NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Feb 19, 2019

Yabba dabba doo!
Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can't find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That's easy enough — but it doesn't work. Fish gets a message saying his account wasn't found or the password didn't match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here



Computer World Security News
Feb 15, 2019

CIOs, you're doing blockchain wrong
IT leaders who've taken the plunge into blockchain are mainly deploying it in proofs-of-concept tests to address the same problems a conventional database could handle, according to research firm Gartner.To read this article in full, please click here

(Insider Story)

Computer World Security News
Feb 14, 2019

Mozilla to harden Firefox defenses with site isolation, a la Chrome
Mozilla plans to boost Firefox's defensive skills by mimicking the "Site Isolation" technology introduced to Google's Chrome last year.

Dubbed "Project Fission," the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device's memory of critical information, such as authentication credentials and encryption keys.

[ Further reading: 14 must-have Firefox add-ons ] "We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities," Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. "To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation." Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here



Computer World Security News
Feb 14, 2019

How to use your Mac safely in public places
Coffee shops across the planet are populated by earnest Apple Mac-wielding remote and/or freelance workers - but are they taking steps to protect themselves in a public place? Follow this checklist to make sure you are protected.

#1: Worry about Wi-Fi Public Wi-Fi networks are dangerous places, not least because you don't really know how the network is set-up or who else is sitting on the same network with you.

Criminals are known to set up legitimate-seeming hotspots on which their software lurks, attempting to take data (including your bank and intranet passcodes) in transit. Please beware:

Do: Make sure the network you are accessing is really the network that belongs to the place you are in - just because someone has called their network Coffee Bean Net doesn't mean it is the network that officially belongs to the shop. Don't: Access your financial, personal, confidential or medical records over unsecured public Wi-Fi - you're better off setting up your own iPhone hotspot and using that when accessing services like that in a public place. Do: Delete free networks from your Mac once you have used them. Your Mac is unable to determine if a network you are accessing is the genuine network, and will simply go by name. #2: Use a VPN So long as you use a VPN from a reputable company then you can make yourself a great deal safer when working in that coffee shop beside your gig economy mates.

To read this article in full, please click here



Computer World Security News
Feb 14, 2019

All about Android upgrades (and why they're late) | TECH(talk)
It's not exactly news that Android upgrades almost always take a lo-o-o-o-o-ng time to roll out to most users. As in months. Often, many months. Sometimes more than a year.

Sometimes never.

(There is an exception: Google delivers new versions of Android to its Pixel line right away, and did just that with the release of Android 9.0 (Pie) last fall.)

It's now been six months since Pie arrived, which means it's time for Computerworld blogger JR Raphael's comprehensive look at how device-makers are doing when it comes to upgrades. 

To read this article in full, please click here



Computer World Security News
Feb 13, 2019

With latest mobile security hole, could we at least focus on the right things?
A bunch of apps from some major players — including Expedia, Hollister, Air Canada, Abercrombie & Fitch, Hotels.com and Singapore Airlines — recently came to grief because of a security/privacy hole in a third-party analytics app they all used, according to a report from TechCrunch. The incident exposed extremely sensitive customer information including payment card and password data shared in clear text. That sort of thing shouldn't be happening — and yet everyone seems focused on the wrong lesson.

The analytics app, called Glassbox, captures all information from a user's interaction with the app, including keystrokes entered and spots on the touchscreen the user touched or clicked. It also may include some screen captures. In every case, the apps give insufficient privacy disclosures to app users, or none at all. And, as already mentioned, it shares sensitive data in clear text.

To read this article in full, please click here



Computer World Security News
Feb 11, 2019

It's time to block Windows Automatic Updating
Those of you who feel it's important to install Windows and Office patches the moment they come out - I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you'll drop by AskWoody.com and tell us all about them.

For those who feel that, given Microsoft's track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft's Security Response Center says that only a tiny percentage of patched security holes get exploited within 30 days of the patch becoming available.

To read this article in full, please click here



Computer World Security News
Feb 11, 2019

Does Workplace have a Facebook problem?
Facebook emerged from 2018 bruised from a series of revelations that undermined trust in the popular social media platform and raised questions about its commitment to privacy.To read this article in full, please click here

(Insider Story)

Computer World Security News
Feb 08, 2019

How to stay as private as possible on Apple's iPad and iPhone
Apple believes in your right to privacy. Here is some advice on how to use the tools it has given you to protect your privacy on an iOS device.

Use a better passcode You probably already use a 4-digit passcode, but you can improve that with a 6-digit or alphanumeric code.

You change this in SettingsTouch ID/Face ID & Passcode, select Change Passcode and then tap the small Passcode Options dialog. Alphanumeric codes are harder to decipher, just make sure you remember the code.

To read this article in full, please click here



Computer World Security News
Feb 08, 2019

Microsoft: Watch out for zero days; deferred patches, not so much
Matt Miller's presentation at Blue Hat yesterday included some startling statistics, based on data gathered by Microsoft's Security Response Center. The numbers starkly confirm what we've been saying for years: The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Get TotalAV Essential AntiVirus for $19.99 (80% off)
The term "computer virus" calls to mind imagery of pathogenic creepy-crawlies bringing down a device's operating system, their flagella wriggling as they multiply into hordes that infiltrate its chips and wires. And while it's true that our computers can be infected with literal biological bacteria like staphylococci, per Science Illustrated, the threat of malicious codes and programs intent on corrupting data and files looms far larger: According to a recent study from the University of Maryland's Clark School of Engineering, attacks on computers with internet access is virtually ceaseless, with an incident occurring every 39 seconds on average, affecting a third of Americans every year.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Why Apple is disabling Safari's Do Not Track feature
Apple takes privacy very seriously. It takes its leadership in that care seriously, and getting rid of the voluntary ‘Do Not Track' setting in its Safari browser is the right decision.

