Feed aggregator

Wonder if they'll ever tell HIM what's going on...

Computer World Security - Mon, 10/22/2018 - 04:00

This IT pilot fish has been supporting a customer remotely through a VPN that's usually pretty solid -- but definitely not always.

"Every now and then it disconnected me randomly," says fish. "Then it continued disconnecting me repeatedly every 30 to 60 seconds.

"I went through the usual litany of rebooting, trying a different computer, trying a different network, etc. Every time I got the help desk involved, they pulled a bunch of different logs that basically just said 'disconnected' without any cause given.

"After several rounds of changes that miraculously fixed it, then suddenly stopped working again, the issue got escalated to a high-enough tier that an answer was forthcoming.

To read this article in full, please click here

Categories: Latest Security News

Policies and paper trails -- our new best friends

Computer World Security - Fri, 10/19/2018 - 04:00

This IT pilot fish works with lots of sensitive data -- and that means really sensitive, such as child abuse investigations.

"Until a few years ago, I had access to all that data, so I could write ad-hoc reports against it," says fish. "We 'systems' people were given access to everything, so we could troubleshoot application problems for the users.

"Then one day I was called into the CEO's office. He told me that according to the logs, I did a search against the Child Welfare data for a particular family on a date and time six months earlier -- and wanted to know why I did the search."

As best fish can recall, he was doing the search to troubleshoot a particular report that one caseworker was trying to run. To do that, he used his own workstation to duplicate the steps that the caseworker took to get to the error.

To read this article in full, please click here

Categories: Latest Security News

How to use the Shodan search engine to secure an enterprise's internet presence

Computer World Security - Thu, 10/18/2018 - 04:00
Shodan, a search engine for all ports within the internet, can help enterprises identify and lock down security vulnerabilities. Senior writer J.M. Porup and content producer Juliet Beauchamp talk through the security scenarios.
Categories: Latest Security News

Microsoft Patch Alert: October’s been a nightmare

Computer World Security - Wed, 10/17/2018 - 11:30

This month’s bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked “Check for updates” and got all of the files in your Documents and Photos folders deleted. Even if you didn’t become a “seeker” (didn’t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP (“Metro” Store) apps might have been kicked off the internet.

You didn’t need to lift a finger.

[ Further reading: Windows 10 update (and retirement) calendar: Mark these dates ] Worst Windows 10 rollout ever

Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

To read this article in full, please click here

Categories: Latest Security News

Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20

Computer World Security - Tue, 10/16/2018 - 05:06

The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

"In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here

Categories: Latest Security News

Stats make iOS a hard OS to ignore

Computer World Security - Tue, 10/16/2018 - 04:00

The latest version of Apple's mobile operating system — iOS 12 — was released just a few weeks ago, and yet it's already installed on 53% of relatively newer iPhones (introduced since September 2014) and 50% of all iPhones. Bottom line: It's the fastest acceptance of any Apple OS.

This is more than a minimally interesting statistic. It illustrates the key difference between Apple mobile devices and Android mobile devices: Although there are more Android users on the globe, Apple's users are much more of a community. That means many things from an Apple marketing perspective, but for IT, it means far greater security.

To read this article in full, please click here

Categories: Latest Security News

Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams

Computer World Security - Mon, 10/15/2018 - 14:52

New York University professor and global economist Nouriel Roubini testified before the U.S. Senate Committee on Banking last week, saying cryptocurrencies such as bitcoin are the mother of all scams and bubbles.

He followed that assertion up by calling blockchain, the technology unpinning bitcoin, "the most over-hyped — and least useful — technology in human history."

[ Further reading: What is FinTech (and how has it evolved)? ]

Today, Roubini doubled down on his claims in a column published on CNBC.com in which he said blockchain has promised to cure the world's ills through decentralization but is "just a ruse to separate retail investors from their hard-earned real money."

To read this article in full, please click here

Categories: Latest Security News

How secure are electronic voting machines? | Salted Hash Ep 48

Computer World Security - Thu, 10/11/2018 - 23:00
With the midterm elections looming, electronic voting machines are getting increased scrutiny. J.M. Porup, senior writer at CSO, sits in the hosts chair this episode, breaking down the security risk with content producer Juliet Beauchamp.
Categories: Latest Security News

Talking DerbyCon, spy chip whispers and Google's data breach | Salted Hash Ep 47

Computer World Security - Thu, 10/11/2018 - 23:00
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.
Categories: Latest Security News

Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'

Computer World Security - Thu, 10/11/2018 - 04:00

Data breaches have become so common, and so frequent, that when companies like Facebook or Google admit to data leaks or outright hacks, users fret, the companies pledge to do better, and government regulators (sometimes) issue stern warnings.

Lather. Rinse. Repeat.

In recent weeks, Facebook acknowledged a breach affecting 50 million users and Google had to fess up to a breach affecting Google Plus users after initially deciding to keep quiet.

To read this article in full, please click here

Categories: Latest Security News

Mingis on Tech: Data breaches in a world of 'surveillance capitalism'

Computer World Security - Thu, 10/11/2018 - 04:00
Facebook and Google recently acknowledged data breaches affecting millions of users. This won't be the last time that happens. CSO's J.M. Porup and Computerworld's Ken Mingis examine what's really going.
Categories: Latest Security News

Why Apple must be looking into using blockchain

Computer World Security - Wed, 10/10/2018 - 09:23

Everyone who can is looking into using Blockchain, and Apple is no exception, though it will be a long time before we see any consumer-facing implementations of this.

Apple looks at lots of technologies

If it’s on the Gartner Hype Cycle, you can bet a few bucks Apple is looking at it.

That’s why I think it will eventually introduce a 3D printer that works in conjunction with ARKit (unverified prediction), and also why it must be thinking about how to use blockchain.

To read this article in full, please click here

Categories: Latest Security News

What the heck is it with Windows updates?

Computer World Security - Wed, 10/10/2018 - 04:00

To help make life better for you, my loyal readers, I suffer by running Windows 7 and 10 on two harmless — never hurt anyone in their lives — PCs. Well, I did. But, in the last week I ran into not one, but two, showstopper update bugs.

First, on Windows 10, I was one of those “lucky” people who had files vaporize when I “updated” to Windows 10 October 2018 Update (version 1809). Because I only use Windows for trivial tasks, I didn’t lose anything valuable when the patch decided to erase everything in the My Documents folder.

[ Related: How to block the Windows 10 October 2018 Update, version 1809, from installing ]

Somehow, I think most Windows users use Windows for more important work than I do. I hope you have current backups. At least Computerworld’s Woody Leonhard has some good news: You can get those deleted files back.

To read this article in full, please click here

Categories: Latest Security News

Spy chips on servers? Lessons learned (and questions to ask)

Computer World Security - Sat, 10/06/2018 - 05:17

On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. 

To read this article in full, please click here

(Insider Story)
Categories: Latest Security News

Apple, Amazon server spy story is wake-up call to security pros (u)

Computer World Security - Fri, 10/05/2018 - 05:29

Apple and Amazon have strenuously denied Bloomberg’s claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips

Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it’s claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company’s server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here

Categories: Latest Security News

Apple, Amazon server spy story is wake-up call to security pros

Computer World Security - Fri, 10/05/2018 - 05:29

Apple and Amazon have strenuously denied Bloomberg’s claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips

Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it’s claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company’s server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here

Categories: Latest Security News

Time to lock the security team in a hotel room?

Computer World Security - Fri, 10/05/2018 - 04:00

IT security has laptops at this company really locked down, and that includes only limited admin rights, reports a road warrior pilot fish.

"On a recent trip, at my hotel I had to make an internet connection and open a web page to log into the hotel's internet service before I could get a connection to the real internet," fish says.

"Problem was, the work laptop was not going to let me use the browsers until I had established a VPN connection, which of course I could not do without the web page login.

"In a way, that was good -- I took some real vacation time.

"In another way, it was bad, I have big hands and fingers, so using an iPhone and those stupid virtual keyboards is a one-finger, error-prone task. An email that could take seconds to type on a full-size keyboard takes minutes on the phone.

To read this article in full, please click here

Categories: Latest Security News

Open door policy

Computer World Security - Mon, 10/01/2018 - 04:00

This server room is getting keycard access to make sure only those on the approved list are allowed to enter, reports a pilot fish on the scene.

"A card reader is installed on the outside of the door to get in," fish says. "But how to handle exiting the room? Someone has the bright idea that a system administrator inside the server room might have their hands full when they're trying to leave.

"So a motion sensor is installed on the inside, looking down on the doorway. That way, if someone walks up to the door from the inside, it will automatically unlock.

"But whoever created this system is a much more trusting soul than one of the sysadmins, who looks over the already installed system and sees the flaw.

To read this article in full, please click here

Categories: Latest Security News

Easy-to-prevent Apple flaw may threaten enterprise security

Computer World Security - Thu, 09/27/2018 - 07:46

An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing

Duo Security researchers say they’ve figured out how to enroll a rogue device onto an enterprise’s mobile device management (MDM) system if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrollment Program (DEP) but not yet set up on the company’s MDM server, they said.

To read this article in full, please click here

Categories: Latest Security News

Apple's dropping Back To My Mac Remote Access. Here's an Alternative, Currently Discounted.

Computer World Security - Fri, 09/21/2018 - 09:10

Apple is dropping the Back To My Mac remote access feature, and in a recent support document they urge you to be prepared by looking for alternatives.

RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.

To read this article in full, please click here

Categories: Latest Security News

Pages

Subscribe to SecurityFeeds aggregator