NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Jan 17, 2020

3 reasons you can't fight facial recognition
The biometric backlash is but a brief blip. Resistance is futile. You WILL be identified. But is that good or bad?

Computer World Security News
Jan 17, 2020

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.
If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor's nine-year-old, even the bleeping NSA. It's a little patch. Why not just install it and be done with it?

To read this article in full, please click here



Computer World Security News
Jan 16, 2020

Kadena launches a hybrid platform to connect public, private blockchains
Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts - and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

"Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains," said Avivah Litan, a vice president of research at Gartner. "That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain."

To read this article in full, please click here



Computer World Security News
Jan 16, 2020

Kadena launches Chainweb, a hybrid platform to connect public, private blockchains
Brooklyn-based startup Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts - and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

"Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains," said Avivah Litan, a vice president of research at Gartner. "That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain."

To read this article in full, please click here



Computer World Security News
Jan 15, 2020

Windows 7 end of support: Separating the bull from the horns
No, Windows 7 isn't dead.

No, you don't need to buy a Win10 computer. 

No, you don't need to upgrade.

No, you don't need to install the latest Win7 patches right away.

No, Microsoft isn't withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren't disappearing.

No, your Internet Service Provider won't kick you off your network for using Win7.

To read this article in full, please click here



Computer World Security News
Jan 15, 2020

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent
Get ready for your local news station's weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. "Remarkable" specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):


To read this article in full, please click here



Computer World Security News
Jan 15, 2020

Breaking iPhone encryption won't make anyone safer
Imagine all your tax documentation could be examined by officials from any government merely on suspicion. That's the future some governments are pushing for when they demand Apple puts security backdoors into its products.

Making no one safe Think about the nature of security backdoors:

To read this article in full, please click here



Computer World Security News
Jan 15, 2020

3 easy ways to make your Windows network harder to hack
Start the new year off by eliminating common paths for attackers to breach your network.

Computer World Security News
Jan 14, 2020

Microsoft to Windows 7: Beat it, you bum
Microsoft today figuratively told Window 7 - which ended support with a final security update - not to let the door hit it on the way out.

"Ten-year-old tech just can't keep up," Jared Spataro, an executive on the Microsoft 365 team, wrote in a post to a company blog. "As we end support for Windows 7, I encourage you to transition to these newer options right away."

Not surprisingly, Spataro named those newer options as Windows 10 to replace Windows 7, and Office 365 to fill in for the retiring-in-October Office 2010. Combined, they make up the bulk of Microsoft 365, the business subscription plan Microsoft wants all customers to adopt.

To read this article in full, please click here



Computer World Security News
Jan 14, 2020

Feds may already have found a way to hack into Apple iPhones
After Apple turned down a request by U.S. Attorney General William Barr this week to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to already have the tools needed to access the smartphones.

Apple turned down a request from U.S. Attorney General William Barr saying it would  not help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani. He is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here



Computer World Security News
Jan 14, 2020

Apple refuses latest government iPhone-unlock request
Apple turned down a request from U.S. Attorney General William Barr this week,  saying it will not help unlock two iPhones used by a terrorist suspect last month in the deadly shooting at the Naval Air Station in Pensacola, Fla.

Barr said the shooter, 21-year-old Mohammed Saeed Alshamrani, acted alone when he shot and killed three service members and wounded several others, including two sheriff's deputies responding to the attack. Alshamrani, a member of the Saudi Air Force and an aviation student at the base, was shot dead on the scene by police.

To read this article in full, please click here



Computer World Security News
Jan 14, 2020

Today's Patch Tuesday brings fireworks and — a magic bullet?
Over the past few years we've seen a few security holes that have drawn Chicken Little warnings and vast amounts of unthinking press reports. When you turn on a local news program and hear from the hometown weather reporter that you really need to get Windows patched, a bit of skepticism might be in order.

Today's Patch Tuesday appears to be headed down the same well-worn chute.

Brian Krebs, the security guru with impeccable credentials, fired an opening salvo in his blog post yesterday:

To read this article in full, please click here



Computer World Security News
Jan 14, 2020

Seven high points of Windows 7
Today Microsoft issues its final free security update for Windows 7, putting an end to that operating system's decade.

To remember that service - a retirement party but without the cloyingly-sweet cake and cheap gold watch - Computerworld selected seven highlights of Windows 7. While the seven do not pretend to trace Windows 7's history, they illustrate the influence and impact of the OS.

Here's to Windows 7. Raise a glass, for cryin' out loud.

It salvaged Microsoft's reputation after the Vista debacle The numbers say it all.

Windows Vista, the 2006 replacement for Windows XP, topped out at 20% of all Windows versions in October 2009. Even though the OS it followed was long in the tooth - XP was nearly twice the age of a typical version when it was supplanted - Vista struggled to put a dent in its forerunner's share.

To read this article in full, please click here



Computer World Security News
Jan 14, 2020

Saying goodbye to Windows 7 isn't easy, but you must
Listen, I get it. Windows 7 has worked really well. After the Vista fiasco, you were so happy to get a decent version of Windows. You dodged the Windows 8.x sinkhole, and, boy, were you glad! Then, you thought about Windows 10, but 7 just did the job so you stuck with it, and then you felt vindicated because of Windows 10's dodgy upgrades and patches. Now, today, Jan. 14, 2020, Windows 7 has reached its end of life, and either you've upgraded to Windows 10 or you're working on another Windows 7 alternative like Chrome OS, macOS or Linux, right?

To read this article in full, please click here



Computer World Security News
Jan 09, 2020

Mozilla patches Firefox zero-day as attackers exploit flaw
Just one day after releasing Firefox 72, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.