Why disabling Safari's Do Not Track feature is the right thing to do Apple introduced support for Do Not Track (DNT) in iOS 7, but removed the feature in Safari 12.1.

The problem with DNT is that the signal it sends to websites, analytics firms, plug-in makers and ad networks is a voluntary request, and can be ignored.

To read this article in full, please click here



Computer World Security News
Feb 07, 2019

Throwback Thursday: Pick a card, any card ...
This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

"An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers," fish says. "He sent out emails bragging about how insecure NT was and giving the NT team a hard time."

Fish isn't on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it's all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here



Computer World Security News
Feb 01, 2019

The January Windows and Office patches are good to go
Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.

We've seen a few more problems raise their ugly heads in the past few days:

Microsoft has confirmed that the latest version of Office Click-to-Run (which you're likely using if you have Office 365) makes the conversation window disappear in Skype for Business 2016. The Windows 8.1 Monthly Rollup, KB 4480963, breaks the Live Migration feature on older AMD Opteron machines. We're still waiting for confirmation on that one. Citrix confirms (but Microsoft hasn't acknowledged) that the latest Win10 1803 cumulat

Computer World Security News
Jan 31, 2019

Huawei in hot water, more on Apple's rocky first-quarter | TECH(feed)
Today's episode features more on Apple's first-quarter report, news that Google and the Internet Advertising Bureau are profiling users, collaboration software spending, and more problems for Huawei.

Computer World Security News
Jan 30, 2019

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs
In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we've seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates "optional" because you only get them if you click "Check for updates."

[ Related: How to clean up your Windows 10 act ] Windows 7 and 8.1 got their usual Monthly Rollups, but there's a problem. Specifically, this month's Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February's Monthly Rollup. Which makes no sense at all, but that's Microsoft. There's another Win7 Monthly Rollup bug that's fixed by installing a different "silver bullet" patch.

To read this article in full, please click here



Computer World Security News
Jan 30, 2019

It's a hack!
It's a few years after Y2K, and this pilot fish has overall responsibility for all things related to his company's website.

"Like most corporations, our company had a policy that computers and laptops were to be used only for company business, along with policies governing the appropriate use of the internet in the work environment," fish says.

"After arriving at work one morning, I opened my email to find a frantic message from our CEO to me and our internet security manager, stating that our website had been hacked."

The big boss knows this is the case because there are spammy images and text on the home page, among other issues. Not surprisingly, the CEO is adamant that this must be resolved ASAP.

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

Blockchain: The complete guide
Blockchain, which began to emerge as a real-world tech option in 2016 and 2017, is poised to change IT in much the same way open-source software did a quarter century ago. And in the same way Linux took more than a decade to become a cornerstone in modern application development, Blockchain will likely take years to become a lower cost, more efficient way to share information and data between open and private business networks.

Based on a distributed, peer-to-peer (P2P) topology, blockchain or distributed ledger technology (DLT) allows data to be stored globally on thousands of servers - while letting anyone on the network see everyone else's entries in real-time. That makes it difficult for one user to gain control of, or game, the network.

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

Get 140 Hours Of CompTIA Certification Training For $59 (90% Off)
Knowing how to design, build out, grow, and manage Internet Technology (IT) firms, departments, and facilities provides what you need to take charge in today's most challenging and lucrative IT environments. And lifetime access to the Complete CompTIA Certification Training Bundle is exactly what you need to get the required training and ensuing certifications.

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

Apple's Group FaceTime: A place for spies?
Apple has disabled Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people's devices without permission. What's going on and what can you do about it?

The bug, in brief A 9to5Mac report based on a video published to Twitter by @BmManski revealed that this flaw lets a user listen to audio captured using another person's device before they accept or reject the call requesting a FaceTime chat. The problem only affects iOS devices running iOS 12.1 or later (pending an update).

To read this article in full, please click here



Computer World Security News
Jan 29, 2019

The race to lock down industrial control systems | Salted Hash Ep 44
Guest host Juliet Beauchamp and CSO senior writer J.M. Porup talk about the challenges around securing the systems and networks used to control industrial plants and infrastructures.

Computer World Security News
Jan 28, 2019

Sharding: What it is and why many blockchain protocols rely on it
As blockchains are being rolled out in an increasing number of pilot programs for everything from cross-border financial transactions to supply chain management, one persistent issue remains: a lack of scalability.

As more computers join the peer-to-peer network, the efficiency of the whole system typically degrades.

[ Further reading: What is FinTech (and how has it evolved)? ] Scalability has already been identified as an issue with cryptocurrencies such as bitcoin and Ethereum's Ether. If a distributed ledger is to achieve adoption by financial technology (FinTech) companies and compete with payment networks hundreds of times faster, it must find a way to boost scalability and throughput and address latency problems.

To read this article in full, please click here



Computer World Security News
Jan 18, 2019

Get 3 Years of NordVPN Service for Just $2.99 Per Month - Deal Alert
NordVPN promises a private and fast path through the public internet, with no logs, unmetered access for 6 simultaneous devices and access to 5,232 servers worldwide. They are currently running a promotion, but you'll have to use this link to find it. Its typical price has been discounted for 3 years of service -- a good deal at just $2.99 per month.  See the $2.99/month NordVPN deal here.

To read this article in full, please click here



Computer World Security News
Jan 17, 2019

'We need new privacy laws' urges Apple CEO, Tim Cook
In a sidelong slap at the business model of Facebook, Google and others, Apple CEO Tim Cook has published an article in which he urges the U.S. government to put surveillance capitalists/data brokers under transparent legal oversight.

