Latest Security News

FAQ: Windows 10 LTSB explained

Computer World Security - 2 hours 2 min ago

Windows 10 will power to its third anniversary this summer, but one branch, identified by the initials L-T-S-B, remains an enigma to most corporate users.

LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.

That hasn't happened, in part because Microsoft has steered customers away from LTSB.

Just what is LTSB? And what has Microsoft done to make it an afterthought?

To read this article in full, please click here

Categories: Latest Security News

Patching meltdown: Windows fixes, sloppy .NET, warnings about Word and Outlook

Computer World Security - Fri, 01/19/2018 - 12:28

On the heels of the Jan. 17 release of 14 Windows and .NET patches, we now have a huge crop of new patches, revised older patches, warnings about bugs, and a bewildered ecosystem of Microsoft customers who can’t figure out what in the blue blazes is going on.

Let’s step through the, uh, offerings on Jan. 18.

Windows 10 patches

Win10 Fall Creators Update version 1709 — Cumulative update KB 4073291 brings the Meltdown/Spectre patches to 32-bit machines. What, you thought 32-bit machines already had Meltdown/Spectre patches? Silly mortal. Microsoft’s Security Advisory ADV180002 has the dirty details in the fine print, point 7:

To read this article in full, please click here

Categories: Latest Security News

Mozilla mandates that new Firefox features rely on encrypted connections

Computer World Security - Thu, 01/18/2018 - 13:37

Mozilla this week decreed that future web-facing features of Firefox must meet an under-development standard that requires all browser-to-server-and-back traffic be encrypted.

"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," wrote Mozilla engineer Anne van Kesteren in a post to a company blog. "A feature can be anything from an extension of an existing IDL-defined object, a new CSS property, a new HTTP response header, to bigger features such as WebVR."

[ More info: 14 must-have Firefox add-ons of 2017 ]

Secure contexts, dubbed a "minimum security level," is a pending standard of the W3 (World Wide Web Consortium), the primary standards body for the web. Secure contexts' main purpose, according to its documentation: "Application code with access to sensitive or private data be delivered confidentially over authenticated channels that guarantee data integrity."

To read this article in full, please click here

Categories: Latest Security News

More Windows patches, primarily previews, point to escalating problems this month

Computer World Security - Thu, 01/18/2018 - 09:39

Never give a sucker an even break. Yesterday, on a very out-of-band Wednesday, Microsoft released preview patches for Windows 8.1 (but not 7!), Server 2012, and Windows 10 1709 (for bricked AMD machines only), with preview cumulative updates for Win10 1703 and 1607. There are also nine different .NET preview patches.

What should you do? Nothing. More accurately, make sure you DON’T install any of them. Fortunately, all of these patches require that you download and install them — and you’d have to be crazy (or an admin trying to shore up some critical servers) to dive into the cesspool.

It’s the same advice I’ve been giving all month. There’s nothing here that you need right now — there are no known exploits for Meltdown or Spectre in the wild, in particular — and machines are dropping like flies.

To read this article in full, please click here

Categories: Latest Security News

Throwback Thursday: What are the odds?

Computer World Security - Thu, 01/18/2018 - 06:00

Internet filter is installed at this site, and in the beginning, there are complaints from users who can't get to their favorite non-business sites, says an IT pilot fish working there.

But after six months and lots of explanations to users, the complaints have stopped. "Then one Saturday evening, a user called me," fish says.

"He called to report that something must be wrong, because he could get to his lottery numbers tonight.

"I told him thanks, and that I would inform the individual in charge of the filter on Monday morning, as it wasn't stopping anything production-critical during the weekend hours.

"I still can't decide which is funnier: the fact that apparently every day for nearly six months this user tried to get to his lottery numbers even though the page should have never loaded again -- or that, when he actually was able to, he reported it as a problem."

To read this article in full, please click here

Categories: Latest Security News

InSpectre: See whether your PC's protected from Meltdown and Spectre

Computer World Security - Tue, 01/16/2018 - 14:16

If you’re wondering whether your computer is susceptible to the latest bête noir, Meltdown and Spectre, you can take the official Microsoft patch and, after a suitable amount of technical drudgery, come away with a result that doesn’t answer much. Or you can try Steve Gibson’s new InSpectre and – with suitable caveats – see some meaningful results and a few hints about catching up.

Microsoft has a complex PowerShell script that details your machine’s exposure to the Meltdown and Spectre security flaws. Running that script on all but the simplest and most up-to-date systems turns into a hair-pulling exercise, and the results are coated in 10 layers of technical gobbledygook.

To read this article in full, please click here

Categories: Latest Security News

Microsoft's mystifying Meltdown/Spectre patches for AMD processors

Computer World Security - Tue, 01/16/2018 - 10:33

I’ve seen a lot of bizarre Microsoft patches-of-patches, but the new patches for AMD processors are in a world of their own. The security-only, manually downloadable patches appear to be Meltdown/Spectre patches for machines that were bricked by other bad patches, earlier this month, but they’ve arrived with no instructions — and a strange circular logic.

Last week, Microsoft released two patches, with these official titles:

  • KB 4073578: Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1
  • KB 4073576: Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2

The Win7 KB article says:

To read this article in full, please click here

Categories: Latest Security News

How to make sure Windows gets the right patches coming to it

Computer World Security - Tue, 01/16/2018 - 06:12

The Windows emergency security updates issued by Microsoft earlier this month came with an unprecedented prerequisite - a new key stored in the operating system's registry - that antivirus vendors were told to generate after they'd guaranteed their code wouldn't trigger dreaded Blue Screens of Death (BSoD) when users apply the patches.

The demands confused customers, and fueled a flood of support documents and an avalanche of web content. Those who heard about the Meltdown and Spectre vulnerabilities struggled to figure out whether their PCs were protected, and if not, why not. Millions more, not having gotten wind of the potential threat, carried on without realizing that their PCs might be barred from receiving several months' worth of security updates.

To read this article in full, please click here

Categories: Latest Security News

Are mass transit systems the next cybersecurity target? | Salted Hash Ep 14

Computer World Security - Mon, 01/15/2018 - 09:00
Host Steve Ragan talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems -- and what can be done.
Categories: Latest Security News

CES 2018: The top 9 new products for the enterprise

Computer World Security - Fri, 01/12/2018 - 11:24
Alexa on Windows 10 PCs at CES 2018

Image by HP

At CES 2018 everyone was talking about – or talking to –’s Alexa digital assistant. It’s omnipresent – around the home and in phones, cars and, increasingly, offices. You’ll probably even find it in your next Windows 10 PC. It’s already in the new HP Pavilion Wave small form-factor PC (pictured); the Aspire, Spin, Switch and Swift notebooks from Acer; the 2018 ZenBook and VivoBook from Asus, and the Thinkpad X1 Carbon and Yoga devices from Lenovo.

To read this article in full, please click here

Categories: Latest Security News

Intel says new firmware patches trigger reboots in Haswell and Broadwell systems

Computer World Security - Fri, 01/12/2018 - 08:18

The headlong race to cover the Meltdown/Spectre debacle has claimed another victim. In a surprising move, Intel has raised a red flag about some of its firmware patches. What should you do? Wait.

Yesterday, Intel executive VP Navin Shenoy posted on the company blog:

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.

To read this article in full, please click here

Categories: Latest Security News

Microsoft reinstates Meltdown/Spectre patches for some AMD processors — but which ones?

Computer World Security - Thu, 01/11/2018 - 12:38

As we rappel down the Patch Tuesday rabbit hole this month, Microsoft just announced it’s going to start pushing its January Windows security patches onto AMD processors again. But it neglects to mention which ones. Per a late-night change to KB 4073707:

Microsoft has resumed updating the majority of AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown.

To read this article in full, please click here

Categories: Latest Security News

Windows 7 takes biggest performance hit from emergency Meltdown, Spectre updates

Computer World Security - Thu, 01/11/2018 - 08:09

Microsoft said Tuesday that Windows 7 PCs would run slower after receiving and installing the crash updates designed to stymie attacks that leverage the recently-disclosed vulnerabilities in virtually every in-use microprocessor.

But for Windows 10, a Microsoft executive said, "We don't expect most users to notice a change because these [slowdown] percentages are reflected in milliseconds."

The contrast, general though it was, came from Terry Myerson, who leads the company's Windows group.

"With Windows 10 on newer silicon (2016-era PCs with Skylake, Kaby Lake or newer CPU), benchmarks show single-digit slowdowns," Myerson wrote in a Tuesday post to a Microsoft blog. Skylake and Kaby Lake were the codenames for the Intel processors launched in 2015 and 2016, respectively. The bulk of new personal computers sold in 2016 and 2017 were equipped with Skylake or Kaby Lake CPUs (central processor units).

To read this article in full, please click here

Categories: Latest Security News

A mess of Microsoft patches, warnings about slowdowns — and antivirus proves crucial

Computer World Security - Wed, 01/10/2018 - 12:22

Welcome to another banner Patch Tuesday. Microsoft yesterday released 56 separately identified security patches for every supported version of Windows, Office, .Net, Internet Explorer and Edge. Out of that monstrous pile, only one patch cures a currently exploited problem — a flaw in Word’s Equation Editor that should have been fixed in November.

If you’re a “normal” user, your first priority shouldn’t be Microsoft’s patches, notwithstanding the fabulous PR job performed on Meltdown and Spectre’s behalf. Assuming you don’t open random Word docs with dicey embedded equations, your main concern right now should be getting your antivirus house in order.

To read this article in full, please click here

Categories: Latest Security News

Microsoft sets novel antivirus prerequisite before offering Windows emergency updates

Computer World Security - Wed, 01/10/2018 - 08:03

Microsoft last week took the unprecedented step of requiring customers to have up-to-date antivirus software on their personal computers before it would hand over a critical security update.

"This was unique," said Chris Goettl, product manager with client security and management vendor Ivanti. "But there was a danger here."

Goettl was talking about the emergency updates Microsoft issued last week to bolster Windows' defenses against potential attacks leveraging the vulnerabilities labeled Meltdown and Spectre by researchers. Operating system and browser makers have shipped updates designed to harden systems against the vulnerabilities, which stemmed from design flaws in modern processors from companies such as Intel, AMD and ARM.

To read this article in full, please click here

Categories: Latest Security News

How blockchain makes self-sovereign identities possible

Computer World Security - Wed, 01/10/2018 - 06:12

One of the curious constructions of the Internet is the term identity provider. You don’t need anyone to provide you with an identity, of course. You have an innate one by virtue of being human. Rather, so-called identity providers, or IDPs, provide you with an identifier, a means of recording attributes important to that provider, and some method of proving it’s you – usually a password.

This is not surprising since online identity has traditionally been viewed through the lens of an organization and its needs, not the individual and his or her needs. Identity systems are created to administer identifiers and attributes within a specific domain. The result: people end up with hundreds of online personas at hundreds of organizations. Each of these administrative identity systems is proprietary and owned by the organization that provides it; you really don’t have an online identity that’s independent of these many systems. Got a new address, or an updated credit card number? You’ll have to deal with each of these systems one at a time in whatever manner they require.

To read this article in full, please click here

Categories: Latest Security News

How to protect Windows 10 PCs from ransomware

Computer World Security - Wed, 01/10/2018 - 06:00

CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.

To read this article in full, please click here

(Insider Story)
Categories: Latest Security News

How to use parental controls to protect your iPhone

Computer World Security - Mon, 01/08/2018 - 10:06

Even while we accept that coding skills are key to some future employment, Apple is under some pressure to improve parental controls to help prevent children from becoming hooked on their phones. Apple already provides some protection parents can use to limit their children’s smartphone use. Here’s what you need to know:

What are Apple's parental controls?

Apple has similar controls for iPads, iPhones, Macs and the Apple TV. Apple calls these Restrictions, and you can use them to block or limit apps and features that children can access on their device. Among other things, these tools can restrict use of Safari, the camera, Siri, FaceTime, AirDrop, CarPlay and individual apps.

To read this article in full, please click here

Categories: Latest Security News

DJI's bounty problems and video surveillance programs | Salted Hash Ep 13

Computer World Security - Mon, 01/08/2018 - 09:00
Host Steve Ragan unpacks the latest news about Chinese company DJI's bug bounty program, plus new developments in video surveillance and more, with Fahmida Rashid.
Categories: Latest Security News

Buggy Win7 Meltdown patch KB 4056894 throwing blue screens

Computer World Security - Mon, 01/08/2018 - 08:28

Microsoft’s hasty Meltdown/Spectre patches, released late on Jan. 4, have started baring their fangs. Complaints about Win10 Fall Creators Update cumulative update KB 4056892 and Win7 Monthly Rollup KB 4056894 resulting in blue screens — particularly on AMD Athlon, Sempron, Opteron and Turion processors — started appearing shortly after the patches were released.

To read this article in full, please click here

Categories: Latest Security News


Subscribe to SecurityFeeds aggregator - Latest Security News