On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as CVE-2019-17026. "We are aware of targeted attacks in the wild abusing this flaw," Mozilla said in the short description of the flaw, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.

To read this article in full, please click here



Computer World Security News
Jan 09, 2020

Your Windows PC may become collateral damage in any conflict with Iran
When Iran launches cyberattacks in revenge for the killing of Major Gen. Qasem Soleimani — which it almost certainly will do — the attack vector, as always, will be Windows. And when that happens, your PC and your business's PCs will be right in the crosshairs. Here's why — and how you can protect your machines and your business.

A long history of U.S.-Iranian cyberwarfare To understand the coming cyberattacks, it's useful to look back. For more than a decade, the U.S. and Iran have engaged in low-level cyberwarfare, with occasional bursts of higher-level attacks. The most destructive of them was Stuxnet, launched in 2009 by the U.S. and Israel against Iran's nuclear program. It exploited four zero-day flaws in Windows machines, which controlled the centrifuges Iran used to create nuclear material that can be used in nuclear weapons.

To read this article in full, please click here



Computer World Security News
Jan 08, 2020

Apple wants privacy laws to protect its users
Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know - and a bunch more personal information, too.

The snag with your device knowing all this information is that once the data is understood, that information can be shared or even used against you.

Information is power Jane Horvath, Apple's senior director for global privacy, appeared at CES 2020 this week to discuss the company's approach to smartphone security. She stressed the company's opposition to the creation of software backdoors into devices, and also said:

To read this article in full, please click here



Computer World Security News
Jan 08, 2020

Apple's wants privacy laws to protect its users
Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know - and a bunch more personal information, too.

Information is power The snag with your device knowing all this information is that once the data is understood than that information can be shared or even used against you.

Jane Horvath, Apple's senior director for global privacy, appeared at CES 2012 to discuss the company's approach to smartphone security.

To read this article in full, please click here



Computer World Security News
Jan 08, 2020

How to fix insecure LDAP binds
Prevent Windows admin credentials from being exposed in cleartext with this tip.

Computer World Security News
Jan 07, 2020

FAQ: Last-minute answers about Windows 7's post-retirement patches
A week from now, Microsoft will serve customers with the last for-free Windows 7 security update, in effect retiring the 2009 operating system.

However, hundreds of millions of personal computers will still power up thanks to Windows 7 on Jan. 14, and for an indeterminate timespan after that date. Windows 7 may be retiring, but it's not disappearing.

Microsoft admitted as much more than a year ago when it announced Extended Security Updates (ESU), a program for commercial customers who needed more time to ditch Windows 7. ESU would provide patches for some security vulnerabilities for as long as three years. For a fee.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 06, 2020

Microsoft Patch Alert: December patches hang Win7 Pro endpoints and force Server 2012 reboots
It was the kind of month admins dread: Mysterious problems on hundreds of machines, with no apparent cause or cure. Toss in the holidays, and we had a whole lot of Mr. and Ms. Grinches in the industry.

Fortunately, it looks like the problems have been sorted out at this point. Individual users had many fewer problems. Microsoft's left and right hands still aren't talking on the 1909 team, but what else is new…

Win7 hang on 'Preparing to configure Windows' Microsoft dropped a new Servicing Stack Update for Windows 7 on Dec. 10, and it gummed up the works for many. Here's a good summary on Reddit from poster Djaesthetic:

To read this article in full, please click here



Computer World Security News
Jan 06, 2020

Top 3 enterprise tech trends to watch in 2020
If blockchain felt more like hype than reality in 2019, prepare for that to change. Industry watchers expect 2020 to be the year the distributed ledger technology matures and we see use cases that go beyond cryptocurrency.

Areas where experts envision growth include data security, the supply chain and electronic health records.

"Someone's gonna hit me, but I think blockchain as it relates to data security (think access management) is going to have some landmark use cases in 2020," Siobhan Climer, science and technology writer at Mindsight, said during a recent IDG TECH(talk) Twitter chat.

To read this article in full, please click here



Computer World Security News
Jan 06, 2020

Amid privacy and security failures, digital IDs advance
Frustration over a growing number of privacy and security failuresin recent years is driving the creation of digital identities controlled only by those whose information they contain.

Known as "self-sovereign identities," the digital IDs will be used by consumers, businesses, their workers and governments over the next few years to verify everything from credit worthiness and college diplomas to licenses and business-to-business credentials.

"We are slowly graduating from crawling to walking. It takes one to two years 'til we have reliable capabilities to spark meaningful decentralized identity adoption," said Homan Farahmand, a senior research director at Gartner. "A major non-technical hurdle is for organizations to learn the concept and take the necessary steps to appropriately adapt their business processes to decentralized identity ecosystems."

To read this article in full, please click here



Computer World Security News
Jan 03, 2020

Will spam die in 2020?
The problem with spam isn't that it's a time-wasting annoyance, but that it drives us away from phone calls and emails to bad media.

Computer World Security News
Jan 03, 2020

Windows vulnerability
Pilot fish is working at a bank, but it's the 1970s, and ATMs are far from common. What this bank has is an after-hours teller window, available from 3 to 7 p.m. It's located in a small enclosure accessible from the street, and its operation involves a human teller working behind a reinforced-concrete wall.

When the bank develops an online customer system, the night teller is chosen as the testing ground, because the new system will allow for instant posting of deposits instead of waiting for the next day. And fish, a computer science major, will serve as teller/guinea pig.

But first, a new window has to be constructed, right next to the two-story glass façade of the bank. The work includes putting the cabling inside heavy steel pipes to ensure that no one can tap into them.

To read this article in full, please click here



Computer World Security News
Jan 02, 2020

How to get maximum protection from MFA in Office 365
Follow these steps to ensure your multi-factor authentication for Office 365 is effective.

Computer World Security News
Dec 31, 2019

Ultra Wideband (UWB) explained (and why it's in the iPhone 11)
One of the new chips in this year's crop of iPhones is the U1; it provides Ultra Wideband (UWB) connectivity that, in conjunction with Internet of Things (IoT) technology, could offer a myriad of new services for enterprises and consumers.

As Apple puts it, UWB technology offers "spatial awareness" - the ability for your phone to recognize its surroundings and the objects in it. Essentially, one iPhone 11 user can point his or her phone at another and transfer a file or photo.

While the technology isn't new, Apple's implementation marks the first time UWB has been used in a modern smartphone.

What is Ultra Wideband? UWB is a short-range, wireless communication protocol that - like Bluetooth or Wi-Fi - uses radio waves. But it differs substantially in that IT operates at a very high frequency. As its name denotes, it also uses a wide spectrum of several GHz. One way to think of it is as a radar that can continuously scan an entire room and precisely lock onto an object like a laser beam to discover its location and communicate data.

To read this article in full, please click here



Computer World Security News
Dec 30, 2019

Most popular tech stories of 2019
Insider Pro subscribers pick the Top 10 articles published in our debut year.

Computer World Security News
Dec 26, 2019

Top tech stories of 2019
The new Apple Card, the battle for cryptocurrency dominance, cybersecurity skills shortage - just a few of the stories that made headlines in 2019. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp discuss the top tech stories of the year.

Computer World Security News
Dec 24, 2019

How to make the most of Microsoft's new Compliance Score Console
This new Microsoft 365 feature can help you stay in compliance with regulations like GDPR and better protect data.

Computer World Security News
Dec 18, 2019

Microsoft blinks: Security Essentials will continue to receive updates after Jan. 14
Late last week, I talked about a discrepancy in Microsoft's promised handling of Microsoft Security Essentials as Windows 7 reaches end of support. An internally inconsistent official announcement seemed to say that MSE signature file updates would stop — even for those who have paid for Extended Security Updates. 

Which is absurd. Why would Microsoft stop updating its antivirus program even for people who are paying to continue receiving Monthly Rollup patches?

To read this article in full, please click here



Computer World Security News
Dec 18, 2019

How bad can text security be? One company just showed us.
There is nothing more quintessentially mobile than text messages, the most commonly used communication method today. That's why it was very unsettling that a security research house found — and the vendor at issue essentially confirmed — that a massive number of text messages were stored in plaintext, with no security at all. In short, the texts from what the security research firm estimated were "hundreds of millions of people" were open to any thief or stalker who wanted to look.

The company involved, an Austin-based business called TrueDialog, would likely be unknown to almost all of those users. TrueDialog is a marketing firm offering SMS products and services to other companies — a lot of companies. That will make it hard for consumers to even know if their texts were victimized. Text message users were able to text back, giving the impression of having two-way conversations with businesses.

To read this article in full, please click here



Computer World Security News
Dec 18, 2019

How to protect the enterprise from holiday attacks
Attackers often take advantage of the holidays to launch attacks. Use these Microsoft settings to deter them.

Computer World Security News
Dec 13, 2019

Will Microsoft stop updating its Security Essentials on Jan. 14? Are you sure?
You know that businesses will be able to pay for Win7 security patches after Win7 hits end-of-life on Jan. 14. Many of Microsoft's Extended Security Update program details aren't clear to me — How does a very small business buy ESU? Why is Microsoft releasing Edge on Win7 the day after it goes end-of-life? Will that new full-screen nag keep coming back? — but there's one loose end that sits in the middle of my confusion.

To read this article in full, please click here



Computer World Security News
Dec 13, 2019

The usual suspects
One morning Wilma, the print shop manager at a beer distributor, discovers that her computer has a virus. It's no big deal — sometimes bad things happen to good computers — so she cleans up the system and gets on with her day.

But a few days later the system is infected again.

Considerably more annoyed this time, she contacts Betty (the company's sole IT person) to get some assistance and make sure the system is 100% clean. After disinfecting the system, Betty checks the browser history and finds that someone has been making late-night visits to X-rated websites.

The question then becomes, Who is using company resources to watch porn? At most companies, suspicion would immediately fall on the nighttime cleaning crew. But the print shop is located in the warehouse, to which the cleaning crew doesn't have access.

To read this article in full, please click here



Computer World Security News
Dec 11, 2019

Apple is forcing the ad industry to change
Advertising has become too personal.

Modern systems learn too much about your personal life, tastes and aspirations, and while this is manna from heaven for advertisers, it's an invasion of privacy for many. And Apple is changing the equation.

Intelligent Tracking Prevention Apple has built a technology that reduces the quantity of data advertisers can harvest from your online life. It is called Intelligent Tracking Prevention and The Information tells us that since the technology debuted in 2017:

To read this article in full, please click here



Computer World Security News
Dec 11, 2019

Apple is forcing the ads industry to change
Advertising has become too personal.

Modern systems learn too much about your personal life, tastes and aspirations, and while this is manna from heaven for advertisers, it's an invasion of privacy for the many. And Apple is changing the equation.

Intelligent Tracking Prevention Apple has built a technology that reduces the quantity of data advertisers can harvest from your online life. It is called Intelligent Tracking Prevention and The Information tells us that since the tech debuted in 2017:

To read this article in full, please click here



Computer World Security News
Dec 11, 2019

Patch Tuesday brings a reprise of the Autopilot debacle, now quashed, and another Win7 nag
Patch Tuesday in December rarely brings anything worthwhile — everybody's on vacation, or wants to be on vacation — and this month's no exception. We got patches for 36 separately identified security holes and two new advisories, full of sound and fury but covering very little.

The one "exploited" security hole — CVE-2019-1458 Win32k Elevation of Privilege Vulnerability — shouldn't cause any heartburn. Microsoft says:

To read this article in full, please click here



Computer World Security News
Dec 11, 2019

How to secure your domain name services
Follow these steps to protect your websites at the server and workstation.

Computer World Security News
Dec 11, 2019

Blockchain/IoT integration accelerates, hits a 'sweet spot'
Three-quarters of companies implementing IoT have already adopted blockchain or plan to use it by the end of 2020, an indicator of the growing connection between the two, according to a survey of 500 U.S. companies by Gartner.

While the marriage between the two technologies has been expected to be crucial for  industry digital transformation, the adoption rate is happening at a "much faster pace than expected," Gartner said.

"Among the blockchain adopters, 86% are implementing the two technologies together in various projects," Avivah Litan, a Gartner vice president and report author,  wrote in a blog. She called IoT integration "a sweet spot" for blockchain, the much-hyped distributed ledger technology.

To read this article in full, please click here



Computer World Security News
Dec 11, 2019

Blockchain/IoT integration accelerates, hits a 'sweet spot' for the two technologies
Three-quarters of companies implementing IoT have already adopted blockchain or plan to use it by the end of 2020, an indicator of the growing connection between the two, according to a survey of 500 U.S. companies by Gartner.

While the marriage between the two technologies has been expected to be crucial for  industry digital transformation, the adoption rate is happening at a "much faster pace than expected," Gartner said.

"Among the blockchain adopters, 86% are implementing the two technologies together in various projects," Avivah Litan, a Gartner vice president and report author,  wrote in a blog. She called IoT integration "a sweet spot" for blockchain, the much-hyped distributed ledger technology.

To read this article in full, please click here



Computer World Security News
Dec 10, 2019

Android security checkup: 16 steps to a safer phone
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.

As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)

To read this article in full, please click here



Computer World Security News
Dec 09, 2019

Microsoft to end updates to Windows 7's free AV software, Security Essentials
Microsoft will not provide new malware signatures for its home-grown Security Essentials software after it retires Windows 7 in five weeks.

"No, your Windows 7 computer is not protected by MSE ((Microsoft Security Essentials)) after January 14, 2020," the company said in a support document mainly concerned about the Extended Security Updates (ESU) being shilled to enterprises. "MSE is unique to Windows 7 and follows the same lifecycle dates for support."

[ Related: Windows 7 to Windows 10 migration guide ] Security Essentials, a free antivirus (AV) program that launched in 2008, was originally limited to consumers. However, in 2010, Microsoft expanded the licensing to small businesses, defined as those with 10 or fewer PCs. Two years after that, MSE was replaced by Windows Defender with the launch of Windows 8.

To read this article in full, please click here



Computer World Security News
Dec 06, 2019

All about the latest iPhone location privacy scare
That story going round that claims iPhone 11 devices are secretly harvesting your location information even though you've told them not to do so? You don't need to worry about it, and here's why:

What's the story?   The tale begins when a security researcher noticed the devices seemed to be sending out location data even when Location Services were switched off on the iPhone.

He thought this was weird, but Apple reassured him that this was "expected behaviour" - and while the company took a little time to figure out what to say about this, it's answer is convincing, once you know what it means.

What Apple said The matter relates to iPhone 11's U1 chip, which brings in an exciting (yet veteran) technology called Ultra Wideband (UWB).

To read this article in full, please click here



Computer World Security News
Dec 05, 2019

All's clear to install Microsoft's November patches
The November passel of patches didn't include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.

If you install patches manually one by one ("Group B," which I don't recommend for mere mortals), you need to make sure you have the proper Servicing Stack Updates in place. They've all changed in the past month.

To read this article in full, please click here



Computer World Security News
Dec 05, 2019

Throwback Thursday: Bank error in your favor, collect $100,000
It's the late 1980s, and this pilot fish is working as a teller at small suburban bank with a few branches.

"Automation is catching on, but slowly," says fish. "We have terminals to process deposits, withdrawals and money orders — but at the end of the day, the branch manager still takes our totals and enters them into a handwritten ledger."

The terminals use a text-based menu for everything, but for some operations that require a manager's approval — say, printing a cashier's check — the manager must walk over, hold down an override key and type in a password to let the teller access the check-printing menu.

Fish notices that the console beeps now and then during the password process. But it doesn't happen every time, and there's no pattern he can detect.

To read this article in full, please click here



Computer World Security News
Dec 03, 2019

Microsoft Patch Alert: November patches behave themselves - with a few exceptions
What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches - including two .NET non-security previews that apparently did nothing - but that's the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped "exploited" zero-day security hole in Internet Explorer (again) that didn't amount to a hill of beans (again).

To read this article in full, please click here



Computer World Security News
Dec 02, 2019

How blockchain will kill fake news (and four other predictions for 2020)
As blockchain's hype cycle continues to befuddle many about its potential beyond  cryptocurrencies, businesses and governments are moving ahead with projects involving everything from digital identities to voting and supply chain tracking.

Blockchain has slipped into the "Trough of Disillusionment" (see Gartner Hype Cycle), because it got ahead of its technical and operational maturity. As a result, interest has waned as most experiments and implementations failed to provide expected results.

To read this article in full, please click here



Computer World Security News
Nov 27, 2019

7 mobile security threats that may catch you by surprise
Even if you're usually savvy about cybersecurity, anyone can have a vulnerable moment (in our writer's case, it was his mother's funeral).

Computer World Security News
Nov 27, 2019

Apple confirms HomeKit-secured CCTV and router systems
Apple has at last confirmed which routers and smart home security systems will support the HomeKit Secure Video and HomeKit-enabled routers systems it introduced in iOS 13.

Safe as houses? HomeKit Secure Video and HomeKit-enabled routers patch two of the bigger gaps in smart home security coverage: they give users strong control over who can access video captured in your home and also provide a welcome additional barrier against hackers and others attempting to break into home networks via the router.

To read this article in full, please click here



Computer World Security News
Nov 25, 2019

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Nov 25, 2019

Why isn't Apple (yet) supporting Tim Berners-Lee to 'save the web'?
Apple isn't (yet) among the signatories for a global campaign to save the web launched by Tim Berners-Lee.

I hope this is something the company plans to change.

What's the story? Berners-Lee, inventor of the web, is concerned that the web is becoming a forum for political manipulation, fake news, privacy violations and other harms that he fears may plunge us all into what he calls "digital dystopia."

He's launched a new global action plan and is asking governments, companies and individuals to commit to protecting the web and ensuring it benefits humanity.

"The power of the web to transform people's lives, enrich society and reduce inequality is one of the defining opportunities of our time," he said.

To read this article in full, please click here



Computer World Security News
Nov 21, 2019

Blackberry refreshes its UEM suite, focuses on zero-trust access
BlackBerry has unveiled several updates to its enterprise mobility security platform, offering three new UEM peoducts aimed at enabling secure access to tools, applications and files based on a zero-trust architecture.

The trio of new suites are add-ons to BlackBerry's flagship Enterprise Mobility Suite, aimed at enhancing productivity, collaboration and workforce agility.

To read this article in full, please click here



Computer World Security News
Nov 21, 2019

The 5 true takeaways from Android's camera vulnerability circus
I don't know if you've read much news this week, but it seems the sky is falling and we're all terribly doomed.

No, I'm not talking about that news — as usual, that's another column for another publication — but rather the news that a security flaw in some Android camera apps could turn our phones into privacy-plundering spy portals and bring an end to human life as we know it.

I mean, have you seen some of these headlines?!

"Hundreds of millions of Android phone cameras can be hijacked by spyware" "Android flaw lets rogue apps take photos, record video even if your phone is locked" "An Android flaw lets apps secretly access people's cameras and upload the videos to an external server" Holy hibiscus, Henry! Even I'm trembling from all of that, and I know it's a bunch of misguided, sensationalized hooey.

To read this article in full, please click here



Computer World Security News
Nov 21, 2019

Throwback Thursday: See if you can wriggle out of this one
It's several years ago during a major virus outbreak — if you know your history of computer viruses, you can narrow it down — and a user at a remote site calls this pilot fish to complain that her computer won't let her get any work done.

"I asked her if she had called the local technician — who worked for me — and she replied that she had called him numerous times but he had not picked up his phone," says fish. "I told her I would take care of it."

Fish calls his tech, who says he has spoken to the user each time she called and explained to her that he'll help her as soon as he can, but he's finishing work in another area.

That satisfies fish, who goes back to his own work. And soon he gets a message from his tech, sent from the irate user's email account, reporting that the tech checked the user's PC, found a virus and removed it, and updated the PC's virus definitions. Case closed.

To read this article in full, please click here



Computer World Security News
Nov 20, 2019

Facebook's iOS 'bug' secretly filmed users. IT, take note.
News reports last week — subsequently confirmed by a Facebook executive's tweet — that the Facebook iOS app was videotaping users without notice should serve as a critical heads up to enterprise IT and security execs that mobile devices are every bit as risky as they feared. And a very different bug, planted by cyberthieves, presents even more frightening camera-spying issues with Android.

On the iOS issue, the confirmation tweet from Guy Rosen, who is Facebook's vice president of Integrity (go ahead and insert whatever joke you want about Facebook having a vice president of integrity; for me, it's way too easy a shot), said, "We recently discovered our iOS app incorrectly launched in landscape. In fixing that last week in v246, we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped. We have no evidence of photos/videos uploaded due to this."

To read this article in full, please click here



Computer World Security News
Nov 20, 2019

Security lessons from a Mac-only fintech company
Apple remains a highly secure choice for enterprise professionals, but security threats remain and the environment requires sophisticated endpoint management tools, confirmed Build America Mutual (BAM) CTO, David McIntyre.

The Mac only bank BAM is one of the leading U.S. municipal bond insurers and has insured over $65 billion since launch in 2012. It also has the rare distinction of being a fintech firm that is completely based on Macs.

To read this article in full, please click here



Computer World Security News
Nov 20, 2019

How make a Windows disaster recovery kit
Make your own disaster checklist and recovery toolkit before trouble happens.

Computer World Security News
Nov 19, 2019

Microsoft starts releasing fixes for Access bugs introduced in Office security patches this month
Although we've been promised no "C" or "D" week second cumulative updates for the rest of the year — at least for Windows — Microsoft has acknowledged a bug it created in last week's Patch Tuesday Office patches, and now promises that it'll update the bad fixes on most machines this week or next. Those are "C" week and "D" week, respectively.

The cause du jour: a bug in all of this month's Office security patches that throws an error in Access saying, "Query xxxx is corrupt," when in fact the query in question is just fine. Microsoft describes the erroneous error message on its Office Support site:

To read this article in full, please click here



Computer World Security News
Nov 18, 2019

Mobile security perceptions don't approach reality. And that's a problem.
In general, security vendors love consumer surveys where consumers say that they would never, ever, ever do business with a retailer or a bank with poor security practices. But consumers have historically been terrible predictors of their own behavior, and they also tend to tell retailers and banks what they want to hear, rather than the truth.

And the truth, based on the public financial filings of plenty of companies that have suffered public data breaches, is that consumers — partially thanks to zero liability programs from the payment card companies — tend to not change retailers or banks when such data breaches happen. Why? Quite a few reasons. First, zero liability sees to it that they don't lose any money (it actually limits losses to $50, but almost no business enforces that, and they tend to simply eat all of the consumer losses). If consumers lost large amounts of money from breached retailers or banks, yes, they'd flee, but that doesn't happen.

To read this article in full, please click here



Computer World Security News
Nov 15, 2019

What you need to know about new data-security rules for business travel
From U.S. Customs agents to cybercriminals, everyone wants to copy the data on your phone and laptop. Here's how to protect your rights and also avoid industrial espionage.

Computer World Security News
Nov 14, 2019

Balancing patient security with healthcare innovation | TECH(talk)
Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James, CIO of Net Health, joins Juliet to discuss why attackers target healthcare organizations, Google's Project Nightingale and what it means for a tech giant to have access to the medical data of millions of people.

Computer World Security News
Nov 13, 2019

Get 70% off NordVPN Virtual Private Network Service 3 months free - Deal Alert
Safeguard yourself against snoops, and access blocked content with this no-log VPN service. NordVPN has discounted their popular VPN software 70%, with 3 extra months on top. Use our link and see the discount applied when you click "buy now".

Computer World Security News
Nov 13, 2019

Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more 'optional' patches this year
The patches haven't yet been out for 24 hours and already we're seeing a lot of activity. Here's where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109  Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:


To read this article in full, please click here



Computer World Security News
Nov 11, 2019

Patch Tuesday alert: Make sure Windows Auto Update is temporarily disabled
For those of you who haven't patched since May, there's exceedingly bad news on the horizon. Per Catalin Cimpanu at ZDNet, Metasploit's working-but-just-barely BlueKeep exploit is about to get a significant bug fix. That'll put BlueKeep infection capabilities in the hands of mere mortals. The script kiddies won't be far behind.

If you're using — or you know someone who's using — Windows XP, Vista, Win7, Server 2003, Server 2008 or Server 2008 R2, get patched now. The fix is easy. Even  Aunt Martha can handle it.

To read this article in full, please click here



Computer World Security News
Nov 08, 2019

Why you should begin using Sign in with Apple
Apple has published lots of information explaining how its newly introduced Sign in With Apple service solves a problem most of us didn't know existed and which many of us would very much like to solve.

Who watches the watchmen? The issue:

Most social sign-in services act a little like people-tracking honey pots: You come to use a website or service and stay because the people providing the authorization use that moment to gather even more information about what you do.

What happens is that the persistent identity used by those services can be combined with other data to identify where you go, what you look for and more.

To read this article in full, please click here



Computer World Security News
Nov 07, 2019

How to harden web browsers against cyberattacks
Use these techniques to limit attackers' ability to compromise systems and websites.

Computer World Security News
Nov 07, 2019

Printers: The overlooked security threat in your enterprise | TECHtalk
Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

Computer World Security News
Nov 07, 2019

Duck Duck Go gives Mac users even more privacy
People are finally waking up to the importance of privacy and the risk of entities over whom you have no control hoovering up the details of our digital lives, and that's why the latest news from Duck Duck Go is so worthwhile.

Apple's good privacy just got better We know Apple is working to protect our privacy - its newly updated privacy website shares a huge amount of information on this, while the newly-published Safari white paper confirms the browser's privacy protections include (among other things):

To read this article in full, please click here



Computer World Security News
Nov 07, 2019

Duck Duck Go offers Mac users even more privacy
People are finally waking up to the importance of privacy and the risk of entities over whom we have no control hoovering up the details of our digital lives, and that's why the latest news from Duck Duck Go is so worthwhile.

Apple's good privacy just got better We know Apple is working to protect privacy - its newly updated privacy website shares a huge amount of information on its efforts, while the newly-published Safari white paper confirms the browser's privacy protections include (among other things):

To read this article in full, please click here



Computer World Security News
Nov 06, 2019

Apple updates its privacy pages, and you should take a look
Apple has updated its Privacy website and published several white papers explaining its approach to the topic and how its products protect your privacy.

Apple is offering more information than ever The updated website delivers much more information than before with a broad overview of what the company is doing. It includes pages detailing features and controls as well as its privacy policy and transparency report. 

The site also offers a selection of approachable white papers that explain how the privacy controls in Safari, Location Services, Photos and Sign-in With Apple work. These contain a huge amount of information on Apple and its services.

To read this article in full, please click here



Computer World Security News
Nov 06, 2019

Apple updates its privacy pages; you should take a look
Apple has updated its privacy website and published several white papers explaining its approach to the issue and how its products protect your privacy.

Apple offers more information than ever The updated website delivers much more information now, with a broad overview of what the company is doing. It details features and controls as well as the company's  privacy policy and transparency report. 

The site also offers a selection of understandable white papers that explain how  privacy controls work in Safari, Location Services, Photos and Sign-in With Apple. These contain a large amount of information on Apple and its services.

To read this article in full, please click here



Computer World Security News
Nov 05, 2019

Boeing's insecure networks threaten security and safety
Aircraft manufacturer Boeing's insecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Computer World Security News
Nov 05, 2019

Boeing's unsecure networks threaten security and safety
Aircraft manufacturer Boeing's unsecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Computer World Security News
Nov 05, 2019

Microsoft Intune can now block unauthorized BYOD hardware
Microsoft has integrated third-party mobile threat defense (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee's unenrolled, smartphone or tablet has an app potentially infected by malware.

The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.

[ Related: How to get the most from Microsoft Intune ] The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. "In future, we expect other partners to add support for this integration," Microsoft said via a Monday blog post released during its Ignite conference.

To read this article in full, please click here



Computer World Security News
Nov 04, 2019

Do you really need a Chief Mobility Officer? (Spoiler alert: nope)
While one in three large enterprises has a chief mobility officer (CMO), according to one survey, that role is now largely duplicative and unnecessary - and creating it can hit a company's bottom line.

Management consultancy Janco Associates, which lists job descriptions and conducts bi-annual salary surveys, last week updated its description of a Chief Mobility Officer (CMO) to include privacy compliance policies in light of the California Consumer Privacy Act (CaCPA), which goes into effect in January.

[ Related: How to get the most from Microsoft Intune ] "As the use of personal mobile devices, social networking, and compliance requirements expand, organizations are faced with a dilemma. How can they balance privacy compliance mandates like CaCPA with business continuity, security, and operational needs in an ever more complex operating environment?" said Victor Janulaitis, CEO of Janco Associates.

To read this article in full, please click here



Computer World Security News
Nov 01, 2019

With a few exceptions, all's clear to install Microsoft's October patches
If you had automatic update turned on at the beginning of October, you got clobbered with a bug-infested, out-of-band update for an IE-related zero-day that never appeared in real life. Later in the month, those with automatic update turned on were treated to a wide assortment of bugs (Start and Search fails, RDP redlines, older Visual Basic program blasts) - only some of which were solved with the month's final, optional, non-security patches.

To read this article in full, please click here



Computer World Security News
Oct 31, 2019

Google strengthens Chrome's site isolation to protect browser against its own vulnerabilities
Google is telling Chrome users that it has extended an advanced defensive technology to protect against attacks exploiting vulnerabilities in the browser's Blink rendering engine.

Chrome 77, which launched in September but was supplanted by Chrome 78 on Oct. 22, received the beefed-up site isolation, wrote Alex Moshchuk and Lukasz Anforowicz, two Google software engineers, in an Oct. 17 post to a company blog. "Site Isolation in Chrome 77 now helps defend against significantly stronger attacks," the two said. "Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors."

To read this article in full, please click here



Computer World Security News
Oct 30, 2019

How to and why you should disable LLMNR with Windows Server
Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it's best to disable the protocol when setting up Windows Server 2019.

Computer World Security News
Oct 29, 2019

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs
October started out on an extraordinarily low note. On Oct. 3, Microsoft released an "out of band" security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here



Computer World Security News
Oct 29, 2019

Earn your IoT security certification
Insider Pro is teaming up with CertNexus to offer subscribers access to an online course that leads to a Certified IoT Security Practitioner (CIoTSP) certification.

Computer World Security News
Oct 28, 2019

Memory-Lane Monday: Please tell me his name wasn't Jones
Pilot fish and his help desk colleagues do a lot of password resets and have learned that it's best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.

But some forgetfulness is more normal than others, finds fish, who told one user, "I'm going to reset your password to your last name, with the first letter capitalized."

Reports fish: "He said, ‘Wait a minute. Let me get a pencil and paper to write that down.

"I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.

"Surreal doesn't even begin to describe how this felt!"

To read this article in full, please click here



Computer World Security News
Oct 25, 2019

Name game
This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.

When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can't get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.

To read this article in full, please click here



Computer World Security News
Oct 23, 2019

How to double-check permissions post migration from Windows 7
It pays to make sure all permissions in your Windows environment are correct after migrating from Windows 7 or Server 2008 R2. Here's how to check.

Computer World Security News
Oct 22, 2019

Your best defense against insider threats | TECH(talk)
When employees are your weakest link, companies must have programs in place to prevent them from accidentally or intentionally putting the organization at risk. Watch as TECHtalk hosts Ken Mingis and Juliet Beauchamp discuss various options with CSO's Lucian Constantin.

Computer World Security News
Oct 22, 2019

5 big buts about the Pixel 4 phone
Look, I'll just come out and say it: I'm a big believer in buts.

Now, hang on a sec: You haven't accidentally stumbled onto the world's last remaining Sir Mix-a-Lot fan site. (If only!) No, the buts of which I speak at this particular moment are the single "t" variety — as in, the contradictory kinds of statements that are so frequently missing when we talk about technology.

You know what I'm talking about, right? Here in these tribal times of 2019, it's all too easy to fall into a pattern of seeing a certain sort of product or type of device as being either "awesome" or "inferior," with little gray space in between those extremes. You've used this kind of smartphone for years now, damn it, so it has to be the best! And that other company's devices are, like, obviously awful. They're from the competing team! They could never be worth your while.

To read this article in full, please click here



Computer World Security News
Oct 21, 2019

Train to be a certified cyber security professional for just $39
Cyber crime is responsible for a staggering amount of damage and chaos around the world. Want to be a part of the solution? Then train for a career in this demanding field with The A to Z Cyber Security and IT Certification Training Bundle.

This e-training bundle is perfect for anyone who has an interest in putting a stop to cyber crime. It includes twelve courses that'll introduce students to ethical hacking methods, show them how to test a network for weaknesses, and identify problems so they can be fixed prior to being exploited. It's fast, flexible, and you can even apply your training in preparation for several certification exams

To read this article in full, please click here



Computer World Security News
Oct 21, 2019

Utah county moves to expand mobile voting through blockchain
Disabled voters in Utah County will be able to use their smartphones to vote in the November municipal election, an expansion of an earlier pilot test of the blockchain-based technology and anothert step toward allowing all voters to cast ballots with a mobile device.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies, a non-profit focused on expanding mobile voting nationally. The latest pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here



Computer World Security News
Oct 21, 2019

But I'm still me
Longtime user at a big bank can't access the archiving system, the intranet kicks her back to the login screen, and the attendance system that pilot fish supports never heard of her. She's frantic to be recognized by the system, and she starts flooding the IT department with calls — not just the help desk, but operations and individual IT employees as well.

Everyone who gets a call is solicitous and sympathetic, and they all run down the list of questions that could rule out scenarios. Did she get a new PC? No. Did she change offices? No. Is anyone else affected? No. So what is going on?

The answer is simple after all. The woman had just gotten married, and upon her return from her honeymoon, she started using her new last name with every application — without first requesting to have her name changed in any applications. What isn't so simple is understanding why she never thought to try logging in with her maiden name.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Can Facebook's Libra cryptocurrency survive the exodus?
After the withdrawal of seven of the 29 founding members of the Libra Association, the governing council for Facebook's planned global cryptocurrency, the project's fate  looks increasingly uncertain.

PayPal, Visa, Mastercard, eBay, Stripe, Mercado Pago and Brooking Holdings have backed away from participation on the Libra Association; their hands were forced when  all members met Monday in Switzerland for formalize their commitment to the project.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Why we need Apple's HomeKit-enabled routers
How secure are the connected smart devices you keep in your home? How much protection have you put in place, and have you even taken a minute to change your default router password?

Computer says no The truth is many smart home device users (and those running connected devices in smart offices, enterprises, manufacturing and beyond) may not yet have taken stock of their security.

This is a particular problem when it comes to older smart devices, many of which are still in use even though a large number of them shipped with weak or non-replaceable factory default passcodes.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Microsoft's Windows, Office 365 advice for secure elections
Microsoft has issued guidance and offered resources to help election officials and candidate campaigns to better protect their Windows and Office 365 systems.

Computer World Security News
Oct 15, 2019

9 ways to use Windows 7 (safely) when support ends
With support ending in January, our Windows 7 Survival Guide for 2020 offers ways to protect your older machines that can't or won't be upgraded.

Computer World Security News
Oct 10, 2019

A Chrome security setting you shouldn't overlook
We spend tons o' time talking about Android security settings — like the added Android 10 option to limit how and when apps are able to access your location. Often lost in the shuffle, though, is the fact that the Chrome desktop browser has some significant security options of its own, and they're just as critical to consider.

In fact, Chrome has an easily overlooked setting that's somewhat similar to that new location control feature in Android. It's attached to every Chrome extension you install, as of not that long ago, and it lets you decide exactly when an extension should be able to see what you're doing on the web and be made privy to all the details (yes, even those details) of your browsing activity.

To read this article in full, please click here



Computer World Security News
Oct 08, 2019

Top enterprise VPN vulnerabilities
Don't assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

Computer World Security News
Oct 04, 2019

IoT dangers demand a dedicated group
The internet of things (IoT) brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars.

Internal problem No. 1: Departments that typically have little to no interactions with IT are now directly ordering corporate IoT devices. Maybe you've got Facilities purchasing IoT door locks or Maintenance buying a ton of IoT light bulbs. Given that those departments have been purchasing door locks and light bulbs for as long as anyone can remember and have never needed IT or security's signoff, this can be a problem.

Internal problem No. 2: In many ways, IoT devices (think of devices for tracking pallets on ships or for monitoring where every fleet car is and how fast it's been driven) are very different from anything else that IT or security has dealt with. The units are capturing data that has never been tracked before — Hello, Compliance. Go away, GDPR regulator — and in different ways, such as bypassing enterprise LANs and cloud networks and using internal antennas to directly communicate.

To read this article in full, please click here



Computer World Security News
Oct 04, 2019

Will 5G increase mobile security?
We love our smartphones, but there's a dark side. Their prevalence and users' tendencies to connect over public Wi-Fi make mobile devices a common target of bad guys. Analyst Jack Gold looks at how to mitigate the risk.

Computer World Security News
Oct 04, 2019

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day
You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn't go out through Windows Update, or through the Update Server. 

Sept. 24: Microsoft released "optional, non-security" cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn't bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they're "optional" and "Preview," which means most savvy individuals and companies won't install them until they've been tested.

To read this article in full, please click here



Computer World Security News
Oct 04, 2019

Google launches leaked-password checker, will bake it into Chrome in December
Google has launched a web-based hacked-password checker, part of its efforts to bake an alert system into Chrome.

Called "Password Checker," the service examines the username-password combinations stored in Chrome's own password manager and reports back on those authentication pairings that have been exposed in publicly-known data breaches.

[ Further reading: Google's Chromium browser explained ] The web version can be found at passwords.google.com, the umbrella site for Chrome users who run the browser after logging in with their Google account, then use that to synchronize data - including passwords - between copies of Chrome on different devices.

To read this article in full, please click here



Computer World Security News
Oct 03, 2019

5 industries that will be disrupted by blockchain
Here are five major industries that will benefit from blockchain technology in the near future: financial services and banking, government, healthcare, energy, and transportation and logistics.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2020 CEOExpress Company LLC