Stand up for your rights "In 2019, it's time to stand up for the right to privacy - yours, mine, all of ours." Cook writes in an article for Time Magazine.

To read this article in full, please click here



Computer World Security News
Jan 17, 2019

'We need new privacy laws,' urges Apple CEO Tim Cook
In a sidelong slap at the business model of Facebook, Google and others, Apple CEO Tim Cook has published an article in which he urges the U.S. government to put surveillance capitalists/data brokers under transparent legal oversight.

Stand up for your rights "In 2019, it's time to stand up for the right to privacy — yours, mine, all of ours." Cook writes in an article for Time Magazine.

To read this article in full, please click here



Computer World Security News
Jan 17, 2019

Start-up Devvio claims its blockchain can handle 8M transactions a second
A start-up firm claims its highly efficient distributed ledger protocol can address all the major problems facing blockchain networks, including being able to scale for global financial business by executing up to eight million transactions per second (TPS).

The new blockchain protocol, called Devv, was unveiled and demonstrated at CES in Las Vegas last week.

If the claims prove true, Devv would be able to compete with traditional financial networks in terms of scalability, be far less expensive to use and would address fraud, theft and privacy issues. Like many blockchain protocols, Devv is not just a peer-to-peer (P2P) database technology but also a digital currency or cryptocurrency called Devcash.

To read this article in full, please click here



Computer World Security News
Jan 11, 2019

Exploring the economic realities of cybersecurity insurance | Salted Hash Ep 43
Guest host Juliet Beauchamp talks with senior writer J.M. Porup about the newly created cybersecurity insurance industry, and how a policy could fit into an organization's overall security strategy to help minimize risk.

Computer World Security News
Jan 10, 2019

How to create and open compressed files on iPhone, iPad
Many enterprises rely on zip files to exchange data, particularly confidential data - compression helps keep information safe, even against inquisitive ads trackers lurking inside "free" email or online storage services. How do you handle these things on iPad or iPhone?

How to handle zip files on iPhone While it isn't especially obvious, iOS provides some limited features that let you archive and decompress zip files. You can even create a nice little Shortcut to do this for you:

Open Shortcuts, Tap Create Shortcut In the search bar, type Extract Archive: That shortcut should appear in the list below, tap it to add it to your workflow. Returning to the search bar, type Save File. When it appears tap it to add it to the workflow you are building. Tap the switch button at top right of the shortcut name In the next pane you can name the shortcut and give it an icon. The most important change you should make is to enable Show in Share Sheet (flick to green). You can create a second Shortcut to make archives. Just tupe Make Archive to find the relevant flow and then add Save File and Show in Share Sheet as decribed above. Don't forget to give it a name, such as Make Archive. Shortcuts can work with multiple compression formats, including .tar, .zip and .iso. How to use it:

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Enterprise iPhones will soon be able to use security dongles
Enterprise security professionals will be pleased to learn that it will soon be possible to enhance the already considerable device security of Apple's iPhones with hardware-based physical authentication dongles using the Lightning port.

A highly secure proposition Announced at CES 2019, the key fits on a keyring and comes from the authorization experts at Yubico. The hardware connects to iOS systems using the Lightning connection and is also equipped with USB-C for Macs. This is quite a big deal.

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Details, details
It's a few years after Y2K when the IT security team at this university gets a rude awakening, reports a pilot fish in the know.

"They discovered that persons unknown had hacked into a university server," fish says. "It was being used to launch denial-of-service attacks against a victim somewhere outside the university."

The team's first job is finding the server -- which turns out to be in the alumni office -- and taking it offline.

Then they start digging into the security logs. That's when they find out that the attackers have been making use of the server for more than a year.

And once they start checking on the IP addresses of whoever it is that has accessed the server, they discover it's not just one or two hackers. It seems people from all over the world have been using this server to launch attacks.

To read this article in full, please click here



Computer World Security News
Jan 09, 2019

Mingis on Tech: As blockchain hype cools, a 'trough of disillusionment' for 2019?
Ok, so maybe blockchain isn't ready yet to become the biggest new technology since the internet.

But the distributed ledger technology clearly made strides in 2018, when it was embraced by companies from Walmart to shipping bigwig Maersk to top tech venders like IBM, SAP, Oracle and Microsoft who see potential in blockchain-as-a-service. (Walmart's vice president in charge of food safety, Frank Yiannas, compared his embrace of blockchain to a "religious conversaion.")

To read this article in full, please click here



Computer World Security News
Jan 07, 2019

In 2019, look for AI-enabled mobile devices - and a UEM push
This year, artificial intelligence will continue its push into mobile hardware and enterprise communication devices, challenging IT shops' enterprise mobility management (EMM) capabilities while at the same time offering potential security benefits.To read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 07, 2019

Top 4 enterprise tech trends to watch in 2019
If 2018 was the year of the data breach, the thinking among IT pros is that this will be the year companies take concrete steps to prevent future breaches.

That was the sentiment among tech professionals who took part in a recent @IDGTechTalk Twitter chat about enterprise tech trends for 2019.

In fact, a recent @IDGTechTalk poll found privacy and security to be the top enterprise tech issue for 2019 (45 percent), followed by artificial intelligence (30 percent), cloud computing (16 percent), and blockchain (9 percent).

To read this article in full, please click here



Computer World Security News
Jan 04, 2019

Apple wants to stop you from using dangerous USB-C devices
Apple wants to make it harder for its customers to use cheap USB-C cables — and it's for your own good.

The risks of USB-C cables Cables are complicated, and that's why friends don't let friends connect cut-price or otherwise unverified USB-C cables to their systems — and soon, you won't be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

To read this article in full, please click here



Computer World Security News
Jan 04, 2019

Apple wants to stop you using dangerous USB-C devices
Apple wants to make it harder for its customers to use cheap USB-C cables - and it's for your own good.

These are the risks of USB-C cables

Cables are complicated and that's why friends don't let friends connect cut-price or otherwise unverified USB-C cables to their systems -and soon, you won't be able to.

Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.

To read this article in full, please click here



Computer World Security News
Jan 03, 2019

New year, same old users
IT support pilot fish takes a call to help a user change a password on a webpage form -- and it reminds fish of just how much help-desk techs love password resets.

"I spent 25 minutes talking to him," fish groans. "There were only two buttons to press, Submit and Reset.

"You'd think that after pressing Reset three times and having it erase the passwords he typed in, he would try Submit -- right?

"But no -- our customer tried a fourth and then a fifth time, until he got the idea to hit the other button.

"This person was by all accounts a functional, employed adult..."

Sharky needs a new year's worth of stories of users, management and IT gone off the rails. So send me your true tales of IT life at sharky@computerworld.com. You can also comment on today's tale at Sharky's Google community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here



Computer World Security News
Jan 02, 2019

If the CTO says it's OK, what could go wrong?
Medical rehab facility is facing a compliance deadline for HIPAA privacy regulations, and that could be a problem, says a cybersecurity pilot fish working there.

"The HIPAA regulations are strewn with potential issues," fish says. "When some aspect isn't followed and a patient's data privacy is compromised, the fines can be substantial."

And that's the headache fish faces because of his facility's use of Gmail. As the site's cybersecurity engineer, fish knows that ordinary Gmail isn't HIPAA compliant.

Fortunately, there's a fix -- one that involves additional paperwork and agreements, along with some added security verification. But that's still easier and less complex than moving everyone off Gmail.

To read this article in full, please click here



Computer World Security News
Dec 31, 2018

Q&A: Experian exec says biometrics won't save you from mobile hacks
If you think your new iPhone's Face ID facial recognition feature or your bank's fancy new fingerprint scanner will guarantee privacy and block hackers from accessing sensitive personal or financial data, think again.

In the coming year, cyberattacks will zero in on biometric hacking and expose vulnerabilities in touch ID sensors, facial recognition technology and passcodes, according to a new report from credit reporting agency Experian Plc. While biometric data is considered the most secure method of authentication, it can be stolen or altered, and sensors can be manipulated, spoofed or suffer deterioration with too much use.

Even so, as much as 63% of enterprises have implemented or plan to roll out  biometric authentication systems to augment or replace less-secure passwords, Experian said in its report. The push toward biometric systems dates back to the turn of the century in the financial services industry.

To read this article in full, please click here



Computer World Security News
Dec 27, 2018

Tech luminaries we lost in 2018
Remembering our industry's innovators In Memoriam 2018 Tech luminaries we lost this year [slideshow cover]" data-license="Getty Images"/Image by FreedomMaster / Getty Images

They were the founders of such household names as Atari and Microsoft. They built the hardware and software that powers the Internet. They used computers to give voice to the young and the disabled. And they rarely did so in the spotlight. Whether they ever achieved fame or fortune, these 13 women and men deserve a place in the history books for their lives, accomplishments, and contributions to science and information technology around the world.

To read this article in full, please click here



Computer World Security News
Dec 26, 2018

The top 10 stories of 2018: Blockchain rises, open source reigns, trust wanes
2018: The year in reviewImage by Rob Schultz, Stephen Lawson, Pete Linforth, Natascha Eibl, NegativeSpace.co, modified by IDG Comm

To read this article in full, please click here



Computer World Security News
Dec 21, 2018

Microsoft Patch Alert: Mystery patches for IE and Outlook 2013 leave many questions, few answers
Just when you're ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn't pass the smell test.

Mysterious bug fix for IE Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809- KB 4483235 - build 17763.195

To read this article in full, please click here



Computer World Security News
Dec 19, 2018

Microsoft delivers emergency patch for under-attack IE
Microsoft rarely mentions Internet Explorer (IE) anymore, but when it does, it usually means bad news.

So it was Wednesday, when Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] According to Microsoft, attackers are already exploiting the vulnerability, making it a classic "zero-day" bug. Because of that, the company released a fix before the next round of security updates scheduled for Jan. 8.

To read this article in full, please click here



Computer World Security News
Dec 14, 2018

How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.To read this article in full, please click here

(Insider Story)

Computer World Security News
Dec 12, 2018

Android security audit: An easy-to-follow annual checklist
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.

As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)

To read this article in full, please click here



Computer World Security News
Dec 12, 2018

Google Smart Lock: The complete guide
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

And that's to say nothing of the number of times you type your password into your laptop or enter your credentials into an app or website during the day. Security's important, but goodness gracious, it can be a real hassle.

To read this article in full, please click here



Computer World Security News
Dec 11, 2018

And that was actually the CLEAN version!
It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there.

"It was part of an email security product," fish says. "The filter could identify emails containing language that was not considered business appropriate.

"We'd had HR incidents involving inappropriate language in the past, especially from field hands emailing to office staff -- it gave a new meaning to 'crude oil workers' -- so it was decided we should enable the feature with its default settings and give it a run.

"Only a few hours later we received an alert that a message had been identified with inappropriate language.

To read this article in full, please click here



Computer World Security News
Dec 10, 2018

Innovative anti-phishing app comes to iPhones
We're always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated, but what if our email app warned us before we clicked malicious links?

Can this app offer you protection? MetaCert isn't fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defence against clicking on malicious links received in email messages.

The solution emerged from the developer's earlier work building an API to help app developers add a layer of security to WebView.

To read this article in full, please click here



Computer World Security News
Dec 10, 2018

Forbidden names, revisited
Flashback a few decades to the glory days of online service CompuServe, when anyone could get an account -- but not everyone could use their real names, according to a pilot fish in the know.

"You logged in with your account number, but to join a forum -- a chatroom focused on a specific topic -- you had to give a real name," fish says. "The name on your billing record was the default.

"Of course there were fraudsters who used an official-sounding name to phish people for personal info and credit card data. So users were not allowed to have words like 'billing' as any part of their in-forum real name. This could only be overridden by the forum sysop. I was one.

To read this article in full, please click here



Computer World Security News
Dec 06, 2018

5 handy Google Fi features you shouldn't forget
Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi this fall, but its core proposition remains the same: Pay only for the data you use, and avoid all the traditional carrier gotchas and nonsense.

For the right kind of person, especially among those of us on Android, Fi can be a real cost- and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.

To read this article in full, please click here



Computer World Security News
Dec 06, 2018

Will Apple's iPhone replace your password?
Imagine using Face ID on your iPhone alongside a password and Touch ID on your computer in order to access highly secure websites, such as online banks, enterprise intranets and confidential online data services.

That's a possibility as Apple begins testing a new security standard called WebAuthn.

What is WebAuthn? Apple has begun beta-testing support for the standard in Safari Technology Preview Release 71, thought it does warn this support is an "experimental feature", so it may go no further than that.

To read this article in full, please click here



Computer World Security News
Dec 05, 2018

Blockchain: What's it good for? Absolutely nothing, report finds
In a joint report for the Monitoring, Evaluation, Research and Learning (MERL) Technology conference this fall, researchers who studied 43 blockchain use cases came to the conclusion that all underdelivered on claims.

And, when they reached out to several blockchain providers about project results, the silence was deafening. "Not one was willing to share data," the researchers said in their blog post.

To read this article in full, please click here



Computer World Security News
Nov 30, 2018

Amazon launches patient data-mining service to assist docs
Amazon this week announced its latest data analytics product, one aimed at scouring unstructured data within electronic medical records (EMRs) to offer up insights that physicians can use to better treat patients.

Amazon's new Comprehend Medical AWS cloud service is a natural-language processing engine that purports to be able to read physician notes, patient prescriptions, audio interview transcripts, and pathology and radiology reports - and use machine learning algorithms to spit out relevant medical information to healthcare providers.

[ Further reading: A.I. and speech advances bring virtual assistants to work ] Amazon's Comprehend Medical software service is one of 13 new machine learning software products the company announced on Tuesday.

To read this article in full, please click here



Computer World Security News
Nov 29, 2018

Microsoft Patch Alert: After months of bad news, November's patching seems positively serene
By far the most important reason for this month's relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.

[ Related: Windows 7 to Windows 10 migration guide ] What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes - including two buggy patches that have been pulled and one that's been fixed - the usual array of Flash excuses and Preview patches.

To read this article in full, please click here



Computer World Security News
Nov 27, 2018

Microsoft's multi-factor authentication service flakes out - again
Just one day after Microsoft came clean with an explanation of a Nov. 19 outage that blocked users of Office 365 from logging into their accounts using Multi-Factor Authentication (MFA), today the service again went on the fritz.

"Starting at 14:25 UTC on 27 Nov 2018, customers using Multi-Factor Authentication (MFA) may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when MFA is required by policy," read the Azure status dashboard. Two and a half hours later, the dashboard reported that after resolving a problem with an earlier DNS (Domain Name Service) issue, engineers rebooted the services. "They observed a decrease in the failure rate after the reboot cycles," the dashboard concluded.

To read this article in full, please click here



Computer World Security News
Nov 26, 2018

Windows Hello for Business: Next-gen authentication for Windows shops
Authentication: the act of proving one's identity to the satisfaction of some central authority. To most, this process means typing in a username and a password. It's been this way for years and years.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 26, 2018

What is Windows Hello? Microsoft's biometrics security system explained
Windows Hello is a biometrics-based technology that enables Windows 10 users to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

"Windows Hello solves a few problems: security and inconvenience," said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. "Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords."

To read this article in full, please click here



Computer World Security News
Nov 22, 2018

Gmail encryption: Everything you need to know
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business, for personal use, or a combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

10 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — starting with the core elements and moving from there into some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

ProtonMail launches standalone iOS app
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.

VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

ProtonMail launches standalone iOS VPN app
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.

VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

The big fix
Pilot fish at a federal agency gets a visit from a power user who can't get access to the data he needs -- and he's not at all happy.

"We used a very effective security product that could narrow down access to a specific user or dataset," says fish. "But you had to be careful to install any new rules in the right place, because once a rule was found it was applied, even if one with more relaxed access followed.

"As soon as I checked, I could see that I had misplaced the rule I had created for him.

"Now, normally if I made a mistake I'd admit to it and apologize. This particular day this fellow, an otherwise nice guy, was at it like a dog with a bone, demanding How did it happen? Who did this? over and over.

To read this article in full, please click here



Computer World Security News
Nov 20, 2018

What Apple's T2 security chip brings to the enterprise table
There's been a lot of discussion about Apple's T2 security chip, particularly the restrictions it places on repairs not sanctioned by Apple. The controversy centers on an Apple utility needed to make changes like swapping out the built-in SSD drives. The overall argument ties into the right-to-repair fight, allowing hardware owners to make changes to their own devices.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 19, 2018

Microsoft yanks two buggy Office patches but keeps pushing one that crashes
Two related Office 2010 non-security patches issued on Nov. 6 were pulled on Nov. 17. KB 4461522 and KB 2863821 are both related to changes coming in the Japanese calendar next month attributed to the abdication of Emperor Akihito in favor of his son, Naruhito. The event has been compared to the Y2K problem in the west. It's not clear why two patches were released on Nov. 6 to accommodate that calendar change, but both KB articles now sport the admonition:

To read this article in full, please click here



Computer World Security News
Nov 19, 2018

Download Malwarebytes Today and Protect Your Data for Free
Everyone lives on the internet, period. Whether you're streaming a standup special on Netflix, answering emails from your boss, chatting on Tinder, or completing everyday errands like paying bills online, you're likely spending most of your day tangled up in the world wide web.

Unfortunately, that makes you a high-risk candidate for a cyber attack at some point along the way, be it through malware, phishing, or hacking. Best-case scenario, it sucks up your time to fix (or your money by paying someone else to fix it). Worst case scenario, it puts you and your computer out of commission for days and damages your files beyond repair. Not to mention the sheer terror of knowing some hacker has complete and total access to virtually everything about you, including all of your banking and credit card information. Malwarebytes is a free program built to help you avoid the above scenarios altogether — and it makes traditional antivirus look old, tired, and played out (seriously it's free,

Computer World Security News
Nov 16, 2018

Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser's users when their email address and credentials may have been obtained by hackers.

Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone -- not only Firefox users -- can steer to the service website, enter an email address and be told if that address was among those involved in successful, publicly-known breach attacks. Next steps were up to the user, including the obvious of changing the password(s) connected to that email address and/or website(s).

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Notifications of the latest breaches were sent by Firefox Monitor to the user-submitted address. "Your email address will be scanned against those data breaches, and we'll let you know through a private email if you were involved," wrote Nick Nguyen, Mozilla's vice president of product strategy, in a Sept. 25 post to a company blog.

To read this article in full, please click here



Computer World Security News
Nov 16, 2018

Amid calls for a Windows bug status dashboard, Microsoft belatedly agrees to build one
A Windows expert this week urged Microsoft to put its money where its mouth is and produce a status dashboard or website that reports and tracks problems with the operating system.

Coincidentally or not, on Wednesday Microsoft said it would launch a "Windows update status dashboard," but did not name a timetable except for a broad "in the coming year."

[ Related: The best places to find Windows 10 ISOs ] "I can go to this page and see if something happening with Office 365 is just a me thing or if everyone else is seeing the same," said Susan Bradley in a Nov. 13 email reply to questions, referring to the Office 365 Admin Center. (Note: Only those with administrative credentials have access; it's not meant to provide information to end users.) "(But) if I want to find out if something is a known issue with Windows 10, I have to dig through - and monitor for changes - these pages," she continued, listing two separate support documents for one such known issue.

To read this article in full, please click here



Computer World Security News
Nov 14, 2018

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get Over 45 Hours Of Immersive Ethical Hacking Training For $25 (90% Off)
Your private data can reveal a lot about you, such as bank information, spending habits, and even the websites you frequent. This makes large companies like Facebook and Yahoo prime targets for data breaches because of their vast library of user data. Nowadays, it's more important than ever for companies to remain vigilant against hackers, lest their customers' privacy and trust be lost.

To defend against such threats, companies hire security professionals who know how to identify and exploit vulnerabilities in security systems. These "ethical hackers" employ the same methods malicious hackers do, but they also patch and report these vulnerabilities to their employers to prevent future intrusions. With data breaches on the rise, the demand for ethical hackers has increased, making this career path both stable and profitable. If you're interested in learning how to hack security systems (legally, of course) then this $39 Ethical Hacking A to Z Training Bundle is for you.

To read this article in full, please click here



Computer World Security News
Nov 13, 2018

Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC.

Computer World Security News
Nov 13, 2018

FAQ: Windows 10 LTSB explained
Windows 10 powered to its third anniversary this year, but one branch, identified by the initials L-T-S-B, remained an enigma to most corporate users.

LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

[ Related: Fix Windows 10 problems with these free Microsoft tools ] That hasn't happened, in part because Microsoft has steered customers away from LTSB.

To read this article in full, please click here



Computer World Security News
Nov 07, 2018

BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).

To read this article in full, please click here



Computer World Security News
Nov 01, 2018

Why Apple's Siri is already an enterprise product
The usual suspects love to spend time claiming Siri lags other voice assistants in some ways, but they don't seem to understand that Apple's voice assistant is an enterprise product.

Why is Siri an enterprise product? This is what happens when you use a voice search tool: You activate the assistant, it listens to what you say, identifies that a request is being made and sends that request to the cloud to be resolved and responded to.

This all happens pretty quickly and after a short delay your response arrives, or an action takes place.

To read this article in full, please click here



Computer World Security News
Oct 30, 2018

Google Smart Lock on Chrome OS: 2 fast fixes and a power-user tip
Google's Smart Lock system for Chrome OS is one of those things that sounds spectacular on paper but then frequently falls flat in the real world.

You know about Smart Lock by now, right? It's something Google created to turn your Android phone into a contact-free key for your Chromebook: Anytime the phone is close to the computer, Chrome OS will automatically detect its presence — and as long as the phone is unlocked, the laptop will let you skip the usual password prompt and hop right in with just a quick click on the sign-on screen.

To read this article in full, please click here



Computer World Security News
Oct 26, 2018

Well, do you trust 'em or don't you?
Flashback a few decades to the days when this pilot fish is a supervisor in the call center for a big mail-order PC company.

"Our agents were privy to a customer's credit card information right in the call tracking system," says fish. "We trusted 600 agents with nearly unlimited access to this customer information without ever a single theft from our people."

But the call center manager decides the operation needs a way to approve replacement parts to be shipped to customers.

That leads to a new process: When a call-center agent is sending a simple part -- say, a new mouse or inexpensive sound card -- the agent types in his badge number, then must turn his head to get his supervisor's attention.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Apple appears to have blocked GrayKey iPhone hacking tool
Apple has apparently been able to permanently block de-encryption technology from a mysterious Atlanta-based company whose blackbox device was embraced by government agencies to bypass iPhone passcodes.

Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.

The blackbox technology purportedly worked, as Grayshift's technology was snapped up by regional law enforcement and won contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.

Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security tested the technology.

To read this article in full, please click here



Computer World Security News
Oct 25, 2018

Win10 1803 big bug bash KB 4462933 joins earlier versions, a week late to the party
Back on Oct. 18, a "C Week" Thursday, Microsoft released hefty rounds of bug fixes for Win10 1607, 1703 and 1709. At the time, I wondered out loud why the latest (unyanked) version of Win10, version 1803, didn't get a similar dose. Now, on a "D Week" Wednesday, it looks like we've seen the deluge.

To read this article in full, please click here



Computer World Security News
Oct 24, 2018

Complete transcript, video of Apple CEO Tim Cook's EU privacy speech
Apple CEO, Tim Cook spoke up for privacy at a conference of European privacy commissioners in Brussels this morning. 

'AI must respect human values' The themes of this year's conference is "Debating Ethics: Dignity and Respect in Data Driven Life", Cook is the first tech CEO to serve as the keynote speaker for the conference and was invited to speak.

He talked about data, put in a bid for a bill of U.S. digital rights, slammed competitors for profiting while unleashing powerfully negative forces, and spoke up for a GDPR-style privacy protection in the U.S.

To read this article in full, please click here



Computer World Security News
Oct 22, 2018

Wonder if they'll ever tell HIM what's going on...
This IT pilot fish has been supporting a customer remotely through a VPN that's usually pretty solid -- but definitely not always.

"Every now and then it disconnected me randomly," says fish. "Then it continued disconnecting me repeatedly every 30 to 60 seconds.

"I went through the usual litany of rebooting, trying a different computer, trying a different network, etc. Every time I got the help desk involved, they pulled a bunch of different logs that basically just said 'disconnected' without any cause given.

"After several rounds of changes that miraculously fixed it, then suddenly stopped working again, the issue got escalated to a high-enough tier that an answer was forthcoming.

To read this article in full, please click here



Computer World Security News
Oct 19, 2018

Policies and paper trails -- our new best friends
This IT pilot fish works with lots of sensitive data -- and that means really sensitive, such as child abuse investigations.

"Until a few years ago, I had access to all that data, so I could write ad-hoc reports against it," says fish. "We 'systems' people were given access to everything, so we could troubleshoot application problems for the users.

"Then one day I was called into the CEO's office. He told me that according to the logs, I did a search against the Child Welfare data for a particular family on a date and time six months earlier -- and wanted to know why I did the search."

As best fish can recall, he was doing the search to troubleshoot a particular report that one caseworker was trying to run. To do that, he used his own workstation to duplicate the steps that the caseworker took to get to the error.

To read this article in full, please click here



Computer World Security News
Oct 18, 2018

How to use the Shodan search engine to secure an enterprise's internet presence
Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities. Senior writer J.M. Porup and content producer Juliet Beauchamp talk through the security scenarios.

Computer World Security News
Oct 17, 2018

Microsoft Patch Alert: October's been a nightmare
This month's bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked "Check for updates" and got all of the files in your Documents and Photos folders deleted. Even if you didn't become a "seeker" (didn't manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP ("Metro" Store) apps might have been kicked off the internet.

You didn't need to lift a finger.

[ Further reading: Windows 10 update (and retirement) calendar: Mark these dates ] Worst Windows 10 rollout ever Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked "Check for updates" wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20
The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

"In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here



Computer World Security News
Oct 16, 2018

Stats make iOS a hard OS to ignore
The latest version of Apple's mobile operating system — iOS 12 — was released just a few weeks ago, and yet it's already installed on 53% of relatively newer iPhones (introduced since September 2014) and 50% of all iPhones. Bottom line: It's the fastest acceptance of any Apple OS.

This is more than a minimally interesting statistic. It illustrates the key difference between Apple mobile devices and Android mobile devices: Although there are more Android users on the globe, Apple's users are much more of a community. That means many things from an Apple marketing perspective, but for IT, it means far greater security.

To read this article in full, please click here



Computer World Security News
Oct 15, 2018

Economist Nouriel Roubini: Blockchain and bitcoin are the world's biggest scams
New York University professor and global economist Nouriel Roubini testified before the U.S. Senate Committee on Banking last week, saying cryptocurrencies such as bitcoin are the mother of all scams and bubbles.

He followed that assertion up by calling blockchain, the technology unpinning bitcoin, "the most over-hyped — and least useful — technology in human history."

[ Further reading: What is FinTech (and how has it evolved)? ] Today, Roubini doubled down on his claims in a column published on CNBC.com in which he said blockchain has promised to cure the world's ills through decentralization but is "just a ruse to separate retail investors from their hard-earned real money."

To read this article in full, please click here



Computer World Security News
Oct 12, 2018

How secure are electronic voting machines? | Salted Hash Ep 48
With the midterm elections looming, electronic voting machines are getting increased scrutiny. J.M. Porup, senior writer at CSO, sits in the hosts chair this episode, breaking down the security risk with content producer Juliet Beauchamp.

Computer World Security News
Oct 12, 2018

Regulating the IoT: A conversation with Bruce Schneier | Salted Hash Ep 49
Security expert and author Bruce Schneier talks with senior writer J.M. Porup about that widespread use of connected chips -- allowing hackers to access cars, refrigerators, toys and soon, even more home consumer items.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, Chinese whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

Computer World Security News
Oct 12, 2018

Talking DerbyCon, spy chip whispers and Google's data breach | Salted Hash Ep 47
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.

Computer World Security News
Oct 11, 2018

Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'
Data breaches have become so common, and so frequent, that when companies like Facebook or Google admit to data leaks or outright hacks, users fret, the companies pledge to do better, and government regulators (sometimes) issue stern warnings.

Lather. Rinse. Repeat.

In recent weeks, Facebook acknowledged a breach affecting 50 million users and Google had to fess up to a breach affecting Google Plus users after initially deciding to keep quiet.

To read this article in full, please click here



Computer World Security News
Oct 11, 2018

Mingis on Tech: Data breaches in a world of 'surveillance capitalism'
Facebook and Google recently acknowledged data breaches affecting millions of users. This won't be the last time that happens. CSO's J.M. Porup and Computerworld's Ken Mingis examine what's really going.

Computer World Security News
Oct 10, 2018

Why Apple must be looking into using blockchain
Everyone who can is looking into using Blockchain and Apple is no exception, though it will be a long time before we see any consumer-facing implementations of this.

Apple looks at lots of technologies If it's on the Gartner Hype Cycle you can bet a few bucks Apple is looking at it.

That's why I think it will eventually introduce a 3D printer that works in conjunction with ARKit (unverified prediction), and also why it must be thinking about how to use blockchain.

To read this article in full, please click here



Computer World Security News
Oct 10, 2018

What the heck is it with Windows updates?
To help make life better for you, my loyal readers, I suffer by running Windows 7 and 10 on two harmless — never hurt anyone in their lives — PCs. Well, I did. But, in the last week I ran into not one, but two, showstopper update bugs.

First, on Windows 10, I was one of those "lucky" people who had files vaporize when I "updated" to Windows 10 October 2018 Update (version 1809). Because I only use Windows for trivial tasks, I didn't lose anything valuable when the patch decided to erase everything in the My Documents folder.

[ Related: How to block the Windows 10 October 2018 Update, version 1809, from installing ] Somehow, I think most Windows users use Windows for more important work than I do. I hope you have current backups. At least Computerworld's Woody Leonhard has some good news: You can get those deleted files back.

To read this article in full, please click here



Computer World Security News
Oct 06, 2018

Spy chips on servers? Lessons learned (and questions to ask)
On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 05, 2018

Apple, Amazon server spy story is wake-up call to security pros
Apple and Amazon have strenuously deniedBloomberg's claims of a sophisticated hardware exploit against servers belonging to themselves and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it's claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer, Super Micro. That company's server products are/were also used by Amazon, the U.S. government and 30 other organizations. The chips were (it is alleged) put in place by employees bribed by Chinese government agents.

To read this article in full, please click here



Computer World Security News
Oct 05, 2018

Apple, Amazon server spy story is wake-up call to security pros (u)
Apple and Amazon have strenuously denied Bloomberg's claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it's claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company's server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here



Computer World Security News
Oct 05, 2018

Time to lock the security team in a hotel room?
IT security has laptops at this company really locked down, and that includes only limited admin rights, reports a road warrior pilot fish.

"On a recent trip, at my hotel I had to make an internet connection and open a web page to log into the hotel's internet service before I could get a connection to the real internet," fish says.

"Problem was, the work laptop was not going to let me use the browsers until I had established a VPN connection, which of course I could not do without the web page login.

"In a way, that was good -- I took some real vacation time.

"In another way, it was bad, I have big hands and fingers, so using an iPhone and those stupid virtual keyboards is a one-finger, error-prone task. An email that could take seconds to type on a full-size keyboard takes minutes on the phone.

To read this article in full, please click here



Computer World Security News
Oct 01, 2018

Open door policy
This server room is getting keycard access to make sure only those on the approved list are allowed to enter, reports a pilot fish on the scene.

"A card reader is installed on the outside of the door to get in," fish says. "But how to handle exiting the room? Someone has the bright idea that a system administrator inside the server room might have their hands full when they're trying to leave.

"So a motion sensor is installed on the inside, looking down on the doorway. That way, if someone walks up to the door from the inside, it will automatically unlock.

"But whoever created this system is a much more trusting soul than one of the sysadmins, who looks over the already installed system and sees the flaw.

To read this article in full, please click here



Computer World Security News
Sep 27, 2018

Easy to prevent Apple flaw may threaten enterprise security
An obscure flaw in Apple's Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing Duo Security researchers say they've figured out how to enrol a rogue device onto an enterprise's MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple's Device Enrolment Program (DEP), but not yet set-up on the company's MDM server, they said.

To read this article in full, please click here



Computer World Security News
Sep 27, 2018

Easy-to-prevent Apple flaw may threaten enterprise security
An obscure flaw in Apple's Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing Duo Security researchers say they've figured out how to enrol a rogue device onto an enterprise's MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple's Device Enrolment Program (DEP), but not yet set-up on the company's MDM server, they said.

To read this article in full, please click here



Computer World Security News
Sep 21, 2018

Apple's dropping Back To My Mac Remote Access. Here's an Alternative, Currently Discounted.
Apple is dropping the Back To My Mac remote access feature, and in a recent support document they urge you to be prepared by looking for alternatives.

RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC