NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Jan 11, 2019

Exploring the economic realities of cybersecurity insurance | Salted Hash Ep 43
Guest host Juliet Beauchamp talks with senior writer J.M. Porup about the newly created cybersecurity insurance industry, and how a policy could fit into an organization's overall security strategy to help minimize risk.

Computer World Security News
Jan 10, 2019

How to create and open compressed files on iPhone, iPad
Many enterprises rely on zip files to exchange data, particularly confidential data - compression helps keep information safe, even against inquisitive ads trackers lurking inside "free" email or online storage services. How do you handle these things on iPad or iPhone?

How to handle zip files on iPhone While it isn't especially obvious, iOS provides some limited features that let you archive and decompress zip files. You can even create a nice little Shortcut to do this for you:

Open Shortcuts, Tap Create Shortcut In the search bar, type Extract Archive: That shortcut should appear in the list below, tap it to add it to your workflow. Returning to the search bar, type Save File. When it appears tap it to add it to the workflow you are building. Tap the switch button at top right of the shortcut name In the next pane you can name the shortcut and give it an icon. The most important change you should make is to enable Show in Share Sheet (flick to green). You can create a second Shortcut to make archives. Just tupe Make Archive to find the relevant flow and then add Save File and Show in Share Sheet as decribed above. Don't forget to give it a name, such as Make Archive. Shortcuts can work with multiple compression formats, including .tar, .zip and .iso. How to use it:

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Enterprise iPhones will soon be able to use security dongles
Enterprise security professionals will be pleased to learn that it will soon be possible to enhance the already considerable device security of Apple's iPhones with hardware-based physical authentication dongles using the Lightning port.

A highly secure proposition Announced at CES 2019, the key fits on a keyring and comes from the authorization experts at Yubico. The hardware connects to iOS systems using the Lightning connection and is also equipped with USB-C for Macs. This is quite a big deal.

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Details, details
It's a few years after Y2K when the IT security team at this university gets a rude awakening, reports a pilot fish in the know.

"They discovered that persons unknown had hacked into a university server," fish says. "It was being used to launch denial-of-service attacks against a victim somewhere outside the university."

The team's first job is finding the server -- which turns out to be in the alumni office -- and taking it offline.

Then they start digging into the security logs. That's when they find out that the attackers have been making use of the server for more than a year.

And once they start checking on the IP addresses of whoever it is that has accessed the server, they discover it's not just one or two hackers. It seems people from all over the world have been using this server to launch attacks.

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Mingis on Tech: As blockchain hype cools, a 'trough of disillusionment' for 2019?
Ok, so maybe blockchain isn't ready yet to become the biggest new technology since the internet.

But the distributed ledger technology clearly made strides in 2018, when it was embraced by companies from Walmart to shipping bigwig Maersk to top tech venders like IBM, SAP, Oracle and Microsoft who see potential in blockchain-as-a-service. (Walmart's vice president in charge of food safety, Frank Yiannas, compared his embrace of blockchain to a "religious conversaion.")

To read this article in full, please click here



Computer World Security News
Jan 07, 2019

In 2019, look for AI-enabled mobile devices - and a UEM push
This year, artificial intelligence will continue its push into mobile hardware and enterprise communication devices, challenging IT shops' enterprise mobility management (EMM) capabilities while at the same time offering potential security benefits.To read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 07, 2019

Top 4 enterprise tech trends to watch in 2019
If 2018 was the year of the data breach, the thinking among IT pros is that this will be the year companies take concrete steps to prevent future breaches.

That was the sentiment among tech professionals who took part in a recent @IDGTechTalk Twitter chat about enterprise tech trends for 2019.

In fact, a recent @IDGTechTalk poll found privacy and security to be the top enterprise tech issue for 2019 (45 percent), followed by artificial intelligence (30 percent), cloud computing (16 percent), and blockchain (9 percent).

To read this article in full, please click here



Computer World Security News
Jan 04, 2019

Apple wants to stop you from using dangerous USB-C devices
Apple wants to make it harder for its customers to use cheap USB-C cables — and it's for your own good.

The risks of USB-C cables Cables are complicated, and that's why friends don't let friends connect cut-price or otherwise unverified USB-C cables to their systems — and soon, you won't be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

To read this article in full, please click here



Computer World Security News
Jan 04, 2019

Apple wants to stop you using dangerous USB-C devices
Apple wants to make it harder for its customers to use cheap USB-C cables - and it's for your own good.

These are the risks of USB-C cables

Cables are complicated and that's why friends don't let friends connect cut-price or otherwise unverified USB-C cables to their systems -and soon, you won't be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

To read this article in full, please click here



Computer World Security News
Jan 03, 2019

New year, same old users
IT support pilot fish takes a call to help a user change a password on a webpage form -- and it reminds fish of just how much help-desk techs love password resets.

"I spent 25 minutes talking to him," fish groans. "There were only two buttons to press, Submit and Reset.

"You'd think that after pressing Reset three times and having it erase the passwords he typed in, he would try Submit -- right?

"But no -- our customer tried a fourth and then a fifth time, until he got the idea to hit the other button.

"This person was by all accounts a functional, employed adult..."

Sharky needs a new year's worth of stories of users, management and IT gone off the rails. So send me your true tales of IT life at sharky@computerworld.com. You can also comment on today's tale at Sharky's Google community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here



Computer World Security News
Jan 02, 2019

If the CTO says it's OK, what could go wrong?
Medical rehab facility is facing a compliance deadline for HIPAA privacy regulations, and that could be a problem, says a cybersecurity pilot fish working there.

"The HIPAA regulations are strewn with potential issues," fish says. "When some aspect isn't followed and a patient's data privacy is compromised, the fines can be substantial."

And that's the headache fish faces because of his facility's use of Gmail. As the site's cybersecurity engineer, fish knows that ordinary Gmail isn't HIPAA compliant.

Fortunately, there's a fix -- one that involves additional paperwork and agreements, along with some added security verification. But that's still easier and less complex than moving everyone off Gmail.

To read this article in full, please click here



Computer World Security News
Dec 31, 2018

Q&A: Experian exec says biometrics won't save you from mobile hacks
If you think your new iPhone's Face ID facial recognition feature or your bank's fancy new fingerprint scanner will guarantee privacy and block hackers from accessing sensitive personal or financial data, think again.

In the coming year, cyberattacks will zero in on biometric hacking and expose vulnerabilities in touch ID sensors, facial recognition technology and passcodes, according to a new report from credit reporting agency Experian Plc. While biometric data is considered the most secure method of authentication, it can be stolen or altered, and sensors can be manipulated, spoofed or suffer deterioration with too much use.

Even so, as much as 63% of enterprises have implemented or plan to roll out  biometric authentication systems to augment or replace less-secure passwords, Experian said in its report. The push toward biometric systems dates back to the turn of the century in the financial services industry.

To read this article in full, please click here



Computer World Security News
Dec 27, 2018

Tech luminaries we lost in 2018
Remembering our industry's innovators In Memoriam 2018 Tech luminaries we lost this year [slideshow cover]" data-license="Getty Images"/Image by FreedomMaster / Getty Images

They were the founders of such household names as Atari and Microsoft. They built the hardware and software that powers the Internet. They used computers to give voice to the young and the disabled. And they rarely did so in the spotlight. Whether they ever achieved fame or fortune, these 13 women and men deserve a place in the history books for their lives, accomplishments, and contributions to science and information technology around the world.

To read this article in full, please click here



Computer World Security News
Dec 26, 2018

The top 10 stories of 2018: Blockchain rises, open source reigns, trust wanes
2018: The year in reviewImage by Rob Schultz, Stephen Lawson, Pete Linforth, Natascha Eibl, NegativeSpace.co, modified by IDG Comm

To read this article in full, please click here



Computer World Security News
Dec 21, 2018

Microsoft Patch Alert: Mystery patches for IE and Outlook 2013 leave many questions, few answers
Just when you're ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn't pass the smell test.

Mysterious bug fix for IE Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809- KB 4483235 - build 17763.195

To read this article in full, please click here



Computer World Security News
Dec 19, 2018

Microsoft delivers emergency patch for under-attack IE
Microsoft rarely mentions Internet Explorer (IE) anymore, but when it does, it usually means bad news.

So it was Wednesday, when Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] According to Microsoft, attackers are already exploiting the vulnerability, making it a classic "zero-day" bug. Because of that, the company released a fix before the next round of security updates scheduled for Jan. 8.

To read this article in full, please click here



Computer World Security News
Dec 14, 2018

How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.To read this article in full, please click here

(Insider Story)

Computer World Security News
Dec 12, 2018

Android security audit: An easy-to-follow annual checklist
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.

As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)

To read this article in full, please click here



Computer World Security News
Dec 12, 2018

Google Smart Lock: The complete guide
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

And that's to say nothing of the number of times you type your password into your laptop or enter your credentials into an app or website during the day. Security's important, but goodness gracious, it can be a real hassle.

To read this article in full, please click here



Computer World Security News
Dec 11, 2018

And that was actually the CLEAN version!
It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there.

"It was part of an email security product," fish says. "The filter could identify emails containing language that was not considered business appropriate.

"We'd had HR incidents involving inappropriate language in the past, especially from field hands emailing to office staff -- it gave a new meaning to 'crude oil workers' -- so it was decided we should enable the feature with its default settings and give it a run.

"Only a few hours later we received an alert that a message had been identified with inappropriate language.

To read this article in full, please click here



Computer World Security News
Dec 10, 2018

Innovative anti-phishing app comes to iPhones
We're always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated, but what if our email app warned us before we clicked malicious links?

Can this app offer you protection? MetaCert isn't fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defence against clicking on malicious links received in email messages.

The solution emerged from the developer's earlier work building an API to help app developers add a layer of security to WebView.

To read this article in full, please click here



Computer World Security News
Dec 10, 2018

Forbidden names, revisited
Flashback a few decades to the glory days of online service CompuServe, when anyone could get an account -- but not everyone could use their real names, according to a pilot fish in the know.

"You logged in with your account number, but to join a forum -- a chatroom focused on a specific topic -- you had to give a real name," fish says. "The name on your billing record was the default.

"Of course there were fraudsters who used an official-sounding name to phish people for personal info and credit card data. So users were not allowed to have words like 'billing' as any part of their in-forum real name. This could only be overridden by the forum sysop. I was one.

To read this article in full, please click here



Computer World Security News
Dec 06, 2018

5 handy Google Fi features you shouldn't forget
Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi this fall, but its core proposition remains the same: Pay only for the data you use, and avoid all the traditional carrier gotchas and nonsense.

For the right kind of person, especially among those of us on Android, Fi can be a real cost- and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.

To read this article in full, please click here



Computer World Security News
Dec 06, 2018

Will Apple's iPhone replace your password?
Imagine using Face ID on your iPhone alongside a password and Touch ID on your computer in order to access highly secure websites, such as online banks, enterprise intranets and confidential online data services.

That's a possibility as Apple begins testing a new security standard called WebAuthn.

What is WebAuthn? Apple has begun beta-testing support for the standard in Safari Technology Preview Release 71, thought it does warn this support is an "experimental feature", so it may go no further than that.

To read this article in full, please click here



Computer World Security News
Dec 05, 2018

Blockchain: What's it good for? Absolutely nothing, report finds
In a joint report for the Monitoring, Evaluation, Research and Learning (MERL) Technology conference this fall, researchers who studied 43 blockchain use cases came to the conclusion that all underdelivered on claims.

And, when they reached out to several blockchain providers about project results, the silence was deafening. "Not one was willing to share data," the researchers said in their blog post.

To read this article in full, please click here



Computer World Security News
Nov 30, 2018

Amazon launches patient data-mining service to assist docs
Amazon this week announced its latest data analytics product, one aimed at scouring unstructured data within electronic medical records (EMRs) to offer up insights that physicians can use to better treat patients.

Amazon's new Comprehend Medical AWS cloud service is a natural-language processing engine that purports to be able to read physician notes, patient prescriptions, audio interview transcripts, and pathology and radiology reports - and use machine learning algorithms to spit out relevant medical information to healthcare providers.

[ Further reading: A.I. and speech advances bring virtual assistants to work ] Amazon's Comprehend Medical software service is one of 13 new machine learning software products the company announced on Tuesday.

To read this article in full, please click here



Computer World Security News
Nov 29, 2018

Microsoft Patch Alert: After months of bad news, November's patching seems positively serene
By far the most important reason for this month's relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.

[ Related: Windows 7 to Windows 10 migration guide ] What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes - including two buggy patches that have been pulled and one that's been fixed - the usual array of Flash excuses and Preview patches.

To read this article in full, please click here



Computer World Security News
Nov 27, 2018

Microsoft's multi-factor authentication service flakes out - again
Just one day after Microsoft came clean with an explanation of a Nov. 19 outage that blocked users of Office 365 from logging into their accounts using Multi-Factor Authentication (MFA), today the service again went on the fritz.

"Starting at 14:25 UTC on 27 Nov 2018, customers using Multi-Factor Authentication (MFA) may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when MFA is required by policy," read the Azure status dashboard. Two and a half hours later, the dashboard reported that after resolving a problem with an earlier DNS (Domain Name Service) issue, engineers rebooted the services. "They observed a decrease in the failure rate after the reboot cycles," the dashboard concluded.

To read this article in full, please click here



Computer World Security News
Nov 26, 2018

Windows Hello for Business: Next-gen authentication for Windows shops
Authentication: the act of proving one's identity to the satisfaction of some central authority. To most, this process means typing in a username and a password. It's been this way for years and years.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 26, 2018

What is Windows Hello? Microsoft's biometrics security system explained
Windows Hello is a biometrics-based technology that enables Windows 10 users to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

"Windows Hello solves a few problems: security and inconvenience," said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. "Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords."

To read this article in full, please click here



Computer World Security News
Nov 22, 2018

Gmail encryption: Everything you need to know
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business, for personal use, or a combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

10 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — starting with the core elements and moving from there into some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

ProtonMail launches standalone iOS app
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.

VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

ProtonMail launches standalone iOS VPN app
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.

VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

The big fix
Pilot fish at a federal agency gets a visit from a power user who can't get access to the data he needs -- and he's not at all happy.

"We used a very effective security product that could narrow down access to a specific user or dataset," says fish. "But you had to be careful to install any new rules in the right place, because once a rule was found it was applied, even if one with more relaxed access followed.

"As soon as I checked, I could see that I had misplaced the rule I had created for him.

"Now, normally if I made a mistake I'd admit to it and apologize. This particular day this fellow, an otherwise nice guy, was at it like a dog with a bone, demanding How did it happen? Who did this? over and over.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

What Apple's T2 security chip brings to the enterprise table
There's been a lot of discussion about Apple's T2 security chip, particularly the restrictions it places on repairs not sanctioned by Apple. The controversy centers on an Apple utility needed to make changes like swapping out the built-in SSD drives. The overall argument ties into the right-to-repair fight, allowing hardware owners to make changes to their own devices.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 19, 2018

Microsoft yanks two buggy Office patches but keeps pushing one that crashes
Two related Office 2010 non-security patches issued on Nov. 6 were pulled on Nov. 17. KB 4461522 and KB 2863821 are both related to changes coming in the Japanese calendar next month attributed to the abdication of Emperor Akihito in favor of his son, Naruhito. The event has been compared to the Y2K problem in the west. It's not clear why two patches were released on Nov. 6 to accommodate that calendar change, but both KB articles now sport the admonition:

To read this article in full, please click here



Computer World Security News
Nov 19, 2018

Download Malwarebytes Today and Protect Your Data for Free
Everyone lives on the internet, period. Whether you're streaming a standup special on Netflix, answering emails from your boss, chatting on Tinder, or completing everyday errands like paying bills online, you're likely spending most of your day tangled up in the world wide web.

Unfortunately, that makes you a high-risk candidate for a cyber attack at some point along the way, be it through malware, phishing, or hacking. Best-case scenario, it sucks up your time to fix (or your money by paying someone else to fix it). Worst case scenario, it puts you and your computer out of commission for days and damages your files beyond repair. Not to mention the sheer terror of knowing some hacker has complete and total access to virtually everything about you, including all of your banking and credit card information. Malwarebytes is a free program built to help you avoid the above scenarios altogether — and it makes traditional antivirus look old, tired, and played out (seriously it's free,

Computer World Security News
Nov 16, 2018

Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser's users when their email address and credentials may have been obtained by hackers.

Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone -- not only Firefox users -- can steer to the service website, enter an email address and be told if that address was among those involved in successful, publicly-known breach attacks. Next steps were up to the user, including the obvious of changing the password(s) connected to that email address and/or website(s).

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Notifications of the latest breaches were sent by Firefox Monitor to the user-submitted address. "Your email address will be scanned against those data breaches, and we'll let you know through a private email if you were involved," wrote Nick Nguyen, Mozilla's vice president of product strategy, in a Sept. 25 post to a company blog.

To read this article in full, please click here



Computer World Security News
Nov 16, 2018

Amid calls for a Windows bug status dashboard, Microsoft belatedly agrees to build one
A Windows expert this week urged Microsoft to put its money where its mouth is and produce a status dashboard or website that reports and tracks problems with the operating system.

Coincidentally or not, on Wednesday Microsoft said it would launch a "Windows update status dashboard," but did not name a timetable except for a broad "in the coming year."

[ Related: The best places to find Windows 10 ISOs ] "I can go to this page and see if something happening with Office 365 is just a me thing or if everyone else is seeing the same," said Susan Bradley in a Nov. 13 email reply to questions, referring to the Office 365 Admin Center. (Note: Only those with administrative credentials have access; it's not meant to provide information to end users.) "(But) if I want to find out if something is a known issue with Windows 10, I have to dig through - and monitor for changes - these pages," she continued, listing two separate support documents for one such known issue.

To read this article in full, please click here



Computer World Security News
Nov 14, 2018

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get Over 45 Hours Of Immersive Ethical Hacking Training For $25 (90% Off)
Your private data can reveal a lot about you, such as bank information, spending habits, and even the websites you frequent. This makes large companies like Facebook and Yahoo prime targets for data breaches because of their vast library of user data. Nowadays, it's more important than ever for companies to remain vigilant against hackers, lest their customers' privacy and trust be lost.

To defend against such threats, companies hire security professionals who know how to identify and exploit vulnerabilities in security systems. These "ethical hackers" employ the same methods malicious hackers do, but they also patch and report these vulnerabilities to their employers to prevent future intrusions. With data breaches on the rise, the demand for ethical hackers has increased, making this career path both stable and profitable. If you're interested in learning how to hack security systems (legally, of course) then this $39 Ethical Hacking A to Z Training Bundle is for you.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC.

Computer World Security News
Nov 13, 2018

FAQ: Windows 10 LTSB explained
Windows 10 powered to its third anniversary this year, but one branch, identified by the initials L-T-S-B, remained an enigma to most corporate users.

LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

[ Related: Fix Windows 10 problems with these free Microsoft tools ] That hasn't happened, in part because Microsoft has steered customers away from LTSB.

To read this article in full, please click here



Computer World Security News
Nov 07, 2018

BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).

To read this article in full, please click here



Computer World Security News
Nov 01, 2018

Why Apple's Siri is already an enterprise product
The usual suspects love to spend time claiming Siri lags other voice assistants in some ways, but they don't seem to understand that Apple's voice assistant is an enterprise product.

Why is Siri an enterprise product? This is what happens when you use a voice search tool: You activate the assistant, it listens to what you say, identifies that a request is being made and sends that request to the cloud to be resolved and responded to.

This all happens pretty quickly and after a short delay your response arrives, or an action takes place.

To read this article in full, please click here



Computer World Security News
Oct 30, 2018

Google Smart Lock on Chrome OS: 2 fast fixes and a power-user tip
Google's Smart Lock system for Chrome OS is one of those things that sounds spectacular on paper but then frequently falls flat in the real world.

You know about Smart Lock by now, right? It's something Google created to turn your Android phone into a contact-free key for your Chromebook: Anytime the phone is close to the computer, Chrome OS will automatically detect its presence — and as long as the phone is unlocked, the laptop will let you skip the usual password prompt and hop right in with just a quick click on the sign-on screen.

To read this article in full, please click here



Computer World Security News
Oct 26, 2018

Well, do you trust 'em or don't you?
Flashback a few decades to the days when this pilot fish is a supervisor in the call center for a big mail-order PC company.

"Our agents were privy to a customer's credit card information right in the call tracking system," says fish. "We trusted 600 agents with nearly unlimited access to this customer information without ever a single theft from our people."

But the call center manager decides the operation needs a way to approve replacement parts to be shipped to customers.

That leads to a new process: When a call-center agent is sending a simple part -- say, a new mouse or inexpensive sound card -- the agent types in his badge number, then must turn his head to get his supervisor's attention.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Apple appears to have blocked GrayKey iPhone hacking tool
Apple has apparently been able to permanently block de-encryption technology from a mysterious Atlanta-based company whose blackbox device was embraced by government agencies to bypass iPhone passcodes.

Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.

The blackbox technology purportedly worked, as Grayshift's technology was snapped up by regional law enforcement and won contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.

Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security tested the technology.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Win10 1803 big bug bash KB 4462933 joins earlier versions, a week late to the party
Back on Oct. 18, a "C Week" Thursday, Microsoft released hefty rounds of bug fixes for Win10 1607, 1703 and 1709. At the time, I wondered out loud why the latest (unyanked) version of Win10, version 1803, didn't get a similar dose. Now, on a "D Week" Wednesday, it looks like we've seen the deluge.

To read this article in full, please click here



Computer World Security News
Oct 24, 2018

Complete transcript, video of Apple CEO Tim Cook's EU privacy speech
Apple CEO, Tim Cook spoke up for privacy at a conference of European privacy commissioners in Brussels this morning. 

'AI must respect human values' The themes of this year's conference is "Debating Ethics: Dignity and Respect in Data Driven Life", Cook is the first tech CEO to serve as the keynote speaker for the conference and was invited to speak.

He talked about data, put in a bid for a bill of U.S. digital rights, slammed competitors for profiting while unleashing powerfully negative forces, and spoke up for a GDPR-style privacy protection in the U.S.

To read this article in full, please click here



Computer World Security News
Oct 22, 2018

Wonder if they'll ever tell HIM what's going on...
This IT pilot fish has been supporting a customer remotely through a VPN that's usually pretty solid -- but definitely not always.

"Every now and then it disconnected me randomly," says fish. "Then it continued disconnecting me repeatedly every 30 to 60 seconds.

"I went through the usual litany of rebooting, trying a different computer, trying a different network, etc. Every time I got the help desk involved, they pulled a bunch of different logs that basically just said 'disconnected' without any cause given.

"After several rounds of changes that miraculously fixed it, then suddenly stopped working again, the issue got escalated to a high-enough tier that an answer was forthcoming.

To read this article in full, please click here



Computer World Security News
Oct 19, 2018

Policies and paper trails -- our new best friends
This IT pilot fish works with lots of sensitive data -- and that means really sensitive, such as child abuse investigations.

"Until a few years ago, I had access to all that data, so I could write ad-hoc reports against it," says fish. "We 'systems' people were given access to everything, so we could troubleshoot application problems for the users.

"Then one day I was called into the CEO's office. He told me that according to the logs, I did a search against the Child Welfare data for a particular family on a date and time six months earlier -- and wanted to know why I did the search."

As best fish can recall, he was doing the search to troubleshoot a particular report that one caseworker was trying to run. To do that, he used his own workstation to duplicate the steps that the caseworker took to get to the error.

To read this article in full, please click here



Computer World Security News
Oct 18, 2018

How to use the Shodan search engine to secure an enterprise's internet presence
Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities. Senior writer J.M. Porup and content producer Juliet Beauchamp talk through the security scenarios.

Computer World Security News
Oct 17, 2018

Microsoft Patch Alert: October's been a nightmare
This month's bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked "Check for updates" and got all of the files in your Documents and Photos folders deleted. Even if you didn't become a "seeker" (didn't manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP ("Metro" Store) apps might have been kicked off the internet.

You didn't need to lift a finger.

[ Further reading: Windows 10 update (and retirement) calendar: Mark these dates ] Worst Windows 10 rollout ever Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked "Check for updates" wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20
The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

"In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Stats make iOS a hard OS to ignore
The latest version of Apple's mobile operating system — iOS 12 — was released just a few weeks ago, and yet it's already installed on 53% of relatively newer iPhones (introduced since September 2014) and 50% of all iPhones. Bottom line: It's the fastest acceptance of any Apple OS.

This is more than a minimally interesting statistic. It illustrates the key difference between Apple mobile devices and Android mobile devices: Although there are more Android users on the globe, Apple's users are much more of a community. That means many things from an Apple marketing perspective, but for IT, it means far greater security.

To read this article in full, please click here



Computer World Security News
Oct 15, 2018

Economist Nouriel Roubini: Blockchain and bitcoin are the world's biggest scams
New York University professor and global economist Nouriel Roubini testified before the U.S. Senate Committee on Banking last week, saying cryptocurrencies such as bitcoin are the mother of all scams and bubbles.

He followed that assertion up by calling blockchain, the technology unpinning bitcoin, "the most over-hyped — and least useful — technology in human history."

[ Further reading: What is FinTech (and how has it evolved)? ] Today, Roubini doubled down on his claims in a column published on CNBC.com in which he said blockchain has promised to cure the world's ills through decentralization but is "just a ruse to separate retail investors from their hard-earned real money."

To read this article in full, please click here



Computer World Security News
Oct 12, 2018

How secure are electronic voting machines? | Salted Hash Ep 48
With the midterm elections looming, electronic voting machines are getting increased scrutiny. J.M. Porup, senior writer at CSO, sits in the hosts chair this episode, breaking down the security risk with content producer Juliet Beauchamp.

Computer World Security News
Oct 12, 2018

Regulating the IoT: A conversation with Bruce Schneier | Salted Hash Ep 49
Security expert and author Bruce Schneier talks with senior writer J.M. Porup about that widespread use of connected chips -- allowing hackers to access cars, refrigerators, toys and soon, even more home consumer items.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, Chinese whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, spy chip whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

Computer World Security News
Oct 11, 2018

Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'
Data breaches have become so common, and so frequent, that when companies like Facebook or Google admit to data leaks or outright hacks, users fret, the companies pledge to do better, and government regulators (sometimes) issue stern warnings.

Lather. Rinse. Repeat.

In recent weeks, Facebook acknowledged a breach affecting 50 million users and Google had to fess up to a breach affecting Google Plus users after initially deciding to keep quiet.

To read this article in full, please click here



Computer World Security News
Oct 11, 2018

Mingis on Tech: Data breaches in a world of 'surveillance capitalism'
Facebook and Google recently acknowledged data breaches affecting millions of users. This won't be the last time that happens. CSO's J.M. Porup and Computerworld's Ken Mingis examine what's really going.

Computer World Security News
Oct 10, 2018

Why Apple must be looking into using blockchain
Everyone who can is looking into using Blockchain and Apple is no exception, though it will be a long time before we see any consumer-facing implementations of this.

Apple looks at lots of technologies If it's on the Gartner Hype Cycle you can bet a few bucks Apple is looking at it.

That's why I think it will eventually introduce a 3D printer that works in conjunction with ARKit (unverified prediction), and also why it must be thinking about how to use blockchain.

To read this article in full, please click here



Computer World Security News
Oct 10, 2018

What the heck is it with Windows updates?
To help make life better for you, my loyal readers, I suffer by running Windows 7 and 10 on two harmless — never hurt anyone in their lives — PCs. Well, I did. But, in the last week I ran into not one, but two, showstopper update bugs.

First, on Windows 10, I was one of those "lucky" people who had files vaporize when I "updated" to Windows 10 October 2018 Update (version 1809). Because I only use Windows for trivial tasks, I didn't lose anything valuable when the patch decided to erase everything in the My Documents folder.

[ Related: How to block the Windows 10 October 2018 Update, version 1809, from installing ] Somehow, I think most Windows users use Windows for more important work than I do. I hope you have current backups. At least Computerworld's Woody Leonhard has some good news: You can get those deleted files back.

To read this article in full, please click here



Computer World Security News
Oct 06, 2018

Spy chips on servers? Lessons learned (and questions to ask)
On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 05, 2018

Apple, Amazon server spy story is wake-up call to security pros
Apple and Amazon have strenuously deniedBloomberg's claims of a sophisticated hardware exploit against servers belonging to themselves and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it's claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer, Super Micro. That company's server products are/were also used by Amazon, the U.S. government and 30 other organizations. The chips were (it is alleged) put in place by employees bribed by Chinese government agents.

To read this article in full, please click here



Computer World Security News
Oct 05, 2018

Apple, Amazon server spy story is wake-up call to security pros (u)
Apple and Amazon have strenuously denied Bloomberg's claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it's claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company's server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here



Computer World Security News
Oct 05, 2018

Time to lock the security team in a hotel room?
IT security has laptops at this company really locked down, and that includes only limited admin rights, reports a road warrior pilot fish.

"On a recent trip, at my hotel I had to make an internet connection and open a web page to log into the hotel's internet service before I could get a connection to the real internet," fish says.

"Problem was, the work laptop was not going to let me use the browsers until I had established a VPN connection, which of course I could not do without the web page login.

"In a way, that was good -- I took some real vacation time.

"In another way, it was bad, I have big hands and fingers, so using an iPhone and those stupid virtual keyboards is a one-finger, error-prone task. An email that could take seconds to type on a full-size keyboard takes minutes on the phone.

To read this article in full, please click here



Computer World Security News
Oct 01, 2018

Open door policy
This server room is getting keycard access to make sure only those on the approved list are allowed to enter, reports a pilot fish on the scene.

"A card reader is installed on the outside of the door to get in," fish says. "But how to handle exiting the room? Someone has the bright idea that a system administrator inside the server room might have their hands full when they're trying to leave.

"So a motion sensor is installed on the inside, looking down on the doorway. That way, if someone walks up to the door from the inside, it will automatically unlock.

"But whoever created this system is a much more trusting soul than one of the sysadmins, who looks over the already installed system and sees the flaw.

To read this article in full, please click here



Computer World Security News
Sep 27, 2018

Easy-to-prevent Apple flaw may threaten enterprise security
An obscure flaw in Apple's Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing Duo Security researchers say they've figured out how to enrol a rogue device onto an enterprise's MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple's Device Enrolment Program (DEP), but not yet set-up on the company's MDM server, they said.

To read this article in full, please click here



Computer World Security News
Sep 27, 2018

Easy to prevent Apple flaw may threaten enterprise security
An obscure flaw in Apple's Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing Duo Security researchers say they've figured out how to enrol a rogue device onto an enterprise's MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple's Device Enrolment Program (DEP), but not yet set-up on the company's MDM server, they said.

To read this article in full, please click here



Computer World Security News
Sep 21, 2018

Apple's dropping Back To My Mac Remote Access. Here's an Alternative, Currently Discounted.
Apple is dropping the Back To My Mac remote access feature, and in a recent support document they urge you to be prepared by looking for alternatives.

RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.



Computer World Security News
Sep 21, 2018

Back to the ol' spam-fighting drawing board
Pilot fish returns from an extended holiday weekend to find his inbox full of spam -- and for once, dozens of the messages seem to be related.

"I was curious, so I didn't delete all 50 of them right away," says fish. "The first one was obviously spam -- a 'Hi, do you remember me, can we talk?' message with a phishing link.

"But the first reply was from an autoresponder at a legal-services company: Thank you for your email. You have reached the email inbox for... Please let us know if you have any questions."

The next message is from another autoresponder, replying not to the spam but to the first autoresponder: Thank you for contacting us. This is an automated response confirming the receipt of your ticket. Our team will get back to you as soon as possible.

To read this article in full, please click here



Computer World Security News
Sep 20, 2018

Microsoft Patch Alert: Despite weird timing, September's Windows and Office patches look good
As we near the end of patching's "C Week" (which is to say, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft's patches for Intel's Meltdown/Spectre bugs, you should be in good shape.

[ Related: Windows 10 October 2018 Update: Key enterprise features ] Why a Patch Monday? On Sept. 17, Microsoft released two very-out-of-band cumulative updates for Windows 10:

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

Why Windows 10 is the most secure Windows ever
Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features - namely Device Guard and Credential Guard - in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft's cloud-based forensic analysis tool.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

Easy way to bypass passcode lock screens on iPhones, iPads running iOS 12
Update for iOS 12 With iOS 12 and iPhones that have Touch ID, you can still bypass the iPhone lock screen and trick Siri into getting into a person's phone. The bypass is the same as it was in earlier versions of the operating system:

Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up. Say to Siri: Cellular data. Siri then opens the cellular data settings where you can turn off cellular data.

[ Further reading: How to use a strong passcode to better secure your iPhone ] As was the case before, anyone can do this. It doesn't have to be the person who "trained" Siri.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

9 iOS 12 security improvements you should know about
Apple has shipped iOS 12 and it's packed with new security improvements and settings every user needs to know about.

Ad tracking Apple has made it much harder for data harvesting companies to exfiltrate your data without you knowing.

Safari in iOS 11 blocked third-party cookies that tracked you across multiple websites and cookies older than 30-days in age.

iOS 12 also gives you the option to block social media sharing icons and comment boxes from tracking you. Apple has also made it much harder for fingerprinting technologies to track and identify you by gathering information about your device, such as capacity or installed apps.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

W. Va. to use blockchain-based mobile app for mid-term voting
West Virginia this fall will let members of the military and their families deployed overseas to vote by smartphone or tablet using a blockchain-based app developed by a Salt Lake City start-up, Voatz.

The voters using the app would otherwise have to submit paper absentee ballots via mail or vote over a land line telephone.

The move means the state will become the first in the U.S. to use blockchain in a voting system in a general election.

[ Further reading: What is blockchain? The most disruptive tech in decades ] After being elected in January 2017, West Virginia Secretary of State Mac Warner  tasked IT staff to investigate mobile voting options for 8,000 West Virginian military members overseas. Warner, a retired U.S. Army officer with four children who are also all current or former Army officers, cited his own inability to vote when deployed in Afghanistan as one reason for his efforts.

To read this article in full, please click here



Computer World Security News
Sep 17, 2018

SharePoint Workflows go belly-up when you install the September .Net Security Only patch
‘Softie Rodney Viana has posted details and a workaround for the "System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized" bug.

Apparently, installing last Tuesday's KB 4457916 Security Only updates for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 causes a hard stop with any SharePoint Workflows. (Workflows are set up by an admin to handle the flow of documents through a series of steps.)

To read this article in full, please click here



Computer World Security News
Sep 14, 2018

One small step forward, one giant leap back
This pilot fish is paying his monthly bills online when he discovers one of his utilities has changed the payment part of its website -- a lot.

"I clicked on the 'Payment' button, and saw that I now had the option of paying with or without logging in," says fish.

"OK, the no-login option could be handy, but I've been paying this bill online for years, so I clicked on the login option. It asked me for my user name and eight-digit PIN. What PIN? I have a long, secure password. I tried that. It didn't work."

And after several unsuccessful attempts, fish tries the no-login version -- which just takes him to the same screen asking his PIN.

To read this article in full, please click here



Computer World Security News
Sep 13, 2018

Throwback Thursday: Just one more thing to worry about
This pilot fish and his wife are planning a long-overdue vacation to an all-inclusive resort -- one of those places where you don't have to worry about things like meals or tipping.

"I log onto the resort's website in order to make some reservations ahead of our arrival," fish says, "and am presented with the standard registration page."

He enters his information on the page, which also asks "for security reasons" that he set up a password.

It's not until after he has clicked "OK" that fish looks at the icon in his web browser and realizes the page isn't encrypted. He does a quick browse of the source code for the page, and finds that there's no SSL anywhere securing the data he's just typed in.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Time to turn off Windows Automatic Update and brace for impact
August 2018 was a relatively innocuous patching month, although the final resolution to the August problems didn't appear until late Friday night just as the month was coming to a close — on a three-day weekend in the US.

We've seen the same pattern repeat itself almost every month since the beginning of the year: The first round of Microsoft security patches (notably including Win10 patches) introduce bugs, while subsequent rounds of patches each month squash most of them. If we're lucky.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Mac and iOS apps stealing user data -- an enterprise take
Reports claiming numerous apps distributed through Apple's App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data On the surface, the data being extracted is kind of … personal, such as location and browser histories. Information like that provides additional insight into what individual users are up to. Why should that concern an enterprise?

That's a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Mac and iOS apps stealing user data, an enterprise take
Reports claiming numerous apps distributed through Apple's App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data On the surface, the data being extracted is kind of… personal: Location, browser histories, information like this provides additional insight into what individual users are up to. Why should that concern an enterprise?

That's a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Why security is the first thing to go, episode 65,723
IT contractor has a project to upgrade some software for a client -- and the project is way behind schedule, says a pilot fish on the client side.

And why is that such a problem? "The existing product goes End-of-Life soon, at which time it will no longer be an approved product for us," fish explains.

"The contractor's people come in and pitch their schedule to upper management. In the briefing, they bring up the fact that the new product is not even approved to be on our highly secured network, and they have not even started on getting it approved.

"Essentially, if they have to get it approved, they can never get it deployed on time.

To read this article in full, please click here



Computer World Security News
Sep 06, 2018

Throwback Thursday: Well, trial and error IS a mechanism
New regulations go into effect requiring more physical and electronic security at this health insurance company, so the company hires a chief security officer to oversee the efforts, says a pilot fish there.

"I was involved in the original security implementation on most of the systems and offered to help, but the new CSO refused our input," fish says. "He put keycard access on the computer room and UPS room and confiscated any physical keys he could find.

"When asked what would happen if the keycard system went down, he responded that 'mechanisms are in place,'" fish recalls.

Soon, only three people have physical keys: the CSO, chief financial officer and facilities manager.

To read this article in full, please click here



Computer World Security News
Sep 05, 2018

Get caught up on your July and August Windows/Office patches
With the arrival of "Fourth Week" patches on the last working day of August, and having had a few days to vet them, it looks as if we're ready to release the cracklin' Kraken.

The steaming pile of Windows Intel microcode patches Microsoft continues to unleash microcode patches for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n =4). You won't get stung by any of them, unless you specifically go looking for trouble.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

VirusTotal Intelligence, a search engine for malware | Salted Hash Ep 45
In this episode, host Steve Ragan talks with Karl Hiramoto, technical solutions consultant for VirusTotal, maker of VirusTotal Intelligence, a searchable detection tool for malware.

Computer World Security News
Aug 31, 2018

Firefox to auto-block ad trackers
Mozilla this week said that its Firefox browser will soon start to automatically block some ad tracking technologies that the company claimed impact page load performance and shadow users wherever they go.

"In the near future, Firefox will — by default — protect users by blocking tracking," wrote Nick Nguyen, Mozilla's top Firefox executive, in an August 30 post to a company blog.

Mozilla added what it dubbed "Tracking Protection" to Firefox 57, a.k.a. "Quantum," last fall. Since then, the feature has remained opt-in, meaning people must manually enable it from the browser's Preferences display if they want to use it. When switched on, Tracking Protection blocks a wide range of content, not just advertisements but also in-page trackers that sites or ad networks implant to follow users from one website to another. Such trackers are the reason why an ad for underwear from a specific vendor seemingly pops up wherever one goes after one has browsed the underwear selection at the seller's website.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

Apple insists developers ramp up their privacy commitments
Apple recently told the U.S. Congress that is sees customer privacy as a "human right", though the explanation didn't at that time extend to how third-party developers treat data they get from iOS apps. Now it does.

Privacy for the rest of us Starting October 3, Apple will insist that all third-party apps (including new apps and app updates) submitted to the App Store include a link to the app developer's own privacy policy.

This is a big change as until now only subscription-based apps needed to supply this information - and it also extends to the privacy policy itself, which Apple insists must be clear and explicitly in explaining:

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

Windows and .Net finally get their 'D Week' patches, as Intel microcode fixes go wacko
Time for the final August patching shoe to drop.

Late last night Microsoft released a flurry of patches, posting them on the Microsoft Update Catalog. Some are available through Windows Update, some aren't.

As of early Friday morning, the Win10 patches are not available through WSUS, the update server service. It's not clear if that's a mistake, a hesitation — or if somebody just went home last night and forgot.

Let's hear it for patching predictability. And transparency.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

You've got malware!
Flashback to the early 2000s, when this non-IT pilot fish works in a building where the level of computer literacy is hovering near absolute zero.

"I was the only person in my department who had any computer skills at all," fish grumbles.

"One day we all got an email notice from management about a virus that was going around, spread by email. We were warned about clicking links and opening pages and all the other standard warnings."

Fish suspects that most people in the department will just delete the warning, since they don't use their computers for anything but the bare minimum required by company business -- and they barely understand even that.

To read this article in full, please click here



Computer World Security News
Aug 28, 2018

University-customized Alexa devices will answer students' questions
Saint Louis University (SLU) has rolled out 2,300 Alexa-powered Echo Dot virtual assistants to all of its student living spaces to provide answers to university-related queries about events, speakers on campus and more.

The university also plans to extend use of the artificial intelligence assistant into classrooms and meeting rooms in future and aims to use the technology to support workplace productivity for its faculty staff, according to CIO, David Hakanson.

Students arriving at SLU this month can access a custom skill that answers questions relating to university services, such as "When does the library open?" or "Where is the registrar's office?"

To read this article in full, please click here



Computer World Security News
Aug 25, 2018

Here comes ‘antidisinformation as a service'
Disinformation was in the news again this week. Facebook, Twitter, Google and Microsoft said they removed accounts linked to Russian and Iranian disinformation campaigns.

And if you think it's all about politics and rogue nations, think again. The real story is about a new enterprise business service that fights disinformation.

I'll tell you all about that below. But first, the real news about the fake news.

Facebook said that 652 Facebook pages and groups run by the Iranian and Russian governments were deleted because they were found to be "misleading," by which it meant that the pages and social profiles presented themselves as something other than what they really were.

To read this article in full, please click here



Computer World Security News
Aug 24, 2018

Get serious about privacy with the Epic, Brave and Tor browsers
Privacy is one of the hardest things to find today — and one of the most prized, especially online. Most people, even those not technologically adept, are concerned about the amount of personal information that is being harvested by governments, corporations, third-party advertising agencies and/or unethical hackers.To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 23, 2018

Microsoft Patch Alert: Mainstream August patches look remarkably good, but watch out for the bad boys
So far this month we've only seen one cumulative update for each version of Windows 10, and one set of updates (Security only, Monthly Rollup) for Win7 and 8.1. With a few notable exceptions, those patches are going in rather nicely. What a difference a month makes.

We've also seen a massive influx of microcode updates for the latest versions of Windows 10, running on Intel processors. Those patches, released on Aug. 20 and 21, have tied many admins up in knots, with conflicting descriptions and iffy rollout sequences.

Big problems for small niches At this point, I'm seeing complaints about a handful of patches:

The original SQL Server 2016 SP2 patch, KB 4293807, was so bad Microsoft yanked it — although the yanking took almost a week. It's since been replaced by KB 4458621, which appears to solve the problem. The Visual Studio 2015 Update 3 patch, KB 4456688, has gone through two versions — released Aug. 14, pulled, then re-released Aug. 18 — and the re-released version still has problems. There's a hotfix available from the KB article, but you'd be well advised to avoid it. Outlook guru Diane Poremsky notes on Slipstick that the vers

Computer World Security News
Aug 23, 2018

China once again cracks down on cryptocurrencies, news outlets
In an ongoing campaign to tamp down the growth of once-flourishing cryptocurrencies it sees as a threat, the Chinese government has ordered more than a half dozen online news outlets to shut down and banned physical venues from hosting crypto-related events.

On Tuesday, eight blockchain and cryptocurrency-focused media outlets were banned on WeChat, China's most influential instant communication and mobile payment app, for allegedly violating new government regulations forbidding the publishing of information related to initial coin offerings (ICOs) or cryptocurrency trading speculation.

To read this article in full, please click here



Computer World Security News
Aug 23, 2018

Detecting bot attacks | Salted Hash Ep 44
In this episode, host Steve Ragan talks with Engin Akyol, CTO at Distil Networks at the Black Hat 2018 conference, about bot account takeovers and how they can be detected.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC