Microsoft labeled the bug a remote code vulnerability, meaning that a hacker could, by exploiting the bug, introduce malicious code into the browser. Remote code vulnerabilities, also called remote code execution, or RCE, flaws, are among the most serious. That seriousness, as well as the fact that criminals are already leveraging the vulnerability, was reflected in Microsoft's decision to go "out of band," or off the usual patching cycle, to plug the hole.

To read this article in full, please click here



Computer World Security News
Sep 23, 2019

iOS 13: Apple's big BYOD improvements help enterprise pros
Apple may place much of its focus on Apple Arcade and consumer-friendly iPad/iPhone features, but there are numerous enterprise-focused enhancements wrapped up inside iOS 13.

The BYOD enterprise The company's latest operating systems introduce a host of productivity-enhancing upgrades, particularly for the iPad.

Yet the biggest improvements specifically for enterprise users aim to make a more robust division between personal and enterprise data for Bring Your Own Device (BYOD) deployments, solving one of the big challenges in the space.

To read this article in full, please click here



Computer World Security News
Sep 20, 2019

Now change these 4 new security settings in iOS 13
If you've (successfully) upgraded to iOS 13 or just got hold of an iPhone 11 device, here are the new security settings inside Apple's new operating system you need to learn and use.

Fight back against robocalls There were 26.3 billion robocalls in the U.S. in 2018. It's a a sickness.

You can stop the contagion thanks to a new in iOS 13 feature that directs incoming calls from unknown numbers (ie. Those you don't have in your Contacts book) to voicemail.

It's a useful feature that isn't enabled by default.

To read this article in full, please click here



Computer World Security News
Sep 20, 2019

Change these 4 new security settings in iOS 13 now
If you've (successfully) upgraded to iOS 13 or just got hold of a new iPhone 11 or 11 Pro, there are new security settings in Apple's latest operating system you need to learn and use. Here's what's important to understand.

Fight back against robocalls There were 26.3 billion robocalls in the U.S. in 2018. It's a a sickness.

You can stop the contagion thanks to a new in iOS 13 feature that directs incoming calls from unknown numbers (ie. those you don't have in your Contacts book) to voicemail. It's a useful feature that isn't enabled by default.

To read this article in full, please click here



Computer World Security News
Sep 19, 2019

Throwback Thursday: Ultimatum
It's 1977, and this pilot fish's company is moving to a new data center. "The old facility was in the basement of the headquarters building," says fish. "Access was via an ancient magnetic strip reader with no special capabilities. You either got in or you didn't.

The new facility has state-of-the-art card readers, supported by a small midrange system. It has lots of capabilities — which can be a bit of trouble when you have a security department that's paranoid about access to the facility.

And trouble does arrive, about a month after the move to the new building, when the security department programs the system to allow admission only during scheduled working hours.

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

Wayback Wednesday: When you said ‘gone for good,' I only heard ‘good'
User comes to this support pilot fish complaining that his PC is acting strangely.

"It turns out he had gotten his computer so jammed up with spyware and Trojans that it was basically nonfunctional," says fish. "We had to rebuild the computer from scratch." They were able to recover much of user's work and files, but some were irretrievably damaged — or just plain gone .

Fish explains what happened and points out the probable infection vectors. And he explains that they had recovered as much as they could, but some stuff was simply gone for good. There would be no way to get anything more.

"Two days later, he called to ask when I'm going to bring him the rest of his missing files."

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

Why France and Germany fear Facebook's cryptocurrency - and plan to block it
Facebook's plans to launch its own Libra cryptocurrency next year is getting resistance from France and Germany who have promised to block it and plan to create their own national cryptocurrencies.

Last week, the two nations said Libra could threaten the Euro's value and unlawfully privatize money. Last year, the Reserve Bank of India (RBI), the country's central bank, announced a ban on the use of cryptocurrencies by any regulated financial entity because of risks associated with it.

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

How to monitor Windows to prevent credential theft attacks
Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here's how to spot it.

Computer World Security News
Sep 17, 2019

Mozilla first reveals, then conceals, paid support plan for Firefox
Mozilla earlier this month quietly outlined paid support for enterprise users of Firefox, but last week scrubbed the reference from its website, saying that it is "still exploring that option."

The offering - labeled "Mozilla Enterprise Client Support" - was to start at $10 per "supported installation," which likely referred to per-device, not per-user, pricing. It's unclear whether that was an annual or monthly fee, and Mozilla declined to say which it was when asked.

In return for the fee, Mozilla said on the now-absent Firefox enterprise site - still visible through the Internet Archive's Wayback Machine - customers would be able to privately report bugs via a new web portal and receive fixes on a timeline dependent on the impact and urgency of the problem. Customers would also be able to file requests for help with Firefox's installation and deployment, management policies, functionality and customization.

To read this article in full, please click here



Computer World Security News
Sep 17, 2019

All about U.S. tech antitrust investigations | TECH(feed)
Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering the practices these companies engage in to eliminate competition. In this episode of TECH(feed), Juliet discusses the House investigation into big tech and how Congress plans to investigate potential wrongdoing by these companies.

Computer World Security News
Sep 16, 2019

Now let me guess your password
This pilot fish IT guy gets a call from an irate client one day complaining (incorrectly) that we had changed his administrative password on his Windows 2000 server without his knowledge.

"As I walked him through the logon process, I asked if the username in the login prompt was ‘Administrator,' says fish. "His reply: "Oh, do I need to change that?"

Feed the Shark! Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Mozilla previews Firefox VPN, will charge for service at some point
Mozilla this week resurrected its Test Pilot preview program, offering Firefox users a free VPN-like service to encrypt browser-to-site-and-back transmissions over public networks.

"The Firefox Private Network is an extension which provides a secure, encrypted path to the web to protect your connection and your personal information anywhere and everywhere you use your Firefox browser," wrote Marissa Wood, vice president of product, in a post to the Mozilla blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] The free service is available immediately, but only to U.S.-based users running the desktop version of Firefox. A Firefox account - typically used for syncing copies of the browser on multiple devices - and an accompanying add-on are required.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Heads up: Microsoft is back to snooping with this month's Win7 and 8.1 'security-only' patches
Two months ago, the July Win7 security-only patch was found to install telemetry software, triggered by newly installed scheduled tasks called ProgramDataUpdater, Microsoft Compatibility Appraiser, and AitAgent. As best I can tell, Microsoft never admitted that its security-only patch dropped a telemetry component.

The August security-only update didn't include that bit of snooping, so it looked like the July snooping was a one-off aberration.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Throwback Thursday: Let's get an expert opinion
Card-reader door locks are installed at this pilot fish's company, and she's tasked with setting up the software, configuring the locks and assigning employee access and times.

A VP gives her a handwritten sheet of paper with the employee door access and times, reports fish. Then he promptly takes a one-week vacation.

"The day the system goes live, the employees are standing in front of me yelling because their cards won't let them in the door they want to use. They now have to use the main door instead.

"The VP comes along hearing all the complaints, then starts yelling at me that this is not the way it should be set up.

"I pull out his handwritten instructions. He looks at it and says, ‘That's not my handwriting!'"

To read this article in full, please click here



Computer World Security News
Sep 11, 2019

Windows 10 1909: What's in it for enterprises?
This fall's update for Windows 10 may not include a raft of new features, but it does offer something even more important to enterprise IT: extended support that should make future upgrades easier to manage.

Computer World Security News
Sep 11, 2019

Lemonade is changing the way we insure our homes
Your home can be broken into or destroyed by a natural disaster when you least expect it. When that happens, how will you get back on your feet? Ideally, you would've been paying homeowner's or renter's insurance to cover your losses. Unfortunately, it can take weeks or even months to receive your money after filing a claim. 

Lemonade is here to save the day in less than a day. With rates starting as low as $5/mo for renter's insurance and $25/mo for homeowner's insurance, you can rest assured that your property claims can be approved and reimbursed within seconds. 

To read this article in full, please click here



Computer World Security News
Sep 11, 2019

How to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.

Computer World Security News
Sep 10, 2019

How to take full advantage of Android 10's privacy-reclaiming powers
Well, gang, it's here. In case you've been hibernating over the past week (or maybe just, ahem, on an unfortunately timed week off), Google brought Android 10 into this wacky ol' world of ours this past Tuesday.

There's really only so much to say about the Android 10 basics at this point — because, quite frankly, it's the same software we've seen evolving in plain view over the past several months.

Yes, Android 10 has new gestures for getting around your phone. Yes, it has a new system-wide switch for making the entire operating system dark. And yes, it has a nifty new Focus Mode for limiting distractions on an app-by-app basis.

To read this article in full, please click here



Computer World Security News
Sep 06, 2019

Heads up: A free, working exploit for BlueKeep just hit
There's been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it's a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine - if you have Remote Dekstop turned on, it's accessible directly from the internet, and you haven't installed the May patches.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] Two weeks ago, Susan Bradley posted a CSO article that details ways admins can  avoid using RDP. I've seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.

To read this article in full, please click here



Computer World Security News
Sep 06, 2019

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)
The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Kolokov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Computer World Security News
Sep 06, 2019

Time to install the August Windows patches — but watch out for the bugs
August brought loads of drama to the Windows and Office patching scene. Microsoft's first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection. 

Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced "wormable" malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.

To read this article in full, please click here



Computer World Security News
Sep 05, 2019

FTC fines YouTube, but do fines really encourage change? | TECH(feed)
The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Computer World Security News
Sep 05, 2019

Why Apple's little ‘Find My' Tile competitor is big news
Apple is expected to introduce its own Tile-competing tracking device(s), perhaps as soon as fall. So, what are the advantages of the device, what can we expect, and what happens next?

Freedom from networks There are hundreds of tracking devices available today. These cost anything from tens to hundreds of dollars and in most cases require you sign-up to a network provider for SIM card-based network access.

To read this article in full, please click here



Computer World Security News
Sep 04, 2019

How to disable basic or legacy authentication to set up MFA in Office 365
Microsoft recommends setting up multi-factor authentication in Windows 10 for better security, but you have to disable basic or legacy authentication first.

Computer World Security News
Aug 30, 2019

Microsoft Patch Alert: Full of sound and fury, signifying nothing
What happens when Microsoft releases eight - count ‘em, eight - concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive "invalid procedure call error" messages when using apps that had been working for decades.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Hadera Hashgraph launches mainnet, hopes to compete with global business networks
Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ] "There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hadera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Hedera Hashgraph launches mainnet, hopes to compete with global business networks
Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ] "There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hedera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Throwback Thursday: Timing is everything
It's many years ago, and this pilot fish regularly travels to company offices around the country, dealing with IT-related problems and running user training sessions.

The big current project is implementing internet filtering after complaints that some workers are viewing inappropriate websites. So fish has to head to a meeting with many directors and managers to demonstrate.

Upon arriving at the meeting site, fish sets up a laptop and projector and connects it to the internal network. Then he tests to make sure the filtering is working, calling up a blocked site that, if it does display, only shows a silhouette of a bunny with a bow tie.

But not to worry: The site is blocked, so everything is ready.

To read this article in full, please click here



Computer World Security News
Aug 28, 2019

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV
If you're using Symantec Endpoint Protection or any Norton Antivirus product on a Windows 7 or Server 2008 R2 machine, you didn't get the August patches. Shortly after the August Monthly Rollup and Security-only patches were released, Microsoft put a freeze on systems running Symantec or Norton antivirus products.

The conflict stemmed from a long-anticipated change in the way Microsoft signed the August patches: Starting in August, all patches are signed using the SHA-2 encryption method. Somehow, Symantec didn't get the message back in November that the shift was underway, and missed the deadline.

To read this article in full, please click here



Computer World Security News
Aug 28, 2019

What is phishing? Learn how this attack works
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.

Computer World Security News
Aug 26, 2019

Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers
Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.

"Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit," Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.

Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.

To read this article in full, please click here



Computer World Security News
Aug 22, 2019

Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker's ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Computer World Security News
Aug 22, 2019

Throwback Thursday: Eyes only
Programmer pilot fish goes online to a message board for a development system that's used for one of his company's applications.

But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company's access policy.

He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.

But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.

Sputters baffled fish, "It actually blocked the policy!"

To read this article in full, please click here



Computer World Security News
Aug 21, 2019

How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it's time to stop using it. Here's how.

Computer World Security News
Aug 20, 2019

Safari to ape Firefox, go all-in on anti-tracking
The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] "We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques."

To read this article in full, please click here



Computer World Security News
Aug 19, 2019

Installing Windows 7 from a backup? You need a BitLocker patch right away
No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

[ Related: Windows 7 to Windows 10 migration guide ] A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
August is going to be a perilous patching month.

We're tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month's version of Outlook 365, confusion about Win7 patches being branded as "IA64 only," dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even

Computer World Security News
Aug 15, 2019

3 Google privacy tips for Mac and iOS users
Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there's no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do) Do you use Gmail? Did you one use Google ? Perhaps you employ Google Drive, Google Docs or any of the company's other products. If so, you have a Google account.

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Chrome, Firefox to expunge Extended Validation cert signals
Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

[ Further reading: 10 must-have Safari extensions ] The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here



Computer World Security News
Aug 12, 2019

Why blockchain-based voting could threaten democracy
Public tests of blockchain-based mobile voting are growing.

Even as there's been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through "wholesale fraud" or "manipulation tactics."

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

Apple announces a new iPhone (and you can't have it)
Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers - along with huge bounties to anyone informing the company of a new OS vulnerability.

Probably the world's most exclusive iPhone Ivan Krstic, Apple's head of security engineering provided big insights into Apple's platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

The best privacy and security apps for Android
Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android features are more than enough to keep most devices safe.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Many VPN apps on Apple's App store can't be trusted, researcher warns
I'm told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service? The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies. Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls "serious privacy flaws",including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy. Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps "in breach of the rules", he said. Many are sharing data with third parties, he claims. That last allegation is particularly concerning.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.
One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That's far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that's often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business
Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka "Windows 10 May 2019 Update," which debuted in late May, organizations no longer are required to set the "diagnostic data level" for their devices to "Basic" or higher.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed "telemetry," the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.

Computer World Security News
Aug 06, 2019

Slack beefs up mobile security controls for Enterprise Grid
Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack's biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here



Computer World Security News
Aug 06, 2019

Train to become an ethical hacker for only $39
There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there's no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you're interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

It's time to install most of July's Windows and Office patches
With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered "optional"). Visual Studio had some hiccups, but they're fixed now.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

Apple suspends Siri snooping (and promises more control for the rest of us)
Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.

When it comes to privacy, Siri listens At issue was quality control.

A small number of conversational snippets were shared with third party human contractors for quality control purposes.

To read this article in full, please click here



Computer World Security News
Aug 01, 2019

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.

Computer World Security News
Jul 31, 2019

The latest large-scale data breach: Capital One | TECH(feed)
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Computer World Security News
Jul 31, 2019

How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

Computer World Security News
Jul 30, 2019

Microsoft Patch Alert: Welcome to the Upside Down
This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions... and we still can't figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we've seen the second "optional" monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio's transgressions. There's a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as "Group B" three years ago — have reached the end of the road. The July 2019 Win7 "Security-only" patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here



Computer World Security News
Jul 29, 2019

Apple's shock Siri surveillance demands a swift response
News that Siri records snippets of our conversations with the voice assistant isn't new, but claims that those short recordings are listened to by human agents is- particularly in light of the company's big push on privacy.

These are bad optics I'm a passionate believer in the importance of privacy.

It isn't only important in terms of preserving hard-won liberties and protecting public discourse, it's also of growing importance across every part of human existence, for every school, medical facility or enterprise. History shows that the absence of privacy has a corrosive effect on society, turning family members against each other and dampening innovation.

To read this article in full, please click here



Computer World Security News
Jul 26, 2019

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Jul 26, 2019

Mozilla blames 'interlocking complex systems' and confusion for Firefox's May add-on outage
Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.

The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted - that they were potentially malicious - and disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here



Computer World Security News
Jul 25, 2019

Researchers to launch intentionally ‘vulnerable' blockchain at Black Hat
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm  Kudelski Security next week plans to launch the industry's first "purposefully vulnerable" blockchain - and will demo it at next month's Black Hat conference.

Kudelski Security's FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.

[ Read the Download: Beginner's guide to blockchain special report ] The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it's modular - allowing users to hack and add new challenges to promote continuous learning.

To read this article in full, please click here



Computer World Security News
Jul 25, 2019

5 smart questions that'll smother most Android security scares
I haven't looked at today's tech news too closely just yet, but I have a sneaking suspicion some evil-sounding virtual gremlin or other is probably on the brink of invading my smartphone, stealing my secrets, and setting me up for a lifetime of dread and despair.

He might even be covertly eating all the salty snacks from my kitchen this very second. ALL THE SALTY SNACKS, DAMN IT!

I don't have to scan the headlines too closely to know there's a decent chance of all of this happening — because all of this happens practically every other week here in the Android world. A solid few to several times a month, it seems, some hilariously named and made-to-seem-scary new piece of malware (ViperRat! Desert Scorpion! Ooga-Booga-Meanie-Monster!) is making its way onto our phones and into our lives. Or so we're told, rather convincingly and repeatedly. (All right, so I may have made Ooga-Booga-Meanie-Monster up just now, but c'mon: It's probably only a matter of time til we see something using that name.)

To read this article in full, please click here



Computer World Security News
Jul 24, 2019

How to set up Azure AD to spot risky users
You have several options to set up alerts in Azure Active Directory to help spot risky user behavior.

Computer World Security News
Jul 23, 2019

Utah County to pilot blockchain-based mobile voting
Utah County is the latest government entity to pilot a mobile voting application based on blockchain to allow military absentee voters and their family members living overseas to vote in an upcoming municipal primary election.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies on a national effort to expand mobile voting. The pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here



Computer World Security News
Jul 23, 2019

9 steps to lock down corporate browsers
Everyone in the enterprise loves the web browser when it's delivering news, email, documentation, and sales leads. With the shift to web apps, it's arguably the most important installed software on any corporate desktop. But the internet is filled with people who aren't nice — sometimes even dangerous — and the same browser can also bring viruses, rootkits, and worse. Even if the browser sits on a little-used desktop in a dusty corner with no access to sensitive information, an attacker can use the seemingly unimportant machine as a stepping stone.

Keeping your users' browsers secure is essential. The browser companies work hard to block the attackers by sealing the back doors, side doors, and cracks in between, but that isn't always enough. Some useful features have dark sides, and enterprises can increase security dramatically by shutting down or tightly limiting access to these options.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 23, 2019

Mozilla to add password manager, hack alert to Firefox 70
Mozilla plans bake its Lockwise password manager into Firefox 70, the upgrade now set to launch Oct. 22.

At the same time, the browser will also be more tightly integrated with Firefox Monitor, which will provide warnings to users when their saved passwords have been revealed by a data hack.

[ Further reading: 14 must-have Firefox add-ons ] According to Firefox bug reports and project documentation, Lockwise will automatically record username-and-password pairs, generate complex passwords on demand, identify victimized accounts and instruct users to change any passwords that have leaked.

To read this article in full, please click here



Computer World Security News
Jul 22, 2019

Slack tweaks desktop app to be faster, more efficient
Slack has overhauled its desktop software, adding offline access and tweaking the software for faster load times.

Recent efforts to improve the desktop app were highlighted at Slack Frontiers last year and the coming update - which the company says will launch 33% faster than before - will be available to users "over the next few weeks."

[ Related: AR and VR bring a new twist to collaboration ] Calls made to team mates via the app should be a speedier too, up to 10 times quicker, Slack said. "That could mean the difference between showing up to a meeting on time or not," the company said in a blog post Monday. "These moments saved can quickly add up, giving you more time to focus on the tasks at hand."

To read this article in full, please click here



Computer World Security News
Jul 19, 2019

What is the dark web? And what will you find there?
The dark web may sound ominous, but it's really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.

Computer World Security News
Jul 18, 2019

How and why Apple users should switch to DuckDuckGo for search
Like liberty for all, privacy demands vigilance, and that's why Apple users who care about either are moving to DuckDuckGo for search.

Why use DuckDuckGo? Privacy is under attack.

It doesn't take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:

We've seen video conferencing solutions that surreptitiously install software on your Macs; A face changing photography app perhaps implicated in the assembly of a vast database of faces; Ahousehold name in smart speakers sharing your private conversations with people you don't know, including chatter you didn't know was recorded in the first place. And then there's Duck Duck Go.

To read this article in full, please click here



Computer World Security News
Jul 17, 2019

How to manage Microsoft Windows BitLocker
Use these techniques to inventory your network to determine which devices have BitLocker.

Computer World Security News
Jul 16, 2019

What the FTC's $5 billion fine really means for Facebook | TECH(feed)
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC's investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

Computer World Security News
Jul 15, 2019

How to take control of Face ID (with tools you may not know exist)
If you travel frequently and use an iPhone or iPad then you simply must familiarize yourself with these two tips - they'll make it much easier to secure your device and its contents when you are on the move.

In praise of Face ID I've become very used to using Face ID. It's seamless.

On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.

My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right - this isn't always as intuitive as I would like.

All the same, given Apple's claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person's face, I'll always opt for the highly secure choice.

To read this article in full, please click here



Computer World Security News
Jul 15, 2019

Memory-Lane Monday: Even worse than you thought
This government agency has cashiers' stations for handling transactions with the public, and the treasurer's office decides it needs new software to run those stations, according to a pilot fish in IT.

And there's going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID "Cash." They don't share the top-secret password, though; that's just for the cashiers to know.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

Zoom fixes webcam flaw for Macs, but security concerns linger
Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user's webcam. 

The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.

[ Related: 6 tips for scaling up team collaboration tools ] Zoom said it's seen "no indication" any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

How to set up Microsoft Cloud App Security
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

Computer World Security News
Jul 11, 2019

New Windows 7 'security-only' update installs telemetry/snooping, uh, feature
Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes - and we frankly don't know what else - rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing "security-only" patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

Microsoft delivers Defender ATP security service to Macs
Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

How Apple is improving iCloud this year
Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what's going on?

What we know so far Apple at WWDC made several announcements that will be reliant on iCloud - these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.

Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.

This may also be Apple's way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.

To read this article in full, please click here



Computer World Security News
Jul 08, 2019

The top 8 problems with blockchain
While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 04, 2019

Throwback Thursday: Spoilsport
This IT security pilot fish knows something about audits — and knows what he expects of auditors.

"I have more than 15 years of audit experience in IT," fish says. "I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards."

Then the internal audit director decides to perform an audit of fish's group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Message to IT: Trusting Apple and Google for mobile app security is career suicide
Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets
How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June's one of the buggiest patching months in recent memory - lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets - all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It's a congenital defect in the patching regimen - bugs introduced by security patches get fixed by non-security "optional" patches, while waiting for the next month's cumulative updates to roll around.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC