NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Jul 19, 2019

What is the dark web? And what will you find there?
The dark web may sound ominous, but it's really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.

Computer World Security News
Jul 18, 2019

How and why Apple users should switch to DuckDuckGo for search
Like liberty for all, privacy demands vigilance, and that's why Apple users who care about either are moving to DuckDuckGo for search.

Why use DuckDuckGo? Privacy is under attack.

It doesn't take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:

We've seen video conferencing solutions that surreptitiously install software on your Macs; A face changing photography app perhaps implicated in the assembly of a vast database of faces; Ahousehold name in smart speakers sharing your private conversations with people you don't know, including chatter you didn't know was recorded in the first place. And then there's Duck Duck Go.

To read this article in full, please click here



Computer World Security News
Jul 17, 2019

How to manage Microsoft Windows BitLocker
Use these techniques to inventory your network to determine which devices have BitLocker.

Computer World Security News
Jul 16, 2019

What the FTC's $5 billion fine really means for Facebook | TECH(feed)
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC's investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

Computer World Security News
Jul 15, 2019

How to take control of Face ID (with tools you may not know exist)
If you travel frequently and use an iPhone or iPad then you simply must familiarize yourself with these two tips - they'll make it much easier to secure your device and its contents when you are on the move.

In praise of Face ID I've become very used to using Face ID. It's seamless.

On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.

My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right - this isn't always as intuitive as I would like.

All the same, given Apple's claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person's face, I'll always opt for the highly secure choice.

To read this article in full, please click here



Computer World Security News
Jul 15, 2019

Memory-Lane Monday: Even worse than you thought
This government agency has cashiers' stations for handling transactions with the public, and the treasurer's office decides it needs new software to run those stations, according to a pilot fish in IT.

And there's going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID "Cash." They don't share the top-secret password, though; that's just for the cashiers to know.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

Zoom fixes webcam flaw for Macs, but security concerns linger
Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user's webcam. 

The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.

[ Related: 6 tips for scaling up team collaboration tools ] Zoom said it's seen "no indication" any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

How to set up Microsoft Cloud App Security
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

Computer World Security News
Jul 11, 2019

New Windows 7 'security-only' update installs telemetry/snooping, uh, feature
Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes - and we frankly don't know what else - rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing "security-only" patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

Microsoft delivers Defender ATP security service to Macs
Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

How Apple is improving iCloud this year
Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what's going on?

What we know so far Apple at WWDC made several announcements that will be reliant on iCloud - these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.

Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.

This may also be Apple's way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.

To read this article in full, please click here



Computer World Security News
Jul 08, 2019

The top 8 problems with blockchain
While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 04, 2019

Throwback Thursday: Spoilsport
This IT security pilot fish knows something about audits — and knows what he expects of auditors.

"I have more than 15 years of audit experience in IT," fish says. "I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards."

Then the internal audit director decides to perform an audit of fish's group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Message to IT: Trusting Apple and Google for mobile app security is career suicide
Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets
How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June's one of the buggiest patching months in recent memory - lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets - all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It's a congenital defect in the patching regimen - bugs introduced by security patches get fixed by non-security "optional" patches, while waiting for the next month's cumulative updates to roll around.

To read this article in full, please click here



Computer World Security News
Jun 27, 2019

Mozilla takes swipe at Chrome with 'Track THIS' project
Mozilla this week touted Firefox's anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Tagged as "Track THIS," the only-semi-tongue-in-cheek project lets users select from four personas - including "hypebeast," "filthy rich," "doomsday prepper," and "influencer" - for illustrative purposes. Track THIS then opens 100 tabs "to fool trackers into thinking you're someone else."

To read this article in full, please click here



Computer World Security News
Jun 26, 2019

How updates to MongoDB work to prevent data breaches | TECH(talk)
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

Computer World Security News
Jun 26, 2019

Microsoft beefs up OneDrive security
Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.

The new feature - dubbed OneDrive Personal Vault - was trumpeted as a special protected partition of OneDrive where users could lock their "most sensitive and important files." They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user's smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)

To read this article in full, please click here



Computer World Security News
Jun 21, 2019

How ‘Find My' Mac works in macOS Catalina and iOS 13
Apple is changing how its Find My Mac tool works in macOS Catalina and iOS - it will now use Bluetooth and should find your Mac even when it is asleep.

How does ‘Find My' Mac work? Apple is combining two apps - Find My Friends and Find My iPhone into a new ‘Find My' app.

The combined app offers what we are used to from each one of these individual apps, but introduces new tools based on Bluetooth.

The ideas is that it will use low energy Bluetooth signals to help bring people together with lost things.

To read this article in full, please click here



Computer World Security News
Jun 19, 2019

Google asks Chrome users for help in spotting deceptive sites
Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. "By clicking the icon, you're now able to report unsafe sites to Safe Browsing for further evaluation," Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

[ Related: How to protect Windows 10 PCs from ransomware ] Safe Browsing is the name of the technology used by Google's search engine, Chrome, Mozilla's Firefox, Apple's Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here



Computer World Security News
Jun 18, 2019

What the latest iOS passcode hack means for you
A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.

Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.

[ Further reading: The wireless road warrior's essential guide ] On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can "determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means."

To read this article in full, please click here



Computer World Security News
Jun 18, 2019

How the Huawei ban could become a security threat | TECH(feed)
We've already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei's Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.

Computer World Security News
Jun 18, 2019

Time-Machine Tuesday: Get a room!
This security pilot fish is a big believer in automated systems. And he's very impressed when his company moves into new offices where the meeting rooms take the manual labor out of scheduling meetings.

"There are room wizards outside every door to assist in scheduling," fish says. "And there's full integration with Microsoft Exchange, so that your meeting information is accurate and timely and always shows the proper room."

One of fish's most important meetings is a committee meeting every month on the day after Patch Tuesday to consider how to handle that batch of Microsoft updates. It's been a regular meeting for years, and after the move the new scheduling system seems to handle it fine.

To read this article in full, please click here



Computer World Security News
Jun 17, 2019

WWDC: Has Apple closed the door on non-Mac App Store apps?
Ever since Apple introduced the Mac App Store developers have warned it plans to close off its platform, so news the company will insist on App Notarization in macOC Catalina set those critics off again. The thing is, it's a little more complicated.

What is Apple doing? Yes, Apple is making it a little more difficult for Mac users to install apps that aren't sold at the Mac App Store or made available from bona fide developers happy to submit their software for the company's speedy App notarization service.

To read this article in full, please click here



Computer World Security News
Jun 17, 2019

The case against knee-jerk installation of Windows patches
Heresy. Yes, I know. Any way you slice it, from my point of view anyway, Windows Automatic Update is for chumps.

Just like the "users must be forced to change their passwords frequently" argument that's no longer au courant, the "users must get patched immediately" argument is based on old, faulty, and totally unsubstantiated claims that make security people feel better — and little else.

With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security "experts" huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.

To read this article in full, please click here



Computer World Security News
Jun 13, 2019

WWDC: Apple's iOS 13 NFC improvements are good for business
Apple will make NFC much more useful in iPhones running iOS 13, and these enhancements will impact the retail, medical, government and security industries.

What is Apple changing?

Apple already uses NFC to support Apple Pay and the Apple Pay Express Transit system which is rolling out at this time.

While it has incrementally extended the tasks NFC supports over the years, the company has limited its NFC support to the NDEF standard until now, but extends this with support for new standards in its Core NFC Framework in iOS 13.

To read this article in full, please click here



Computer World Security News
Jun 13, 2019

Microsoft is better at documenting patch problems, but issues abound
I don't know about you, but I've given up on Microsoft's ability to deliver reliable patches. Month after month, we've seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] For the past few months, though, we've seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they're pushed. Consider:

To read this article in full, please click here



Computer World Security News
Jun 10, 2019

Save yourself a headache: Make sure Windows automatic update is off
Much has changed in the past month. We've seen an emergency cry for all Windows XP, Vista, Win7, Server 2003, 2008 and 2008 R2 systems to get patched in order to fend off widely anticipated BlueKeep attacks. We've also seen Microsoft officially release Windows 10 version 1903, with unsuspecting "seekers" now the prime targets.

To read this article in full, please click here



Computer World Security News
Jun 07, 2019

WWDC: Get to know Apple's 11 new privacy tools
Apple introduced an array of additional privacy protections at WWDC 2019. Many of these both offer protection and help us better understand how our privacy is undermined.

Why does this matter? Apple CEO Tim Cook is passionate about the need to protect user privacy and this is by no means a one man mission.

Speaking with Vector, Apple's VP Software Technology, Bud Tribble stressed the need to educate people into the needs and benefits of privacy, a topic he believes is much more" widely discussed now than before.

To read this article in full, please click here



Computer World Security News
Jun 06, 2019

Mozilla makes anti-tracking the Firefox default
Mozilla this week began to switch on an aggressive anti-tracking technology in Firefox that it has touted since 2015.

With a June 4 update to Firefox 67, Mozilla turned on Enhanced Tracking Protection (ETP) by default for new users. Existing customers simply updating their browsers may enable ETP themselves. The default-of-on will be extended to those users "in the coming months," Mozilla said, apparently activating it in stages as a last-step quality control.

[ Related: What's in the latest Firefox update? ] Mozilla also used the update to Firefox 67.0.1 to trumpet other privacy- and security-centric enhancements, including an add-on that brings its Lockwise password manager to the desktop browser and an improved Facebook Container, an extension designed to keep the social network behemoth from tracking users elsewhere on the web.

To read this article in full, please click here



Computer World Security News
Jun 05, 2019

NSA, Microsoft implore enterprises to patch Windows' 'BlueKeep' flaw before it's too late
The U.S. National Security Agency (NSA) on Tuesday called on IT administrators to apply security updates issued by Microsoft three weeks ago, adding to a chorus of voices urging haste.

"The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats," the NSA said in a June 4 advisory.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] The agency's advice followed by several days that of Microsoft itself. On Thursday, May 30, a company official reminded users of the updates - which the company released May 14 - and implied that time is short. "We strongly advise that all affected systems should be updated as soon as possible," Simon Pope, the director of incident response at the Microsoft Security Response Center (MSRC), wrote in a blog post.

To read this article in full, please click here



Computer World Security News
Jun 04, 2019

WWDC: What you need to know about Sign In with Apple
There's lots of interest in Apple's new Sign In with Apple system, a highly secure, private way to sign in to apps and websites. Here's what you need to know:

What is Sign In with Apple? Apple has noticed that sign-in systems for services, apps, and websites rely on services that use your action of signing in to place cookies on your computer and track what you do.

Apple's focus on privacy means it is attempting to restrict such practices, which is why it has developed the new system as a more private way to sign into these apps and services.

To read this article in full, please click here



Computer World Security News
Jun 04, 2019

It's time to install the May Windows and Office patches
May 2019 will go down in the annals of Patch-dom as the month we all ran for cover to fend off another WannaCry-caliber worm, but a convincing exploit never emerged.

Microsoft officially released Windows 10 version 1903 on May 21, but I haven't yet heard from anyone who's been pushed. All of the complaints I hear are from those "seekers" who went to the download site and installed 1903 with malice and forethought. A triumph of hope over experience.

This month, if you let Windows Update have its way on your machine, you may end up with a different build number than the person sitting next to you. Blame the gov.uk debacle for that: Folks with Windows set up for U.K. English get an extra cumulative update pushed onto their machines, whilst those who don't fly the Union Jack will get the fix in due course next month.

To read this article in full, please click here



Computer World Security News
May 31, 2019

Who watches the iOS parental control apps?
Children are emotional. Protecting them matters. When it comes to technology, do you want developers you don't know over whom you have no control watching what your children do on their devices?

Apple doesn't Apple recently cut developers off from using MDM software to drive third-party parental control solutions.

Developers were upset, and seventeen smaller developers you've probably never heard of got together just days before Apple's WWDC 2019 conference with a well-organized PR campaign and a professional website to demand access to new API's that let them develop parental control software for iOS.

To read this article in full, please click here



Computer World Security News
May 30, 2019

What do recent public SAP exploits mean for enterprises? | TECH(talk)
Recently released public SAP exploits (dubbed 10KBLAZE) could pose a security risk for thousands of businesses. Computerworld executive editor Ken Mingis and CSO Online's Lucian Constantin discuss the fallout of 10KBLAZE, and how businesses using SAP should respond.

Computer World Security News
May 30, 2019

Microsoft Patch Alert: Patching whack-a-mole continues
In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new "Download and install now" feature.

The May 2019 Windows updates have taken so many twists and turns it's hard to pin things down, but as of Thursday morning, here's what we've seen.

Windows 10 cumulative updates As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you've chosen for your machine), you've been pushed one or two of them. If you're a "seeker" (and clicked "Check for updates" or downloaded and installed the patches), you've had at least two, and maybe three. Got that?

To read this article in full, please click here



Computer World Security News
May 24, 2019

AT&T becomes first big mobile carrier to accept Bitcoin payments
AT&T will allow customers to pay their mobile bills using Bitcoin, adding its name to a short list of major businesses and government agencies that allow the blockchain-based cryptocurrency to be used as a form of payment.

While not directly accepting cryptocurrency, AT&T is the first major U.S. mobile carrier to let customers pay in Bitcoin through a third-party service provider.

Customers using its online bill pay service or the myAT&T app will be able to choose BitPay, a cryptocurrency payment processor for payments. The customer pays in Bitcoin and BitPay verifies the funds and accepts the Bitcoin on behalf of the business.

To read this article in full, please click here



Computer World Security News
May 16, 2019

Microsoft sets post-retirement patching record with Windows XP fix - 5 years after support ended
Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.

Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.

[ Related: Windows 7 to Windows 10 migration guide ] "If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows," Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. "Even so, we are making fixes available for these out-of-support versions of Windows."

To read this article in full, please click here



Computer World Security News
May 16, 2019

Do Apple devices need anti-virus software?
Apple's devices are far better defended against malware and viruses than other platforms, but does this mean they don't need anti-virus software?

No, yes and maybe I've lost track of the number of times Mac users have told me Macs don't need virus protection because they are inherently more robust against such attacks.

I've also lost count of how many security researchers have said that Apple devices are becoming more liable to being attacked as their market share grows.

Both are right. Both are wrong.

To read this article in full, please click here



Computer World Security News
May 16, 2019

WhatsApp attacked by spyware | TECH(feed)
WhatsApp's recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.

Computer World Security News
May 15, 2019

How to set up a Microsoft Azure backup process
Setting up a backup process in Azure is one way to quickly recover from a ransomware attack.

Computer World Security News
May 15, 2019

If you're running Windows XP, 7 or associated Servers, patch them
As of very early Wednesday morning, I don't hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There's still much we don't know about the "WannaCry-like" security hole in pre-Win8 versions of Windows — more about that in a moment — but all indications at this point lead me to believe that it's smarter to patch now and figure out how to fix any damage later.

The cause is a bug in Microsoft's Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it's connected to the internet. Not all machines are vulnerable. But the number of exposed machines — the size of the honey jar — makes it likely that somebody will come up with a worm shortly.

To read this article in full, please click here



Computer World Security News
May 14, 2019

The iPhone user's guide to the WhatsApp hack attack
Hackers have used a security bug inside WhatsApp to install spyware through an infected WhatsApp voice call, and Apple users are affected.

What you need to do If you are one of the 1.5 billion people who use WhatsApp you should immediately update both your app and your iOS software to the latest version.

The app update includes fixes that should prevent hackers taking over your iPhone, while future Apple updates will also likely address these flaws.

What is the threat? Israeli hackers from a company called the NSO Group developed the spyware specifically so they could get into people's devices.

To read this article in full, please click here



Computer World Security News
May 14, 2019

Why Microsoft is building a Bitcoin-based ID verification system
After more than a year in development, Microsoft has chosen Bitcoin as the blockchain platform for a decentralized identification (DID) verification system that will allow users to have secure access to an online persona via an encrypted database hub.

The implications of the new ID network could include the elimination of passwords. A company would be able to verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer could verify their identity for a loan without exposing personally identifiable information - again with a click of a button.

To read this article in full, please click here



Computer World Security News
May 14, 2019

Business laptop? $1,000. Sending away the thief? Priceless.
The time is 2001, not long after 9/11, and the place is New York City. Heightened security awareness is the order of the day, and everyone in pilot fish's office is required to carry an access card that activates the office doors. Look out for tailgaters, they're all told. Those are people dressed like professionals who slide in behind someone with an access card and then steal wallets, coats and more.

One morning, fish arrives at the office and passes a man in business-casual attire carrying a laptop tucked under his arm and headed for the elevators. Fish doesn't recognize the fellow, but he does know the co-worker who is running behind him, calling for someone to call building security and the police. The co-worker had returned to an empty desk just seconds after this tailgater had snatched his laptop, well before the tailgater could make a clean getaway.

To read this article in full, please click here



Computer World Security News
May 09, 2019

No, Google, Apple's privacy is not a luxury item
Why is privacy a luxury? Possibly because surveillance capitalist firms have subsidized product prices by collecting and trading in the personal data of the people that use their products, enabling them to sell hardware cheap.

The consequences of convenience The crux of Google CEO Sundar Pichai's argument against firms such as (obviously including but never named) Apple is that his company offers convenience in exchange for personal secrets, makes its services available for free, and has a "profound commitment" to protecting user privacy.

To read this article in full, please click here



Computer World Security News
May 08, 2019

The SAP/Apple partnership changes everything
SAP and Apple are working together to help businesses build applications that use Apple's machine learning and augmented reality technologies.

Apple is the enterprise Apple CEO Tim Cook joined SAP CEO Bill McDermott at the latter company's SAPPHIRE conference to announce the news.

"A man who is the last to accept the status quo, and the first to change it," said McDermott introducing Cook.

Since entering into a business app development partnership with Apple in 2016, SAP itself has become an increasingly Apple-based business with around 100,000 Apple devices in use across the company.

That's a revealing statistic, given Cook's admission:

To read this article in full, please click here



Computer World Security News
May 06, 2019

Mozilla issues fix after it lets cert expire and Firefox add-ons go belly-up
Mozilla over the weekend scrambled to come up with a fix for a bug that crippled most Firefox add-ons.

Engineers issued an update for the desktop browser Sunday afternoon that addressed the issue. That update followed a Saturday hotfix released via a little-known component that lets Mozilla feed pre-release code to Firefox users and then collect data from the browser.

[ Further reading: 14 must-have Firefox add-ons ] The problem was traced to the certificate used by Mozilla to digitally sign Firefox extensions. When the organization neglected to renew the certificate, Firefox assumed the add-ons could not be trusted - that they were, in other words, illegitimate at best, potentially malicious at worst - and then disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here



Computer World Security News
May 03, 2019

Now's the time to install the April Windows and Office patches
April was a tough month for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 customers who ran specific antivirus products. Blue screens, freezes, slow-as-sludge drippings all bedeviled a large number of Sophos, Avira, Avast, AVG and even McAfee users.

Looks like we're over that hump, with the AV manufacturers scurrying to fix their wares.

To read this article in full, please click here



Computer World Security News
May 01, 2019

Wayback Wednesday: At least he asked
Malware from the web is slowly becoming a problem where this support pilot fish works.

"We have about two tickets a week with users saying they have thousands of viruses and they need to download software," says fish.

"Now, every machine has virus protection, and everyone runs locked-down in user-only mode to prevent the rogue installation of software. But we have decided we need to increase our user awareness after the following ticket was received at the help desk:

"‘I just received an ominous warning that my computer was infected with several viruses. I tried running the program to remove these viruses (as it indicated for me to do), but I'm not sure it worked.

To read this article in full, please click here



Computer World Security News
Apr 30, 2019

Microsoft tells IT admins to nix 'obsolete' password reset practice
Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.

The company called the practice - once a cornerstone of enterprise identity management - "ancient and obsolete" as it told IT administrators that other approaches are much more effective in keeping users safe.

[ Related: The best places to find Windows 10 ISOs ] "Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don't believe it's worthwhile for our baseline to enforce any specific value," Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.

To read this article in full, please click here



Computer World Security News
Apr 29, 2019

Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing
You have to wonder who's testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns - bluescreens, hangs, very sluggish behavior - to hundreds of thousands of Win7 and 8.1 machines. This wasn't a "small percentage" kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn't show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month - the mythical "E week" that Microsoft never talks about - so the month may yet end with both a bang and whimper.

To read this article in full, please click here



Computer World Security News
Apr 29, 2019

Why wearables, health records and clinical trials need a blockchain injection
TORONTO - The opportunity exists in healthcare to hand over control of medical records to patients who can choose not only what info providers can see but what personal data gets added to records via wearables, genomics and even lifestyle choices.

And once patients begin accumulating more data about themselves in personal health records (PHRs), they can opt to anonymize that information and sell it to researchers, vastly expanding the pool of information available for clinical studies.

[ Further reading: Blockchain: The complete guide ] Because no data is as sensitive as a medical record, being able to assure its security and immutability through blockchain encryption represents a unique opportunity to "repatriate" and "monetize" that record for the patient, according to Dr. Eric Hoskins, chair of Canada's Federal Advisory Council on the Implementation of National Pharmacare.

To read this article in full, please click here



Computer World Security News
Apr 25, 2019

FedEx CIO: It's time to mandate blockchain for international shipping
TORONTO -- When railroad tracks were first laid across the western U.S., there were eight different gauges all competing to dominate the industry - making a nationwide, unified rail system impossible; it took an act of Congress in 1863 to force the adoption of an industry standard gauge of 4-ft., 8-1/2 inches.

FedEx CIO Rob Carter believes the same kind of thing needs to happen for blockchain to achieve widespread enterprise adoption.

[ Further reading: Blockchain: The complete guide ] While the promise of blockchain to create a more efficient, secure and open platform for ecommerce can be realized using a proprietary platform, it won't be a global solution for whole industries now hampered by a myriad of technical and regulatory hurdles. Instead, a platform based on open-source software and industry standards will be needed to ensure process transparency and no one entity profits from the technology over others.

To read this article in full, please click here



Computer World Security News
Apr 24, 2019

Apple edges closer to cursory code review for all Mac apps
Apple will soon make a code review mandatory for all applications distributed outside its own Mac App Store by new developers, a first step towards requiring all Mac software to pass similar reviews.

The Cupertino, Calif. company argued that the process, which it calls "notarization," would build a more secure macOS environment. "We're working with developers to create a safer Mac user experience through a process where all software, whether distributed on the [Mac] App Store or outside of it, is signed or notarized by Apple," the company stated in an April 10 message on its developer portal.

To read this article in full, please click here



Computer World Security News
Apr 23, 2019

Security theater, '80s style
It's the late 1980s and pilot fish is working on business application development for an aerospace and defense contractor where physical security is surprisingly lax. There's a guard on duty at the front desk during business hours, but that's about the extent of it. That changes with the announcement that all personal gear will be subject to inspection on leaving the building.

To read this article in full, please click here



Computer World Security News
Apr 18, 2019

Card skimming moves online | TECH(talk)
CSO staff writer Lucian Constantin offers advice on how online retailers can prevent online payment fraud.

Computer World Security News
Apr 18, 2019

Here's an easier way to block the IE XXE zero day security hole
The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that's almost always opened by IE — no matter which browser you're using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

It's a doozy of a security hole as it affects every recent version of IE, and it infects whether you're actively browsing with IE or not.

To read this article in full, please click here



Computer World Security News
Apr 16, 2019

Win7/8.1/Server patch conflicts abated, somewhat, but it's still too early to install the April crop
A week ago, Microsoft released six patches that brought many machines to their knees. As I explained last Friday, when the dust cleared, it was apparent that all six of these April patches:

Win7 and Server 2008 R2 Monthly Rollup (KB 4493472) and Security-only (KB 4493448) patches Win8.1 and Server 2012 R2 Monthly Rollup (KB 4493446) and Security-only (KB 4493467) patches Server 2012 Monthly Rollup (KB 4493451) and Security-only (KB 4493450 ) patches would trigger blue screens on reboot on most systems running Sophos antivirus products, and many systems running AV products from Avast and Avira.

To read this article in full, please click here



Computer World Security News
Apr 15, 2019

Google, Hyperledger launch online identity management tools
In two separate announcements last week, Google and Linux's Hyperledger project launched tools aimed at enabling secure identity management for enterprises via mobile and other devices.

Google unveiled five upgrades to its BeyondCorp cloud enterprise security service that enables identity and access management for employees, corporate partners, and customers.

To read this article in full, please click here



Computer World Security News
Apr 10, 2019

You Can Now Get This Award-Winning VPN For Just $1/month
If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you'd usually use the internet for entertainment and work.

That's where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.

To read this article in full, please click here



Computer World Security News
Apr 05, 2019

Massive bank app security holes: You might want to go back to that money under the mattress tactic
A new report from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Although the very nature of apps that manage and move money would suggest presumably strong security, banks and their cohorts tend to adopt new technology slower than almost any other vertical, which puts them in a bad place when it comes to security.

My favorite finding from the Aite Group report: "Several mobile banking apps hard-coded private certificates and API keys into their apps. [Thieves] could exploit this by copying the private certificates to their computers and running any number of free password-cracking programs against them," the report noted. "Should the [attackers] successfully crack the private key, they would be able to decrypt all communication between the back-end servers and mobile devices, among other things. The API keys allow an adversary to then begin targeting the [financial institution's] API servers, gaining them access to data in the back-end databases. This allows [attackers] to authenticate the device with the back-end servers of that app, since this is what APIs use for authentication and authorization."

To read this article in full, please click here



Computer World Security News
Apr 01, 2019

Microsoft Patch Alert: Most March patches look good
March was an unusually light patching month - all of Office only had one security patch - and there don't appear to be any immediate patching worries. Just as in the past few months, Microsoft's holding off on its second cumulative update for Windows 10 1809, raising hopes that it's taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

To read this article in full, please click here



Computer World Security News
Mar 29, 2019

With its Apple Card, Apple edges further into financial services
Apple's Monday announcement of a credit card - the Apple Card - represented a natural progression of the company's journey into financial services that began with the Apple Wallet app and its contactless digital payment service, Apple Pay.

Apple The Apple Card, as described by the company this week, will offer users some attractive features: up to 3% cash back on daily purchases, no late or international transaction fees, and a physical chipped card make of titanium (sans any credit card numbers - just your name and an Apple symbol).

To read this article in full, please click here



Computer World Security News
Mar 26, 2019

Microsoft connects rival browsers to Windows 10's Application Guard
Microsoft earlier this month released a pair of add-ons for Google's Chrome and Mozilla's Firefox to cobble together an unwieldy connection between those browsers, Edge and Windows 10's advanced security technology, Windows Defender Application Guard (WDAG).

The debut of the browser extensions - separate add-ons for Chrome and Firefox - was quietly plugged at the end of a March 15 blog post relating a recent Windows Insider build. That build, 18358, will lead, presumably next month, to Windows 10's next feature upgrade, labeled 1903 and also Windows 10 April 2019 Update.

To read this article in full, please click here



Computer World Security News
Mar 25, 2019

ASUS Live Update Utility cracked, installs ShadowHammer backdoor on 1M PCs, but only 600 targeted
Great way to wake up on Monday morning, especially if you own an ASUS machine.

Kaspersky just published a teaser for a more thorough explanation to come in two weeks at the Kaspersky Security Analysts Summit in Singapore. It's quite an eye-opener.

Apparently somebody broke into the ASUS update servers, and swapped out a valid software/firmware update with one of their own. The bogus update looked like the genuine thing, with a valid certificate, and its size matched the original's size. As a result, the bad update stayed on ASUS's servers "for a long time."

To read this article in full, please click here



Computer World Security News
Mar 25, 2019

How blockchain is becoming the 5G of the payment industry
As more blockchain-based payment networks and fiat-backed digital currencies - including one from the largest U.S. bank - emerge, experts and analysts are predicting a sea change for the financial services industry.

"I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite a bit of FinTech and I can tell you my clients... the banks, are inherently conservative - at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion."

To read this article in full, please click here



Computer World Security News
Mar 25, 2019

How blockchain is becomming the 5G of the payment industry
As more blockchain-based payment networks and fiat-backed digital currencies - including one from the largest U.S. bank - emerge, experts and analysts are predicting a sea change for the financial services industry.

"I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite a bit of FinTech and I can tell you my clients... the banks, are inherently conservative - at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion."

To read this article in full, please click here



Computer World Security News
Mar 20, 2019

How to audit Windows Task Scheduler to detect attacks
Learn how to prevent attackers from using Task Scheduler to hide and set up tasks to access Windows systems.

Computer World Security News
Mar 19, 2019

Heavenly tech support
Pilot fish is helping his pastor fine-tune the church LAN when he notices that the day-care facility next door has a wide-open and unsecured Wi-Fi connection.

Fish's pastor wants to connect to the day-care center's printer and print a document saying, "This is from your neighbors. You need to tighten the security on your Wi-Fi."

Fish suggests that they instead print a document that says, "This is from God. You need to go to church. There's a really nice one right next door."

"Too bad the pastor overruled me," says fish.

Sharky wants your true tale of IT life. If you can't send it directly to my printer, email it to me at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter and read some great old tales in the Sharkives.

To read this article in full, please click here



Computer World Security News
Mar 18, 2019

Slack rolls out enterprise key management, but has no plans for end-to-end encryption
Slack has given large business customers control over the keys used to encrypt and decrypt data created in its team collaboration application. 

The enterprise key management (EKM) feature was initially unveiled at the company's Frontiers event in San Francisco in September, ahead of a closed pilot project; it is now available to all customers of Enterprise Grid, which is targeted at company-wide deployments at large organizations. 

To read this article in full, please click here



Computer World Security News
Mar 13, 2019

March 2019 Windows and Office patches poke a few interesting places
Patch Tuesday has come and gone, not with a bang but a whimper. As of this moment, early Wednesday morning, I don't see any glaring problems with the 124 patches covering 64 individually identified security holes. But the day is yet young.

There are a few patches of note.

Two zero days Microsoft says that two of this month's security holes — CVE-2019-0797 and CVE-2019-0808 — are being actively exploited. The latter of these zero days is the one that was being used in conjunction with the Chrome exploit that caused such a kerfuffle last week, with Google urging Chrome browser users to update right away, or risk the slings of nation-state hackers. If you've already updated Chrome (which happens automatically for almost everybody), the immediate threat has been thwarted already.

To read this article in full, please click here



Computer World Security News
Mar 12, 2019

Apple's Box security scare shows the risk of shadow IT
Until enterprise IT truly gets to understand that its own internal systems need to be as easy to use as any iOS app and as easy to learn as an iPhone, potentially damaging data breaches will take place, threatening business confidentiality. Apple is not immune.

Apple and the human interface The news is that information from some of the world's biggest names in business - including Apple, Edelman and Discovery Channel - could have been accessed through Box Enterprise, which offers companies bespoke company name-based file archiving and sharing services using this URL construction:

https://.app.box.com/v/

To read this article in full, please click here



Computer World Security News
Mar 05, 2019

Microsoft to start selling Windows 7 add-on support April 1
Microsoft plans to start selling its Windows 7 add-on support beginning April 1.

Labeled "Extended Security Updates" (ESU), the post-retirement support will give enterprise customers more time to purge their environments of Windows 7. From Windows 7's Jan. 14, 2020 end of support, ESU will provide security fixes for uncovered or reported vulnerabilities in the OS.

[ Related: Windows 7 to Windows 10 migration guide ] Patches will be issued only for bugs rated "Critical" or "Important" by Microsoft, the top two rankings in a four-step scoring system.

To read this article in full, please click here



Computer World Security News
Mar 05, 2019

Huawei's possible lawsuit, ransomware readiness, old malware resurfaces | TECH(feed)
The ongoing battle between the U.S. and Huawei could soon go to court as Huawei reportedly prepares to sue the U.S. government. Plus, 2019 will see ride sharing companies going public… but which will be first? And as a decade-old malware resurfaces in enterprise networks, a report questions if the world is ready for the next large-scale ransomware attack.

Computer World Security News
Mar 01, 2019

Microsoft Patch Alert: After a serene February, Microsoft plops KB 4023057 into the Update Catalog
Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that's excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a "hallelujah" from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog You've heard me talk about KB 4023057 many times, most recently in January. It's a mysterious patch that Microsoft calls an "update reliability improvement" whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

To read this article in full, please click here



Computer World Security News
Feb 28, 2019

Now you can buy police-grade iPhone hacking tools on eBay
If you want to hack your way into an old iPhone you can get hold of a law enforcement-grade system to do just that for a bargain price on eBay.

I think that's a crime I can't stress this enough.

The very existence of tools like these is a threat to every smartphone user. This is because no matter how many times people argue that these solutions will only see use by law enforcement, these things always proliferate.

The fact that Celebrate systems law enforcement was until recently spending heavily on acquiring are now available on the open market for as little as $100 is a perfect illustration of this.

To read this article in full, please click here



Computer World Security News
Feb 26, 2019

Microsoft CEO supports Apple on privacy
Microsoft CEO Satya Nadella seems to agree with Apple CEO Tim Cook when it comes to privacy, calling this a "fundamental human right".

Microsoft CEO: Privacy a 'human right' Despite the lack of a successful smartphone franchise, Microsoft is still very much part of today's industry with a range of services across the mobile ecosystem. That's probably why Nadella is such an active attendee at Mobile World Congress 2019.

What's really interesting about what he said during a speech at the show is the extent to which his thinking aligns with what Apple is doing around privacy, for example:

To read this article in full, please click here



Computer World Security News
Feb 25, 2019

Microsoft opens top-tier Defender ATP security to Windows 7 PCs
Microsoft's Windows Defender Advanced Threat Protection (ATP) service is now available for PCs running Windows 7 and Windows 8.1.

The decision to add devices powered by those operating systems was first announced a year ago. At the time, Microsoft said ATP's Endpoint Detection & Response (EDR) functionality would be available for the older OSes by summer 2018.

[ Related: Windows 7 to Windows 10 migration guide ] Windows Defender ATP is a service that detects ongoing attacks on corporate networks, then follows up to investigate the attack or breach and provides response recommendations and attack remediation. Software baked into Windows 10 detects attacks, while a central management console allows IT administrators to monitor the status of covered devices and react if necessary. Adding the EDR client software to Windows 7 and Windows 8.1 PCs gives enterprise IT the same visibility into those machines as it has had into Windows 10 systems.

To read this article in full, please click here



Computer World Security News
Feb 23, 2019

Get ready for the age of sensor panic
A passenger on a Singapore Airlines flight this week noticed a small, circular indentation below the image playing on the seatback in-flight entertainment system in front of him. Could that be, he wondered, a camera?

The passenger did the only logical thing: He tweeted out a photo and asked the Twitterverse for opinions, setting off a chorus of complainers on Twitter.

Singapore Airlines also responded to the tweets, saying that the camera was not used by the airline to capture pictures or video. It then told media outlets in a statement that the embedded cameras "have been intended by the manufacturers for future developments. These cameras are permanently disabled on our aircraft and cannot be activated on board. We have no plans to enable or develop any features using the cameras."

To read this article in full, please click here



Computer World Security News
Feb 22, 2019

Apple is losing value and that's a good thing
Apple must be doing something right as the cost of Apple ID data on the Dark Web has dropped, even as the value of Fortnite, Facebook, Netflix and Uber accounts has increased.

Apple is losing value Last year, I reported that online scammers were spending up to $15 per account on Apple ID information, making Apple customers, "the most appealing targets" for scammers.

That's changed.

The latest edition of Top10VPN's ?Dark Web Market Price Index? claims scammers are only willing to spend up to $11 for this information today and are targeting arguably less well-secured services instead.

To read this article in full, please click here



Computer World Security News
Feb 20, 2019

Apple is learning why shortcut security is a bad idea
When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through to get their internal apps posted. It chose convenience and, well, you can guess what happened.

Media reports say pirate developers used the enterprise program to improperly distribute tweaked versions of popular apps — including Spotify, Angry Birds, Pokemon Go and Minecraft — while others used the platform to distribute porn apps along with real-money gambling apps. And all the bad guys had to do was lie to Apple reps about being associated with legitimate businesses. Apple didn't bother to investigate or otherwise verify the answers.

To read this article in full, please click here



Computer World Security News
Feb 19, 2019

Microsoft delays Windows 7's update-signing deadline to July
Microsoft has revised its schedule to dump support for an outdated cryptographic hash standard by postponing the deadline for Windows 7.

Microsoft, like other software vendors, digitally "signs" updates before they are distributed via the Internet. SHA-1 (Secure Hash Algorithm 1), which debuted in 1995, was declared insecure a decade later, but it was retained for backward-compatibility reasons, primarily for Windows 7. Microsoft wants to ditch SHA-1 and rely only on the more-secure SHA-2 (Secure Hash Algorithm 2).

[ Related: Windows 7 to Windows 10 migration guide ] Late last year, Microsoft said that it would update Windows 7 and Windows Server 2008 R2 SP1 (Service Pack 1) this month with support for SHA-2. Systems running those operating systems would not receive the usual monthly security updates after April's collection, slated for release April 9, Microsoft promised at the time.

To read this article in full, please click here



Computer World Security News
Feb 19, 2019

Yabba dabba doo!
Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can't find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That's easy enough — but it doesn't work. Fish gets a message saying his account wasn't found or the password didn't match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here



Computer World Security News
Feb 15, 2019

CIOs, you're doing blockchain wrong
IT leaders who've taken the plunge into blockchain are mainly deploying it in proofs-of-concept tests to address the same problems a conventional database could handle, according to research firm Gartner.To read this article in full, please click here

(Insider Story)

Computer World Security News
Feb 14, 2019

Mozilla to harden Firefox defenses with site isolation, a la Chrome
Mozilla plans to boost Firefox's defensive skills by mimicking the "Site Isolation" technology introduced to Google's Chrome last year.

Dubbed "Project Fission," the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device's memory of critical information, such as authentication credentials and encryption keys.

[ Further reading: 14 must-have Firefox add-ons ] "We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities," Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. "To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation." Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here



Computer World Security News
Feb 14, 2019

How to use your Mac safely in public places
Coffee shops across the planet are populated by earnest Apple Mac-wielding remote and/or freelance workers - but are they taking steps to protect themselves in a public place? Follow this checklist to make sure you are protected.

#1: Worry about Wi-Fi Public Wi-Fi networks are dangerous places, not least because you don't really know how the network is set-up or who else is sitting on the same network with you.

Criminals are known to set up legitimate-seeming hotspots on which their software lurks, attempting to take data (including your bank and intranet passcodes) in transit. Please beware:

Do: Make sure the network you are accessing is really the network that belongs to the place you are in - just because someone has called their network Coffee Bean Net doesn't mean it is the network that officially belongs to the shop. Don't: Access your financial, personal, confidential or medical records over unsecured public Wi-Fi - you're better off setting up your own iPhone hotspot and using that when accessing services like that in a public place. Do: Delete free networks from your Mac once you have used them. Your Mac is unable to determine if a network you are accessing is the genuine network, and will simply go by name. #2: Use a VPN So long as you use a VPN from a reputable company then you can make yourself a great deal safer when working in that coffee shop beside your gig economy mates.

To read this article in full, please click here



Computer World Security News
Feb 14, 2019

All about Android upgrades (and why they're late) | TECH(talk)
It's not exactly news that Android upgrades almost always take a lo-o-o-o-o-ng time to roll out to most users. As in months. Often, many months. Sometimes more than a year.

Sometimes never.

(There is an exception: Google delivers new versions of Android to its Pixel line right away, and did just that with the release of Android 9.0 (Pie) last fall.)

It's now been six months since Pie arrived, which means it's time for Computerworld blogger JR Raphael's comprehensive look at how device-makers are doing when it comes to upgrades. 

To read this article in full, please click here



Computer World Security News
Feb 13, 2019

With latest mobile security hole, could we at least focus on the right things?
A bunch of apps from some major players — including Expedia, Hollister, Air Canada, Abercrombie & Fitch, Hotels.com and Singapore Airlines — recently came to grief because of a security/privacy hole in a third-party analytics app they all used, according to a report from TechCrunch. The incident exposed extremely sensitive customer information including payment card and password data shared in clear text. That sort of thing shouldn't be happening — and yet everyone seems focused on the wrong lesson.

The analytics app, called Glassbox, captures all information from a user's interaction with the app, including keystrokes entered and spots on the touchscreen the user touched or clicked. It also may include some screen captures. In every case, the apps give insufficient privacy disclosures to app users, or none at all. And, as already mentioned, it shares sensitive data in clear text.

To read this article in full, please click here



Computer World Security News
Feb 11, 2019

It's time to block Windows Automatic Updating
Those of you who feel it's important to install Windows and Office patches the moment they come out - I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you'll drop by AskWoody.com and tell us all about them.

For those who feel that, given Microsoft's track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft's Security Response Center says that only a tiny percentage of patched security holes get exploited within 30 days of the patch becoming available.

To read this article in full, please click here



Computer World Security News
Feb 11, 2019

Does Workplace have a Facebook problem?
Facebook emerged from 2018 bruised from a series of revelations that undermined trust in the popular social media platform and raised questions about its commitment to privacy.To read this article in full, please click here

(Insider Story)

Computer World Security News
Feb 08, 2019

How to stay as private as possible on Apple's iPad and iPhone
Apple believes in your right to privacy. Here is some advice on how to use the tools it has given you to protect your privacy on an iOS device.

Use a better passcode You probably already use a 4-digit passcode, but you can improve that with a 6-digit or alphanumeric code.

You change this in SettingsTouch ID/Face ID & Passcode, select Change Passcode and then tap the small Passcode Options dialog. Alphanumeric codes are harder to decipher, just make sure you remember the code.

To read this article in full, please click here



Computer World Security News
Feb 08, 2019

Microsoft: Watch out for zero days; deferred patches, not so much
Matt Miller's presentation at Blue Hat yesterday included some startling statistics, based on data gathered by Microsoft's Security Response Center. The numbers starkly confirm what we've been saying for years: The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Get TotalAV Essential AntiVirus for $19.99 (80% off)
The term "computer virus" calls to mind imagery of pathogenic creepy-crawlies bringing down a device's operating system, their flagella wriggling as they multiply into hordes that infiltrate its chips and wires. And while it's true that our computers can be infected with literal biological bacteria like staphylococci, per Science Illustrated, the threat of malicious codes and programs intent on corrupting data and files looms far larger: According to a recent study from the University of Maryland's Clark School of Engineering, attacks on computers with internet access is virtually ceaseless, with an incident occurring every 39 seconds on average, affecting a third of Americans every year.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Why Apple is disabling Safari's Do Not Track feature
Apple takes privacy very seriously. It takes its leadership in that care seriously, and getting rid of the voluntary ‘Do Not Track' setting in its Safari browser is the right decision.

Why disabling Safari's Do Not Track feature is the right thing to do Apple introduced support for Do Not Track (DNT) in iOS 7, but removed the feature in Safari 12.1.

The problem with DNT is that the signal it sends to websites, analytics firms, plug-in makers and ad networks is a voluntary request, and can be ignored.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Throwback Thursday: Pick a card, any card ...
This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

"An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers," fish says. "He sent out emails bragging about how insecure NT was and giving the NT team a hard time."

Fish isn't on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it's all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here



Computer World Security News
Feb 01, 2019

The January Windows and Office patches are good to go
Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.

We've seen a few more problems raise their ugly heads in the past few days:

Microsoft has confirmed that the latest version of Office Click-to-Run (which you're likely using if you have Office 365) makes the conversation window disappear in Skype for Business 2016. The Windows 8.1 Monthly Rollup, KB 4480963, breaks the Live Migration feature on older AMD Opteron machines. We're still waiting for confirmation on that one. Citrix confirms (but Microsoft hasn't acknowledged) that the latest Win10 1803 cumulat

Computer World Security News
Jan 31, 2019

Huawei in hot water, more on Apple's rocky first-quarter | TECH(feed)
Today's episode features more on Apple's first-quarter report, news that Google and the Internet Advertising Bureau are profiling users, collaboration software spending, and more problems for Huawei.

Computer World Security News
Jan 30, 2019

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs
In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we've seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates "optional" because you only get them if you click "Check for updates."

[ Related: How to clean up your Windows 10 act ] Windows 7 and 8.1 got their usual Monthly Rollups, but there's a problem. Specifically, this month's Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February's Monthly Rollup. Which makes no sense at all, but that's Microsoft. There's another Win7 Monthly Rollup bug that's fixed by installing a different "silver bullet" patch.

To read this article in full, please click here



Computer World Security News
Jan 30, 2019

It's a hack!
It's a few years after Y2K, and this pilot fish has overall responsibility for all things related to his company's website.

"Like most corporations, our company had a policy that computers and laptops were to be used only for company business, along with policies governing the appropriate use of the internet in the work environment," fish says.

"After arriving at work one morning, I opened my email to find a frantic message from our CEO to me and our internet security manager, stating that our website had been hacked."

The big boss knows this is the case because there are spammy images and text on the home page, among other issues. Not surprisingly, the CEO is adamant that this must be resolved ASAP.

To read this article in full, please click here



TRENDING TAGS
Fedcut rate Stocks hopes European
cutrate Fed stocks hopes St
Stocksrate cut Fed hopes Microsoft
ratecut Fed stocks hopes Microsoft
TrumpCNN TODAY USA Fed Michelle
reportingCapital SEQUOIA Michael LLC J
earningsQ2 Call Transcript Inc Outlook
stockcut rate Fed hopes Microsoft
Iranoil tanker seizes tankers Iranian
HereWhere how Trump About need

NEWS SOURCES
Top News (Business News)
Accounting Today
AdWeek News
Banking Business Review
Barron's This Week Magazine
Barron's Up and Down Wall Street Daily
Brad Ideas
Chicago Tribune Business News
CNBC Business
CNBC Economy
CNBC Finance
CNN/Money
CNN/Money Real Estate News
Dismal.com: Analysis
Dismal.com: Indicators
Enterprise Application News
Entrepreneur.com
Forbes Headlines
Forbes Social Media News
FT.com - China, Economy & Trade
FT.com - Financial Markets
FT.com - Hedge Funds
FT.com - Telecoms
FT.com - US
Google Business News
Google Market News
HBS Working Knowledge
Inc.com
INSEAD Knowledge
International Tax Review
Kiplinger
Knowledge@Wharton
L.S. Starrett News
MarketWatch
MarketWatch Breaking News
MarketWatch MarketPulse
McKinsey Quarterly
MSNBC.com: Business
Nielsen Trends
NonProfit Times
NPR Topics: Business
NYTimes Business
OpinionJournal.com
Private Equity Breaking News
Reuters Business
Reuters Company News
Reuters Money
SEC.gov Updates: News Digest
SHRM HR News
Tax Policy News
The Economist International News
The Motley Fool
USA Today Money
Wall Street Journal US Business
Wall Street Transcript
Washington Post Business
WSJ Asia
WSJ Europe
WSJ MoneyBeat
WSJ Opinion
WSJ US News
WSJ World Markets
Yahoo Business
  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC