NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Sep 18, 2018

Why Windows 10 is the most secure Windows ever
Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features - namely Device Guard and Credential Guard - in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft's cloud-based forensic analysis tool.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

Easy way to bypass passcode lock screens on iPhones, iPads running iOS 12
Update for iOS 12 With iOS 12 and iPhones that have Touch ID, you can still bypass the iPhone lock screen and trick Siri into getting into a person's phone. The bypass is the same as it was in earlier versions of the operating system:

Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up. Say to Siri: Cellular data. Siri then opens the cellular data settings where you can turn off cellular data.

[ Further reading: How to use a strong passcode to better secure your iPhone ] As was the case before, anyone can do this. It doesn't have to be the person who "trained" Siri.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

9 iOS 12 security improvements you should know about
Apple has shipped iOS 12 and it's packed with new security improvements and settings every user needs to know about.

Ad tracking Apple has made it much harder for data harvesting companies to exfiltrate your data without you knowing.

Safari in iOS 11 blocked third-party cookies that tracked you across multiple websites and cookies older than 30-days in age.

iOS 12 also gives you the option to block social media sharing icons and comment boxes from tracking you. Apple has also made it much harder for fingerprinting technologies to track and identify you by gathering information about your device, such as capacity or installed apps.

To read this article in full, please click here



Computer World Security News
Sep 18, 2018

W. Va. to use blockchain-based mobile app for mid-term voting
West Virginia this fall will let members of the military and their families deployed overseas to vote by smartphone or tablet using a blockchain-based app developed by a Salt Lake City start-up, Voatz.

The voters using the app would otherwise have to submit paper absentee ballots via mail or vote over a land line telephone.

The move means the state will become the first in the U.S. to use blockchain in a voting system in a general election.

[ Further reading: What is blockchain? The most disruptive tech in decades ] After being elected in January 2017, West Virginia Secretary of State Mac Warner  tasked IT staff to investigate mobile voting options for 8,000 West Virginian military members overseas. Warner, a retired U.S. Army officer with four children who are also all current or former Army officers, cited his own inability to vote when deployed in Afghanistan as one reason for his efforts.

To read this article in full, please click here



Computer World Security News
Sep 17, 2018

SharePoint Workflows go belly-up when you install the September .Net Security Only patch
‘Softie Rodney Viana has posted details and a workaround for the "System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized" bug.

Apparently, installing last Tuesday's KB 4457916 Security Only updates for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 causes a hard stop with any SharePoint Workflows. (Workflows are set up by an admin to handle the flow of documents through a series of steps.)

To read this article in full, please click here



Computer World Security News
Sep 14, 2018

One small step forward, one giant leap back
This pilot fish is paying his monthly bills online when he discovers one of his utilities has changed the payment part of its website -- a lot.

"I clicked on the 'Payment' button, and saw that I now had the option of paying with or without logging in," says fish.

"OK, the no-login option could be handy, but I've been paying this bill online for years, so I clicked on the login option. It asked me for my user name and eight-digit PIN. What PIN? I have a long, secure password. I tried that. It didn't work."

And after several unsuccessful attempts, fish tries the no-login version -- which just takes him to the same screen asking his PIN.

To read this article in full, please click here



Computer World Security News
Sep 13, 2018

Throwback Thursday: Just one more thing to worry about
This pilot fish and his wife are planning a long-overdue vacation to an all-inclusive resort -- one of those places where you don't have to worry about things like meals or tipping.

"I log onto the resort's website in order to make some reservations ahead of our arrival," fish says, "and am presented with the standard registration page."

He enters his information on the page, which also asks "for security reasons" that he set up a password.

It's not until after he has clicked "OK" that fish looks at the icon in his web browser and realizes the page isn't encrypted. He does a quick browse of the source code for the page, and finds that there's no SSL anywhere securing the data he's just typed in.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Time to turn off Windows Automatic Update and brace for impact
August 2018 was a relatively innocuous patching month, although the final resolution to the August problems didn't appear until late Friday night just as the month was coming to a close — on a three-day weekend in the US.

We've seen the same pattern repeat itself almost every month since the beginning of the year: The first round of Microsoft security patches (notably including Win10 patches) introduce bugs, while subsequent rounds of patches each month squash most of them. If we're lucky.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Mac and iOS apps stealing user data -- an enterprise take
Reports claiming numerous apps distributed through Apple's App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data On the surface, the data being extracted is kind of … personal, such as location and browser histories. Information like that provides additional insight into what individual users are up to. Why should that concern an enterprise?

That's a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Mac and iOS apps stealing user data, an enterprise take
Reports claiming numerous apps distributed through Apple's App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data On the surface, the data being extracted is kind of… personal: Location, browser histories, information like this provides additional insight into what individual users are up to. Why should that concern an enterprise?

That's a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here



Computer World Security News
Sep 10, 2018

Why security is the first thing to go, episode 65,723
IT contractor has a project to upgrade some software for a client -- and the project is way behind schedule, says a pilot fish on the client side.

And why is that such a problem? "The existing product goes End-of-Life soon, at which time it will no longer be an approved product for us," fish explains.

"The contractor's people come in and pitch their schedule to upper management. In the briefing, they bring up the fact that the new product is not even approved to be on our highly secured network, and they have not even started on getting it approved.

"Essentially, if they have to get it approved, they can never get it deployed on time.

To read this article in full, please click here



Computer World Security News
Sep 06, 2018

Throwback Thursday: Well, trial and error IS a mechanism
New regulations go into effect requiring more physical and electronic security at this health insurance company, so the company hires a chief security officer to oversee the efforts, says a pilot fish there.

"I was involved in the original security implementation on most of the systems and offered to help, but the new CSO refused our input," fish says. "He put keycard access on the computer room and UPS room and confiscated any physical keys he could find.

"When asked what would happen if the keycard system went down, he responded that 'mechanisms are in place,'" fish recalls.

Soon, only three people have physical keys: the CSO, chief financial officer and facilities manager.

To read this article in full, please click here



Computer World Security News
Sep 05, 2018

Get caught up on your July and August Windows/Office patches
With the arrival of "Fourth Week" patches on the last working day of August, and having had a few days to vet them, it looks as if we're ready to release the cracklin' Kraken.

The steaming pile of Windows Intel microcode patches Microsoft continues to unleash microcode patches for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n =4). You won't get stung by any of them, unless you specifically go looking for trouble.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

VirusTotal Intelligence, a search engine for malware | Salted Hash Ep 45
In this episode, host Steve Ragan talks with Karl Hiramoto, technical solutions consultant for VirusTotal, maker of VirusTotal Intelligence, a searchable detection tool for malware.

Computer World Security News
Aug 31, 2018

Firefox to auto-block ad trackers
Mozilla this week said that its Firefox browser will soon start to automatically block some ad tracking technologies that the company claimed impact page load performance and shadow users wherever they go.

"In the near future, Firefox will — by default — protect users by blocking tracking," wrote Nick Nguyen, Mozilla's top Firefox executive, in an August 30 post to a company blog.

Mozilla added what it dubbed "Tracking Protection" to Firefox 57, a.k.a. "Quantum," last fall. Since then, the feature has remained opt-in, meaning people must manually enable it from the browser's Preferences display if they want to use it. When switched on, Tracking Protection blocks a wide range of content, not just advertisements but also in-page trackers that sites or ad networks implant to follow users from one website to another. Such trackers are the reason why an ad for underwear from a specific vendor seemingly pops up wherever one goes after one has browsed the underwear selection at the seller's website.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

Apple insists developers ramp up their privacy commitments
Apple recently told the U.S. Congress that is sees customer privacy as a "human right", though the explanation didn't at that time extend to how third-party developers treat data they get from iOS apps. Now it does.

Privacy for the rest of us Starting October 3, Apple will insist that all third-party apps (including new apps and app updates) submitted to the App Store include a link to the app developer's own privacy policy.

This is a big change as until now only subscription-based apps needed to supply this information - and it also extends to the privacy policy itself, which Apple insists must be clear and explicitly in explaining:

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

Windows and .Net finally get their 'D Week' patches, as Intel microcode fixes go wacko
Time for the final August patching shoe to drop.

Late last night Microsoft released a flurry of patches, posting them on the Microsoft Update Catalog. Some are available through Windows Update, some aren't.

As of early Friday morning, the Win10 patches are not available through WSUS, the update server service. It's not clear if that's a mistake, a hesitation — or if somebody just went home last night and forgot.

Let's hear it for patching predictability. And transparency.

To read this article in full, please click here



Computer World Security News
Aug 31, 2018

You've got malware!
Flashback to the early 2000s, when this non-IT pilot fish works in a building where the level of computer literacy is hovering near absolute zero.

"I was the only person in my department who had any computer skills at all," fish grumbles.

"One day we all got an email notice from management about a virus that was going around, spread by email. We were warned about clicking links and opening pages and all the other standard warnings."

Fish suspects that most people in the department will just delete the warning, since they don't use their computers for anything but the bare minimum required by company business -- and they barely understand even that.

To read this article in full, please click here



Computer World Security News
Aug 28, 2018

University-customized Alexa devices will answer students' questions
Saint Louis University (SLU) has rolled out 2,300 Alexa-powered Echo Dot virtual assistants to all of its student living spaces to provide answers to university-related queries about events, speakers on campus and more.

The university also plans to extend use of the artificial intelligence assistant into classrooms and meeting rooms in future and aims to use the technology to support workplace productivity for its faculty staff, according to CIO, David Hakanson.

Students arriving at SLU this month can access a custom skill that answers questions relating to university services, such as "When does the library open?" or "Where is the registrar's office?"

To read this article in full, please click here



Computer World Security News
Aug 25, 2018

Here comes ‘antidisinformation as a service'
Disinformation was in the news again this week. Facebook, Twitter, Google and Microsoft said they removed accounts linked to Russian and Iranian disinformation campaigns.

And if you think it's all about politics and rogue nations, think again. The real story is about a new enterprise business service that fights disinformation.

I'll tell you all about that below. But first, the real news about the fake news.

Facebook said that 652 Facebook pages and groups run by the Iranian and Russian governments were deleted because they were found to be "misleading," by which it meant that the pages and social profiles presented themselves as something other than what they really were.

To read this article in full, please click here



Computer World Security News
Aug 24, 2018

Get serious about privacy with the Epic, Brave and Tor browsers
Privacy is one of the hardest things to find today — and one of the most prized, especially online. Most people, even those not technologically adept, are concerned about the amount of personal information that is being harvested by governments, corporations, third-party advertising agencies and/or unethical hackers.To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 23, 2018

Microsoft Patch Alert: Mainstream August patches look remarkably good, but watch out for the bad boys
So far this month we've only seen one cumulative update for each version of Windows 10, and one set of updates (Security only, Monthly Rollup) for Win7 and 8.1. With a few notable exceptions, those patches are going in rather nicely. What a difference a month makes.

We've also seen a massive influx of microcode updates for the latest versions of Windows 10, running on Intel processors. Those patches, released on Aug. 20 and 21, have tied many admins up in knots, with conflicting descriptions and iffy rollout sequences.

Big problems for small niches At this point, I'm seeing complaints about a handful of patches:

The original SQL Server 2016 SP2 patch, KB 4293807, was so bad Microsoft yanked it — although the yanking took almost a week. It's since been replaced by KB 4458621, which appears to solve the problem. The Visual Studio 2015 Update 3 patch, KB 4456688, has gone through two versions — released Aug. 14, pulled, then re-released Aug. 18 — and the re-released version still has problems. There's a hotfix available from the KB article, but you'd be well advised to avoid it. Outlook guru Diane Poremsky notes on Slipstick that the vers

Computer World Security News
Aug 23, 2018

China once again cracks down on cryptocurrencies, news outlets
In an ongoing campaign to tamp down the growth of once-flourishing cryptocurrencies it sees as a threat, the Chinese government has ordered more than a half dozen online news outlets to shut down and banned physical venues from hosting crypto-related events.

On Tuesday, eight blockchain and cryptocurrency-focused media outlets were banned on WeChat, China's most influential instant communication and mobile payment app, for allegedly violating new government regulations forbidding the publishing of information related to initial coin offerings (ICOs) or cryptocurrency trading speculation.

To read this article in full, please click here



Computer World Security News
Aug 23, 2018

Detecting bot attacks | Salted Hash Ep 44
In this episode, host Steve Ragan talks with Engin Akyol, CTO at Distil Networks at the Black Hat 2018 conference, about bot account takeovers and how they can be detected.

Computer World Security News
Aug 17, 2018

2 undocumented patches from Microsoft may solve the 1803 TLS 1.2 blocking problem
Microsoft's KB 4458166, released on Tuesday, explains that the push to Win10 version 1803 has been halted for machines running .Net applications that use the TLS 1.2 security protocol. Presumably, effective Tuesday, if you have a Win10 1709 or 1703 machine that's running one of those programs (including, notably, QuickBooks Desktop), Microsoft won't try to push 1803 on it.

To read this article in full, please click here



Computer World Security News
Aug 17, 2018

IBM, Maersk launch blockchain-based shipping platform with 94 early adopters
After launching a proof of concept earlier this year, IBM and Maersk have unveiled TradeLens, the production version of an electronic ledger for tracking global shipments; the companies say they have 94 participants piloting the system, including more than 20 port and terminal operators.

The jointly developed electronic shipping ledger records details of cargo shipments as they leave their origin, arrive in ports, are shipped overseas and eventually received.

To read this article in full, please click here



Computer World Security News
Aug 16, 2018

Throwback Thursday: How did...er, DIDN'T he do that?
It's 1977, and this network analyst pilot fish is working at a newly constructed data center -- one with a big fence.

"The company had just gotten a new sense of needing physical security, so they had included a new, state-of-the-art security system," says fish.

"It had electronic locks at a handful of doors in the building, a 10-foot-high fence with a motorized gate, and key-card reader stations by each of the locked doors and the gate."

One day, company needs to bring a new communications line up between the data center and an office 10 miles away. Fish's team leader decides the best way to do this without disrupting the users is to have fish go to the remote office at 4:30 a.m., while his team leader goes to the data center.

To read this article in full, please click here



Computer World Security News
Aug 15, 2018

Patch Tuesday fallout: Bad docs, but so far no major problems
Microsoft may have fixed July's horrible, no good, very bad patches. Although the initial documentation for this month's patches included warnings about many of the bugs that persisted from July, it ends up that the docs were wrong, and most of the known problems seem to be fixed.

As of early Reboot Wednesday morning, the patches seem to be behaving themselves. Of course, it frequently takes days or even weeks for bugs to appear, so you'd be well advised to avoid jumping into the unpaid battle zone for now.

To read this article in full, please click here



Computer World Security News
Aug 15, 2018

Blockchain phase 2: Will it scale?
More than one organization has been working on solving a major blockchain conundrum: how to improve sluggish transaction performance.To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 14, 2018

A hidden Android Pie security setting everyone should enable
Google's new Android 9 Pie release has plenty of fresh features and interface changes, but one of the software's most significant security improvements has managed to stay mostly off the radar.

In addition to all of the oft-discussed privacy and security enhancements, y'see, Pie has an out-of-sight and semi-advanced option. It's not something you'd use every day — or often at all, really — but if the right sort of occasion ever comes along, you'll be glad you have it enabled.

To read this article in full, please click here



Computer World Security News
Aug 13, 2018

Patch Tuesday's coming: Block Windows Update and pray we don't get fooled again
July 2018 patches for both Windows and Office brought bugs and bugs of bugs — many of which haven't been solved, even now. We have even reached the unprecedented stage where the .NET team openly warned people against installing buggy updates, and the Monthly Rollup previews got shoved down the Automatic Update chute to fix bugs in the primary Monthly Rollup.

July was more galling than most months because the patches caused widespread problems for many, while plugging security holes for exactly zero widespread infections.

To read this article in full, please click here



Computer World Security News
Aug 10, 2018

Blue Team Village, DEF CON 2018 | Salted Hash Ep 43
Host Steve Ragan talks to Munin, a staffer at the DEF CON Blue Team Village about what's happening and what you can expect.

Computer World Security News
Aug 10, 2018

Blue Team village, Deffcon 2018 | Salted Hash Ep. 43
Host Steve Ragan talks to Munin, a staffer at the DEF CON Blue Team Village about what's happening and what you can expect.

Computer World Security News
Aug 10, 2018

A word to the wise: Skip Microsoft's July patches
On July 9, I recommended that you disable Windows Automatic Update and wait to see if the July Microsoft patches brought more mayhem than relief. With the August patches just a few days away, it's time to put a nail in the July coffin. I strongly recommend that you not install any of the July patches, and pray that Microsoft treats us better in August.

It's been a tumultuous month.

To read this article in full, please click here



Computer World Security News
Aug 08, 2018

An inside look at hybrid Office 365 phishing attacks | Salted Hash Ep 41
In this episode, Steve Ragan shows what a hybrid phishing attack looks like as it starts off on one service, and quickly moves to another.

Computer World Security News
Aug 07, 2018

Grand Theft IT? Not quite
The time has come for the sales team at this financial services company to get new top-of-the-line laptops -- and they're being upgraded 80 at a time, reports an IT pilot fish there.

"Late one night, the guy in charge of the upgrade got a call from Security saying that a break-in had occurred," fish says. "They told him that on the security cameras they saw the thieves making off with a lot of laptops.

"The upgrade project manager arrived at the scene to meet the police -- who were very puzzled when he started laughing.

"Turns out the thieves stole 80 decommissioned laptops with no hard drives, while ignoring the 80 new laptops sitting in boxes beside the decommissioned ones."

To read this article in full, please click here



Computer World Security News
Aug 07, 2018

What is a phishing kit? Watch this in-depth explainer | Salted Hash Ep 39
What is a phishing kit? In this video, Steve Ragan offers an answer and a look at some of the kits Salted Hash has collected.

Computer World Security News
Aug 06, 2018

TSMC's iPhone chip attack is a wake-up call for enterprise security
Apple chipmaker TSMC suffered a serious WannaCry-related ransomware infection that closed down production at some of its factories. The incident should be a wake-up call for manufacturers across every industry.

Manufacturing is under attack TSMC has said the incident was not the result of a direct attack. Instead it says its systems were exposed to the malware "when a supplier installed tainted software without a virus scan."

The malware spread fast and impacted some of the company's most advanced facilities used to build Apple's A-series chips.

To read this article in full, please click here



Computer World Security News
Aug 06, 2018

How Microsoft became tech's good guy
Once upon a time, Microsoft symbolized all that was wrong with the tech world: greedy, monopolistic, single-mindedly focused on profits while caring little about the public good. In the heyday of Bill Gates and Steve Ballmer, the company ran roughshod over competitors in its attempt to corral the worldwide market for both operating systems and application software.

But today, Microsoft has embraced the role of the tech world's better angel. And as events show in recent weeks, that's not hype. The company has, to some extent, tried to act as the industry's conscience as well as taking actions for the greater good.

One case in point: Microsoft's recent revelation that it had uncovered evidence that the Russian government had targeted three congressional campaigns in the upcoming midterm elections — and that it had helped thwart the plot. Microsoft discovered the attempts as part of its long-running battle against the Russian government-backed hacking cyber-espionage group called Fancy Bear. Microsoft, which has been playing whack-a-mole with the group for well over a year, targets the command-and-control servers that control malware that Fancy Bear plants on victims' computers, as well as associated websites that install malware on targets' computers when the victims visit them as a result of a spearphishing attack.

To read this article in full, please click here



Computer World Security News
Aug 06, 2018

An introduction to Kit Hunter, a phishing kit detector | Salted Hash Ep 40
Kit Hunter, a basic Python script written by host Steve Ragan, searches on common tag elements to find hidden phishing kits on a web server.

Computer World Security News
Aug 03, 2018

Windows updaters express frustrations. Microsoft responds.
No doubt you recall patching guru Susan Bradley's open letter to Microsoft brass, summarizing the results of her Windows update survey. The results were quite damning in many ways, with complaints about the quality and frequency of patches topping the list.

[ Related: The best places to find Windows 10 ISOs] Microsoft has responded to the open letter in a rather roundabout way. Two days after Computerworld posted the open letter, Bradley received an email that says:

To read this article in full, please click here



Computer World Security News
Aug 01, 2018

Brush up on your IT skills with this comprehensive CompTIA training bundle
Whether you're a veteran Cloud professional with numerous IT certifications, or you've just started your career after earning an A , it's always in your best interest to stay up-to-date with the fundamentals. The Complete 2018 CompTIA Certification Training Bundle includes 12 courses covering several CompTIA exams, so you can stay sharp and potentially add another notch to your belt of IT certifications. It's available on sale today for $59.

To read this article in full, please click here



Computer World Security News
Aug 01, 2018

Apple users ‘most appealing' to cybercriminals' online scams
Apple's platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security — partly because hacked Apple user credentials are among the most valuable properties you'll find on the so-called dark web.

A complex crime There is no doubt at all that Apple is growing in the enterprise, which is why every iOS or macOS user needs to understand that the new cyber threats aren't confined to annoying viruses, trojans, or malware attacks.

Enterprise security chiefs are becoming increasingly aware that network, device, location-based, and user security must also be seen as part of the mix. Platform security is only one element to an overall security picture.

To read this article in full, please click here



Computer World Security News
Aug 01, 2018

Conversation hijacking attacks | Salted Hash Ep 38
Troy Gill, manager of security research at AppRiver, explains conversation hijacking attacks, or CHAs, with host Steve Ragan, including who is typically targeted and how to prevent them.

Computer World Security News
Jul 31, 2018

If at first you don't succeed, .Net, .Net, .Net again
July will go down in the Microsoft Patching Halls of Infamy as one of the worst months ever. Every version of Win10 got three big cumulative updates, and a fourth should be hot on their heels. Let that sink in for a second: Windows patches used to come out once a month, then twice, and now we're up to three or four a month, sprinkled on random days of the month. And they're big bunches of fixes.

To read this article in full, please click here



Computer World Security News
Jul 30, 2018

An open letter to Microsoft management re: Windows updating
From: Susan Bradley

To: Mr. Satya Nadella, Mr. Carlos Picoto and Mr. Scott Guthrie

Dear Sirs:

Today, as Windows 10 turns three years old, I am writing to you to ensure that you are aware of the dissatisfaction your customers have with the updates released for Windows desktops and servers in recent months. The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don't install updates and leave machines subject to attack.

To read this article in full, please click here



Computer World Security News
Jul 30, 2018

Phishing problems: 3.2M emails blocked in a month | Salted Hash Ep 37
Asaf Cidon, vice president of email security at Barracuda Networks, talks with host Steve Ragan about a recent uptick in phishing attacks, including a spike in business email compromise (BEC) attacks.

Computer World Security News
Jul 30, 2018

New MacBook Pros at work? Here's how to manage them right
Earlier this month, Apple unveiled its newest generation of MacBook Pros; all feature a significant bump in performance, a redesigned butterfly keyboard, the arrival of "Hey Siri" commands and a second generation of Apple's T-series chips. The T2 chip works to improve performance and includes a Secure Enclave for encryption operations to secure the laptops and power Apple's TouchID as well as the Touch Bar. (The T2 chip is already in Apple's iMac Pro.)To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 26, 2018

Microsoft Patch Alert: Still reeling from one of the worst patching months ever
If you ever wondered why people — and organizations — are taking longer and longer to willfully install patches, take a look at what happened this month. After a disastrous start, Windows 10 patches seem to be OK, but .NET and Server patches still stink.

For most of the year, we've seen two big cumulative updates every month for each of the supported Win10 versions. This month, so far, we've had three. Microsoft's claim that it will install the Win7 and Win8.1 Monthly Rollups defies logic. The .NET patches are in such bad shape that the .NET devs have thrown in the towel. And here we sit not knowing exactly which way is up.

Three Win10 cumulative updates for each version in July On Patch Tuesday, July 10, as usual, Microsoft rolled out cumulative updates for all of the supported versions of Windows 10. Almost immediately we heard screams of pain as four big bugs, later officially acknowledged, hit the fan. Six days later, Microsoft released a second set of cumulative updates, again for all versions of Win10. Those updates were specifically designed to fix the bugs introduced by the original updates. The build numbers in the Knowledge Base articles didn't match the build numbers that people actually installed but, well, that's Microsoft.

To read this article in full, please click here



Computer World Security News
Jul 26, 2018

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Jul 25, 2018

The risks associated with global Internationalized Domain Names | Salted Hash Ep 36
Paul Vixie, CEO of Farsight Security, explains how global Internationalized Domain Names, or global IDNs, sparked the emergence of confusingly similar website addresses with nefarious goals -- and how to combat them.

Computer World Security News
Jul 23, 2018

The MacBook Pro's T2 chip boosts enterprise security
You may have missed an all-new enterprise-focused feature woven inside of Apple's all-new MacBook Pro - its new T2 chip which fundamentally enhances the security of these computers.

What is the T2 chip? The successor to the T1, Apple's T2 chip enables secure boot and encrypted storage on the machine. It first appeared on the iMac Pro.

What does the T2 chip do? The most widely-reported task handled by the T2 chip is the provision of "Hey Siri" support for the first time on a Mac.

To read this article in full, please click here



Computer World Security News
Jul 23, 2018

July Windows .Net patches appear, disappear, reappear, disappear again
Microsoft's July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks after they were first unleashed, poorly documented versions of the patches now appear to be available, but are not being actively pushed. There's no indication from Microsoft if and/or when they'll be fixed.

These patches, originally released on Patch Tuesday, July 10, are baring their FAANGs:

KB 4340556 — Security and Quality Rollup updates for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4340557 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4340558 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT

Computer World Security News
Jul 23, 2018

Nice to know our financial world is in safe hands
This company is the target of a spear-phishing attack, but it doesn't actually get very far, according to an IT pilot fish working there.

"It was the typical 'CEO is out of the office and needs a wire transfer done right away' message," fish says.

"Our people are pretty good at spotting phishing attempts, and our administrative assistant was immediately suspicious because we do wire transfers approximately never. She strung the guy along over multiple emails and got all the transfer information -- amount, routing number, account number and so on.

To read this article in full, please click here



Computer World Security News
Jul 23, 2018

Don't ignore application security | Salted Hash Ep 35
In this episode, Michael Feiertag, CEO and co-founder of tCell, joins host Steve Ragan to talk about why application security is more critical than ever and why it's just now getting more attention from security teams.

Computer World Security News
Jul 21, 2018

Fake products? Only AI can save us now.
Half a trillion dollars.

That's the rough amount of money that counterfeiters displaced last year by selling phony products. Some 2.5% of all trade is for fake goods.

The United States is hit hardest by the scourge of counterfeit products — U.S. brands accounted in 2013 for 20% of the world's infringed intellectual property.

When most people think about counterfeiting, they think of knock-off Louis Vuitton handbags sold on the sidewalk. But fake products also include business and enterprise products, as well as everyday consumer goods.

To read this article in full, please click here



Computer World Security News
Jul 20, 2018

Microsoft dives down a bizarre non-cumulative rabbit hole with July patches
If you're trying to apply this month's patches — an exercise in futility that I continue to discourage — you may have found that this month's patches and their documentation read like a da Vinci script, mirrored upside down and backwards.

Take this astounding bit of bafflegab, from the official Microsoft Exchange blog:

To read this article in full, please click here



Computer World Security News
Jul 20, 2018

It was a JOKE, OK?
Pilot fish's workplace is upgrading to use smart cards, but he's not thinking about that when he sees a pop-up about an update -- one that strikes fish as a little, um, fishy.

"I thought, if something like that was to occur and need user intervention, IT would have sent a notice out about it," says fish.

"So a screen shot and email went off to IT security. They responded much faster than I expected, and in person: There was something wrong and they needed my laptop hard drives ASAP."

Fish turns over his machine, and the next day he receives replacement hard drives. But it turns out his backup wasn't configured for all the folders and file types he stores data in -- and now he's missing about a terabyte of data.

To read this article in full, please click here



Computer World Security News
Jul 19, 2018

Why Windows 7 updates are getting bigger
Windows 7's security rollups, the most comprehensive of the fixes it pushes out each Patch Tuesday, have doubled in size since Microsoft revamped the veteran operating system's update regimen in 2016.

According to Microsoft's own data, what it calls the "Security Quality Monthly Rollup" (rollup from here on) grew by more than 90% from the first to the twenty-first update. From its October 2016 inception, the x86 version of the update increased from 72MB to 137.5MB, a 91% jump. Meanwhile, the always-larger 64-bit version went from an initial 119.4MB to 227.5MB, also representing a 91% increase.

The swelling security updates were not, in themselves, a surprise. Last year, when Microsoft announced huge changes to how it services Windows 7, it admitted that rollups would put on the pounds. "The Rollups will start out small, but we expect that these will grow over time," Nathan Mercer, a Microsoft product marketing manager, said at the time. Mercer's explanation: "A Monthly Rollup in October will include all updates for October, while November will include October and November updates, and so on."

To read this article in full, please click here



Computer World Security News
Jul 19, 2018

Is mobile sensor-based authentication ready for the enterprise? Some big players think it might be.
An Arizona security company is working on an interesting approach to mobile authentication, one that leverages the exact angle a user holds the phone as a means of making replay attacks a lot more difficult. Aetna has been testing the method internally (according to the security company's CEO) and the company — Trusona — has announced about $18 million in funding, from Microsoft Ventures ($10 million) and Kleiner, Perkins, Caufield and Byers ($8 million).

The Microsoft Ventures funding is interesting because one of the more popular mobile authentication methods today is Microsoft's Authenticator app. Is Redmond covering its bases, or does it see the Trusona effort as threatening to displace Authenticator, at least in the enterprise IT world?

To read this article in full, please click here



Computer World Security News
Jul 18, 2018

Mingis on Tech: The blockchain evolution moves from services...to smartphones?
If 2017 was the year many tech firms suddenly looked around and realized they needed to be part of the blockchain craze, this is the year companies in a variety of industries have begun actively experimenting with the distributed ledger technology.

Helping to make that possible - especially for firms with no experience in building out blockchain systems themselves - are IT vendors like IBM, Microsoft, HPE and Amazon Web Services. They now offer blockchain-as-a-service.

To read this article in full, please click here



Computer World Security News
Jul 18, 2018

Mingis on Tech: The blockchain evolution, from services...to smartphones
Oracle joins other major tech vendors by rolling out its blockchain-as-a-service offering, and two smartphone makers plan to include the technology in new devices this year. Get the latest on the blockchain craze.

Computer World Security News
Jul 17, 2018

Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches
In what is becoming a common occurrence, Microsoft's Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month, unusually, it took only six days to get the exterminators out.

Since these fixes are aimed at four specific bugs introduced on Patch Tuesday, they don't include the massive patches normally appearing on the second Patch Whateverday of the month. My guess is we'll see at least one more big set of Windows patches before the month is out. Oh, boy.

Windows July patches, version 2 Yesterday, Monday, July 16, Microsoft released 27 new security patches for Windows, bringing the total number of patches so far this month up to 156. The new patches fall into six separate groups:

To read this article in full, please click here



Computer World Security News
Jul 13, 2018

Microsoft yanks buggy Office 2016 patch KB 4018385, republishes all of this month's patch downloads
As I reported yesterday, the July 2018 Windows and Office patches teem with bugs. We're just beginning to see the fallout.

The July 3 non-security Office 2016 patch KB 4018385 is officially yanked. If you don't recall KB 4018385 — a small patch in a sea of Office fixes — the original KB article describes it thusly:

To read this article in full, please click here



Computer World Security News
Jul 13, 2018

Here come the first blockchain smartphones: What you need to know
After months of speculation, Taiwanese electronics company Huawei Technologies Ltd. (HTC) has confirmed it will be releasing a blockchain-enabled smartphone this year that will allow users to securely store cryptocurrency offline and act as a compute node in a blockchain network.

"We want to double and triple the number of nodes of Ethereum and Bitcoin," HTC said in its marketing material for the device. The new smartphone is expected to be able to work with multiple blockchain protocols allowing for interoperability between them.

[ Further reading: Review: Samsung's new Galaxy S9 phones make excellence routine ] In addition, the HTC Exodus blockchain-enabled smartphone will allow owners to play CryptoKitties, a decentralized app (Dapp) game. Dapps are applications that run across multiple nodes on peer-to-peer (P2P) networks.

To read this article in full, please click here



Computer World Security News
Jul 12, 2018

Google flips switch on Chrome's newest defensive technology
Google has switched on a defensive technology in Chrome that will make it much more difficult for Spectra-like attacks to steal information such as log-on credentials.

Called "Site Isolation," the new security technology has a decade-long history. But most recently it's been cited as a shield to guard against threats posed by Spectre, the processor vulnerability sniffed out by Google's own engineers more than year ago. Google unveiled Site Isolation in late 2017 within Chrome 63, making it an option for enterprise IT staff members, who could customize the defense to shield workers from threats harbored on external sites. Company administrators could use Windows GPOs - Group Policy Objects - as well as command-line flags prior to wider deployment via group policies.

To read this article in full, please click here



Computer World Security News
Jul 12, 2018

Patch Tuesday problems abound, Server 2016 crashes, and a .Net patch goes down in flames
You know it's going to be an Alice in Wonderland month when some sites report that Microsoft plugged 54 vulnerabilities on Patch Tuesday, while others report 53. Fact is, patching has become so brutal — and so banal — that there's no consensus on counting, much less on what's good and bad.

Suffice to say that, once again this month, there was a huge number of security patches (129 individual patches, according to the Microsoft Update Catalog), with no pressing security fixes unless you're using the Edge browser or Internet Explorer. Microsoft changed Win10 version 1803 to "Semi-Annual Channel," but the term now means less than it ever has before. If that's possible.

To read this article in full, please click here



Computer World Security News
Jul 03, 2018

The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34
In this episode, host Steve Ragan talks with Phil Grimes, Professional Services Lead at RedLegg, about the challenges of educating customers — and building a partnership with them — to create successful red team engagements.

Computer World Security News
Jul 02, 2018

Get the Microsoft June patches applied, but watch out for Win7 NICs and old antivirus
Windows 7 customers should be on the lookout for a couple of, uh, challenges this month, as the Win10 1803 trail of tears continues and Win10 1709 finally looks pretty solid.

The Win7/Server 2008R2 network card bugs continue First, the good news. If you installed last month's Win7/Server 2008R2 patches and your network connections didn't go kablooey, you're almost undoubtedly OK to proceed with this month's patches.

On the other hand, if you've been waiting to install patches on your Win7 or Server 2008R2 machine, you need to be aware of a bug that Microsoft has acknowledged. It was introduced by a patch back in March, according to the KB articles, and hasn't been fixed yet:

To read this article in full, please click here



Computer World Security News
Jun 28, 2018

BlackBerry's Android upgrade track record should give anyone pause
Hey, look: A new BlackBerry phone is here! And no, you didn't just wake up from a 12-year coma. I promise you, it is still 2018.

The new BlackBerry Key2, however, is aimed squarely at those who miss the glory days of the physical-keyboard-packin' phone — specifically, business users who still place some sort of value on the BlackBerry name (even if it's technically a different organization making the devices now). The company's own landing page for the device placards that focus plainly:

To read this article in full, please click here



Computer World Security News
Jun 27, 2018

Microsoft Patch Alert: Some bugs in Win 10 (1803) fixed, others persist
Microsoft's patches in June took on some unexpected twists.

Windows 7 owners with older, 2002-era Pentium III machines got their patching privileges revoked without warning or explanation (and a documentation cover-up to boot), but there's little sympathy in the blogosphere for elderly PCs.

Win10 1803 was declared fully fit for business, a pronouncement that was followed weeks later by fixes for a few glaring, acknowledged bugs — and stony silence for other known problems.

To read this article in full, please click here



Computer World Security News
Jun 22, 2018

Supreme Court: Your digital location is protected by the Constitution
The U.S. Supreme Court today ruled that access to historical cell-site records of a person's location based on their mobile phone will require law enforcement to obtain a warrant before searching a person's historical location records.

This is the first time the high court has ruled on whether a phone subscriber has a legitimate expectation of privacy regarding a telephone company's records of their cellphone location data, according to Aloke Chakravarty, a partner in the Denver-based law firm of Snell & Wilmer.

[ Free download: Mobile management vendors compared ] "This is a landmark case for privacy, and how the court will deal with emerging technologies going forward," Chakravarty said via email. "It creates a new lens through which to view a government's ability to obtain third-party records where a criminal defendant neither possesses the records, doesn't have a property interest in them, may not even know they exist, and he cannot personally even access them."

To read this article in full, please click here



Computer World Security News
Jun 22, 2018

Big Win10 1709 patch reinforces twice-a-month patching pace but, oddly, nothing new for 1803
Microsoft's Windows 10 patching pace is so fast at this point that one Patch Tuesday doesn't cover all the bases. Instead, we're seeing one massive Cumulative Update on Patch Tuesday, and a second — typically large — grab bag of patches later in the month.

You have to wonder what's happening, though, when Microsoft can deliver its second bundle of patches for 1709, 1703 and 1607 before the second patch for the latest version, 1803, sees light of day.

The Win10 patches KB 4284822 for Win10 1709

To read this article in full, please click here



Computer World Security News
Jun 22, 2018

Apple pushes privacy theme in Safari for iOS 12, 'Mojave'
Apple upgrades its Safari browser on macOS and iOS just once a year, making the refresh more strategic than most of its rivals, notably Google, which last year had eight separate opportunities to add features or functionality to Chrome.

The next Safari, which will be bundled with macOS 10.14 'Mojave' and iOS 12, and offered as a separate download for those who stick with macOS High Sierra (10.13) and Sierra (10.12), thus must make its enhancements count.

[ Further reading: 10 must-have Safari extensions ] On the security and privacy side, Safari tries its hardest to build a case. Here are the important ways Apple's browser - which shed user share on both the desktop and on mobile over the past year - has staked its reputation for the next 12 months.

To read this article in full, please click here



Computer World Security News
Jun 21, 2018

Throwback Thursday: Get the picture?
IT director pilot fish at a daily newspaper is reworking the company's entire network. Why? "There is no security," sighs fish. "None, with about 90 users in a peer-to-peer Mac and PC environment."

One night he gets a call from an editor: One of the applications isn't working. It's the one that lets a reporter find a photo on a wire service's website and save it to a folder. The app then moves the folder to a holding folder on another machine, where yet another machine can grab it and put it into the newspaper's production process.

It takes a couple hours of troubleshooting, but fish tracks down the problem. That holding folder? The one that's actually named "Do not touch, do not delete"?

To read this article in full, please click here



Computer World Security News
Jun 19, 2018

Getting hands-on with industrial control system setups at RSA | Salted Hash Ep 31
Host Steve Ragan is joined on the RSA 2018 show floor by Bryson Bort, CEO and founder of SCYTHE, to talk about the ICS Village, where attendees can learn how to better defend industrial equipment through hands-on access to the equipment.

Computer World Security News
Jun 14, 2018

Apple wins praise for adding 'USB Restricted Mode' to secure iPhones
Apple confirmed today it will close a security hole that has allowed law enforcement officials, working with forensic companies, to break into iPhones to retrieve data related to criminal investigations.

In the upcoming release of iOS 12, Apple will change default settings on iPhones to shutter access to the USB port when the phone has not been unlocked for one hour. In its beta release of iOS 11.3, Apple introduced the feature - known as USB Restricted Mode - but cut it from iOS 11.3 before that version was released publicly.

To read this article in full, please click here



Computer World Security News
Jun 14, 2018

Which Android phones get regular security updates? Here's a hint
Here in the land o' Android, wrapping your noggin around the subject of software updates isn't always easy to do.

We've got regular OS updates, sure — and info on the various phone-makers' performance in that domain is readily available, if you (a) know where to find it and (b) are even aware that you should be looking for such data in the first place. But still, that's only one piece of the puzzle.

To read this article in full, please click here



Computer World Security News
Jun 14, 2018

Is your company part of the GDPR 'mobile loophole'?
Mobile tech, and especially mobile brought into companies through BYOD, has unique challenges for companies that need to comply with General Data Protection Regulations (GDPR) — and that's virtually all companies, not just the ones in Europe. The regulations compel companies to manage personal data and protect privacy, and they provide individuals to have a say in what and how data about them is used.

GDPR has several disclosure and control requirements, such as providing notice of any personally identifiable data collection, notifying of any data breaches, obtaining consent of any person for whom data is being collected, recording what and how data is being used, and providing a right for people whose data is being collected to see, modify, and/or delete any information about them from corporate systems.

To read this article in full, please click here



Computer World Security News
Jun 12, 2018

Apple bans cryptocurrency mining apps on iOS to protect mobile users
Using an iPad or iPhone to mine bitcoin or other cryptocurrencies would be hard to do, as the CPU power available to complete the task would be a drop in the bucket compared to what's needed.

But using a portion of the CPU power from thousands of iPads or iPhones to mine cryptocurrency makes more sense - and that's exactly what some malware has been doing.

Apple is now moving to stop the practice.

[ Further reading: The way blockchain-based cryptocurrencies are governed could soon change ]

To read this article in full, please click here



Computer World Security News
Jun 12, 2018

How the Spanish cybercriminal underground operates | Salted Hash Ep 30
Host Steve Ragan reports from the RSA 2018 conference, talking with Liv Rowley, an intelligence analyst at Flashpoint, about Spanish cybercrime, an underground community that poses persistent security risks.

Computer World Security News
Jun 11, 2018

Make sure Windows auto update is temporarily turned off, and watch out for SMBv1 fixes
In May, we saw a host of bugs introduced by the Patch Tuesday "security" patches. By the end of the month, patches for those patches killed almost all of the bugs - even the inability of Win10 version 1803 to run on certain kinds of solid-state drives, including the one in some Surface Pros.

[ Related: Windows 7 to Windows 10 migration guide ] We also saw Microsoft push Win10 version 1803 onto machines that were specifically set to avoid it. I haven't seen any official response to Microsoft's inquiry into the reports, but we now have a sighting of a Win7 machine being pushed onto Win10, in spite of its settings.

To read this article in full, please click here



Computer World Security News
Jun 07, 2018

Apple's Health Record API released to third-party developers; is it safe?
Apple at its Worldwide Developers Conference this week released an API that allows  developers and researchers to create applications that connect to Health Records, a feature released with iOS 11.3 that allows patients to port their electronic health info to mobile devices and share data between care providers.

While the move promises to streamline the sharing of healthcare data, it also could open the door to that highly sensitive data falling into the wrong hands.

To read this article in full, please click here



Computer World Security News
Jun 05, 2018

Learn what the 'zero trust' security model really means | Salted Hash Ep 29
Host Steve Ragan reports from RSA 2018 conference, talking with Wendy Nather, director, advisory CISOs at Duo Security, about how organizations can build a zero trust model, including consistently authenticating users.

Computer World Security News
Jun 02, 2018

May Windows and Office patches are now relatively stable, but Win7 NIC problems persist
At least the really bad bugs, introduced by "security" patches earlier this month, have been fixed. The problems that remain reside in the dregs — not likely to bite, but worth knowing about in case something suddenly goes bump in the night.

And if you're using Win10 1803, you should definitely ask Microsoft for an increase in combat-duty pay. 

The ongoing Win7/Server 2008 R2 patching threat Remember when Win7 was relatively stable? OK, OK; "stable" is a relative term that's unlikely to apply to any version of Windows, but you know what I mean. Win7 and Server 2008 R2 have gone through months of problems with networking in general, and apoplectic network interface cards in particular.

To read this article in full, please click here



Computer World Security News
May 31, 2018

What is Apple hiding with iOS 11.4?
Have you installed iOS 11.4? Once you'd looked at AirPlay 2and Messages in iCloud, did you happen to take a look at the contents of the security updates?

‘Details available soon' If you did you'll have been disappointed.

Apple hasn't disclosed details concerning the security content of the new software. It hasn't revealed anything concerning USB Restricted Mode, which apparently makes it harder for people to hack into your device.

To read this article in full, please click here



Computer World Security News
May 30, 2018

How to use Apple's Messages in iCloud for iOS, Mac
Along with key HomePod improvements, Apple also introduced Messages in iCloud with iOS 11.4. It's a useful feature designed to store your Messages and attachments in iCloud, but enterprise users should think twice before enabling it.

Security is everything I'm not saying iCloud is not secure - so long as you use a six-or more digit passcode or (better, but more awkward) an alphanumeric passcode, it's highly secure. I'm reasonably confident a strong password, Apple's own systems and its insistence you use two-factor authentication is enough for most of us.

To read this article in full, please click here



Computer World Security News
May 30, 2018

Microsoft Patch Alert: Major bugs introduced in May fixed, plenty of problems remain
Once more we have a monthly Windows/Office patch scorecard that needs a guidebook. Or two. And we just got a handful of buried warnings about problems in old patches, plus a brand new way to fry your network interface card.

Thus continues the tradition of two cumulative updates per month for all of the supported Windows 10 versions - that's eight cumulative updates in total - in addition to bobs and weaves and a very long list of acknowledged bugs introduced by recent security patches in Windows 7.

Conflicts with Remote Desktop The strange behavior of the CredSSP update - where the Patch Tuesday fixes for all versions of Windows seemed to break Remote Desktop Protocol with a strange error message: "This could be due to CredSSP encryption oracle remediation" has been resolved.

To read this article in full, please click here



Computer World Security News
May 29, 2018

WWDC: Apple's NFC plan is a big developer opportunity
Apple will open up fresh opportunities for developers as it extends Near Field Communications (NFC) support in iOS to more uses.

NFC: Apple's story so far Apple introduced support for a new NFC framework called Core NFC at WWDC 2017. Developers were pleased, but the implementations were rather limited.

[Also read: WWDC 2018 preview: What can we expect?] Core NFC let developers build apps that read NFC tags, but only for things like visitor attractions and museum exhibitions.

To read this article in full, please click here



Computer World Security News
May 28, 2018

TSB phishing attacks | Salted Hash Ep 33
TSB customers in the U.K. were already frustrated by the bank's technical problems, but now the situation has gotten worse as criminals take advantage of the chaos. Host Steve Ragan looks at recent TSB phishing attacks and the kit that powers them.

Computer World Security News
May 26, 2018

Amazon's Echo privacy flub has big implications for IT
Amazon has confirmed a report that one of its Echo devices recorded a family's conversation and then messaged it to a random person on the family's contact list, who is an employee of a family member.

But Amazon, in a statement emailed to Computerworld, confirmed every privacy advocate's worst nightmare with its explanation: "Echo woke up due to a word in background conversation sounding like 'Alexa.' Then, the subsequent conversation was heard as a 'send message' request. At which point, Alexa said out loud 'To whom?' At which point, the background conversation was interpreted as a name in the customer's contact list. Alexa then asked out loud, '[contact name], right?' Alexa then interpreted background conversation as 'right.' As unlikely as this string of events is, we are evaluating options to make this case even less likely."

To read this article in full, please click here



Computer World Security News
May 25, 2018

Avast blames Microsoft for Win10 1803 upgrade blue screens, nonsensical options
Looks as if we have a solution for the Avast-related blue screens in Win10 1803 upgrades that I talked about earlier this week. Avast heavyweight Ondrej Vlcek chose his words carefully but threw lots of shade at Microsoft for the upgrade installer's bug.

Posting on the Avast forum, Vlcek says:

To read this article in full, please click here



Computer World Security News
May 23, 2018

How your web browser tells you when it's safe
Google last week spelled out the schedule it will use to reverse years of advice from security experts when browsing the Web - to "look for the padlock." Starting in July, the search giant will mark insecure URLs in its market-dominant Chrome, not those that already are secure. Google's goal? Pressure all website owners to adopt digital certificates and encrypt the traffic of all their pages.

The decision to tag HTTP sites - those not locked down with a certificate and which don't encrypt server-to-browser and browser-to-server communications - rather than label the safer HTTPS websites, didn't come out of nowhere. Google has been promising as much since 2014.

To read this article in full, please click here



Computer World Security News
May 22, 2018

How deception technologies use camouflage to attract attackers | Salted Hash Ep 26
Host Steve Ragan reports from the show floor at RSA 2018, where talks with Chris Roberts, chief security architect at Acalvio Technologies, about the benefits and misconceptions of deception technologies.

Computer World Security News
May 21, 2018

Google details how it will overturn encryption signals in Chrome
Google has further fleshed out plans to upend the historical approach browsers have taken to warn users of insecure websites, spelling out more gradual steps the company will take with Chrome this year.

Starting in September, Google will stop marking plain-vanilla HTTP sites - those not secured with a digital certificate, and which don't encrypt traffic between browser and site servers - as secure in Chrome's address bar. The following month, Chrome will tag HTTP pages with a red "Not Secure" marker when users enter any kind of data.

[ Further reading: What's in the latest Chrome update? ] Eventually, Google will have Chrome label every HTTP website as, in its words, "affirmatively non-secure." By doing so, Chrome will have completed a 180-degree turn from browsers' original signage - marking secure HTTPS sites, usually with a padlock icon of some shade, to indicate encryption and a digital certificate - to labeling only those pages that are insecure.

To read this article in full, please click here



Computer World Security News
May 19, 2018

Easy mobile security the Faraday way
Have you heard about those special bags, cases and wallets that protect your electronics from hack attacks?

It's a signal-blocking container, basically a tinfoil hat for your gadget.

Tinfoil hats are associated with conspiracy theorists concerned about secret government mind-control programs. But when it comes to your wireless gadgets, they really are out to get you.

For example: It's not a conspiracy theory to believe that companies you've never heard of are tracking your location.

In the past two weeks, we've learned that a company called Securus Technologies sold the real-time location data of millions of people. It got this data from another company called LocationSmart, which itself was buying the data from AT&T, Sprint, T-Mobile and Verizon.

To read this article in full, please click here



Computer World Security News
May 18, 2018

What is blockchain? The most disruptive tech in decades
Blockchain is poised to change IT in much the same way open-source software did a quarter of a century ago. And in the same way that Linux took more than a decade to become a cornerstone in modern application development, Blockchain will take years to become a lower cost, more efficient way to share information between open and private networks.

But the hype around this seemingly new, secure electronic ledger is real. In essence, blockchain represents a new paradigm for the way information is shared and tech vendors and companies are rushing to figure out how they can use the distributed ledger technology to save time and admin costs. Numerous companies in 2017 began rolling out pilot programs and real-world projects across a variety of industries - everything from financial services to healthcare to mobile payments and even global shipping.

To read this article in full, please click here



Computer World Security News
May 18, 2018

Tech Talk: As GDPR looms, companies rush to comply
For many companies, GDPR has become a four-letter acronym.

The European Union's new General Data Protection Rule - which applies to virtually any kind of data that can be used to identify a person - goes into effect May 25. And companies around the world are rushing to make sure they're in compliance, or at least can demonstrate that they're hard at work trying to meet the EU demands.

[ Further reading: Will blockchain run afoul of GDPR? (Yes and no) ] GDPR is designed to protect personal privacy, (hopefully) make companies more secure from data breaches and force them to get their collective hands around all the data they collect, use and distribute. 

To read this article in full, please click here



Computer World Security News
May 18, 2018

Tech Talk: Prepping for GDPR
CSO's Michael Nadeau and Steve Ragan join Computerworld's Ken Mingis and IDG Communications' Mark Lewis to look at what the new EU privacy rules means. They offer insights on how companies can prepare - and what happens if they don't.

Computer World Security News
May 18, 2018

What is blockchain technology?
Cryptocurrency such as Bitcoin has garnered most of the media coverage and hype to date, but keep your eye on blockchain - this new technology is poised to change IT in much the same way open-source software did a quarter century ago.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact

©1999-2018 CEOExpress Company LLC