Latest Security News
Everyone lives on the internet, period. Whether you’re streaming a standup special on Netflix, answering emails from your boss, chatting on Tinder, or completing everyday errands like paying bills online, you’re likely spending most of your day tangled up in the world wide web.
Unfortunately, that makes you a high-risk candidate for a cyber attack at some point along the way, be it through malware, phishing, or hacking. Best-case scenario, it sucks up your time to fix (or your money by paying someone else to fix it). Worst case scenario, it puts you and your computer out of commission for days and damages your files beyond repair. Not to mention the sheer terror of knowing some hacker has complete and total access to virtually everything about you, including all of your banking and credit card information. Malwarebytes is a free program built to help you avoid the above scenarios altogether — and it makes traditional antivirus look old, tired, and played out (seriously it’s free, download it here).
Mozilla has added a data breach notification to Firefox that warns the browser's users when their email address and credentials may have been obtained by hackers.
Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone -- not only Firefox users -- can steer to the service website, enter an email address and be told if that address was among those involved in successful, publicly-known breach attacks. Next steps were up to the user, including the obvious of changing the password(s) connected to that email address and/or website(s).[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]
Notifications of the latest breaches were sent by Firefox Monitor to the user-submitted address. "Your email address will be scanned against those data breaches, and we'll let you know through a private email if you were involved," wrote Nick Nguyen, Mozilla's vice president of product strategy, in a Sept. 25 post to a company blog.
A Windows expert this week urged Microsoft to put its money where its mouth is and produce a status dashboard or website that reports and tracks problems with the operating system.
Coincidentally or not, on Wednesday Microsoft said it would launch a "Windows update status dashboard," but did not name a timetable except for a broad "in the coming year."[ Related: The best places to find Windows 10 ISOs ]
"I can go to this page and see if something happening with Office 365 is just a me thing or if everyone else is seeing the same," said Susan Bradley in a Nov. 13 email reply to questions, referring to the Office 365 Admin Center. (Note: Only those with administrative credentials have access; it's not meant to provide information to end users.) "(But) if I want to find out if something is a known issue with Windows 10, I have to dig through - and monitor for changes - these pages," she continued, listing two separate support documents for one such known issue.
It's tough to talk about Android security without venturing into sensational terrain.
A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.
In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.
Your private data can reveal a lot about you, such as bank information, spending habits, and even the websites you frequent. This makes large companies like Facebook and Yahoo prime targets for data breaches because of their vast library of user data. Nowadays, it’s more important than ever for companies to remain vigilant against hackers, lest their customers’ privacy and trust be lost.
To defend against such threats, companies hire security professionals who know how to identify and exploit vulnerabilities in security systems. These “ethical hackers” employ the same methods malicious hackers do, but they also patch and report these vulnerabilities to their employers to prevent future intrusions. With data breaches on the rise, the demand for ethical hackers has increased, making this career path both stable and profitable. If you’re interested in learning how to hack security systems (legally, of course) then this $39 Ethical Hacking A to Z Training Bundle is for you.
iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you've been thinking about remote access solutions, now is a good time to consider RemotePC. Learn more about it here.
Windows 10 powered to its third anniversary this year, but one branch, identified by the initials L-T-S-B, remained an enigma to most corporate users.
LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.[ Related: Fix Windows 10 problems with these free Microsoft tools ]
That hasn't happened, in part because Microsoft has steered customers away from LTSB.
Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).
Apple's voice-activated digital assistant, Siri, has come in for more than its share of criticism that it has fallen behind other voice assistants in some ways. Critics don’t seem to understand that Apple’s voice assistant is an enterprise product.Why is Siri an enterprise product?
This is what happens when you use a voice search tool: You activate the assistant, it listens to what you say, identifies that a request is being made and sends that request to the cloud to be resolved and responded to.
Google's Smart Lock system for Chrome OS is one of those things that sounds spectacular on paper but then frequently falls flat in the real world.
You know about Smart Lock by now, right? It's something Google created to turn your Android phone into a contact-free key for your Chromebook: Anytime the phone is close to the computer, Chrome OS will automatically detect its presence — and as long as the phone is unlocked, the laptop will let you skip the usual password prompt and hop right in with just a quick click on the sign-on screen.
Flashback a few decades to the days when this pilot fish is a supervisor in the call center for a big mail-order PC company.
"Our agents were privy to a customer's credit card information right in the call tracking system," says fish. "We trusted 600 agents with nearly unlimited access to this customer information without ever a single theft from our people."
But the call center manager decides the operation needs a way to approve replacement parts to be shipped to customers.
That leads to a new process: When a call-center agent is sending a simple part -- say, a new mouse or inexpensive sound card -- the agent types in his badge number, then must turn his head to get his supervisor's attention.
Apple has apparently been able to permanently block de-encryption technology from a mysterious Atlanta-based company whose blackbox device was embraced by government agencies to bypass iPhone passcodes.
Atlanta-based Grayshift is one of two companies that claimed it could thwart Apple iPhone passcode security through brute-force attacks.
The blackbox technology purportedly worked, as Grayshift’s technology was snapped up by regional law enforcement and won contracts with Immigration and Customs Enforcement (ICE) and the U.S. Secret Service.
Another vendor, Israel-based Cellebrite, also discovered a way to unlock encrypted iPhones running iOS 11 and marketed its product to law enforcement and private forensics firms around the world. According to a police warrant obtained by Forbes, the U.S. Department of Homeland Security tested the technology.
Back on Oct. 18, a “C Week” Thursday, Microsoft released hefty rounds of bug fixes for Win10 1607, 1703 and 1709. At the time, I wondered out loud why the latest (unyanked) version of Win10, version 1803, didn’t get a similar dose. Now, on a “D Week” Wednesday, it looks like we’ve seen the deluge.
Apple CEO, Tim Cook spoke up for privacy at a conference of European privacy commissioners in Brussels this morning.'AI must respect human values'
The themes of this year’s conference is “Debating Ethics: Dignity and Respect in Data Driven Life", Cook is the first tech CEO to serve as the keynote speaker for the conference and was invited to speak.
He talked about data, put in a bid for a bill of U.S. digital rights, slammed competitors for profiting while unleashing powerfully negative forces, and spoke up for a GDPR-style privacy protection in the U.S.
This IT pilot fish has been supporting a customer remotely through a VPN that's usually pretty solid -- but definitely not always.
"Every now and then it disconnected me randomly," says fish. "Then it continued disconnecting me repeatedly every 30 to 60 seconds.
"I went through the usual litany of rebooting, trying a different computer, trying a different network, etc. Every time I got the help desk involved, they pulled a bunch of different logs that basically just said 'disconnected' without any cause given.
"After several rounds of changes that miraculously fixed it, then suddenly stopped working again, the issue got escalated to a high-enough tier that an answer was forthcoming.
This IT pilot fish works with lots of sensitive data -- and that means really sensitive, such as child abuse investigations.
"Until a few years ago, I had access to all that data, so I could write ad-hoc reports against it," says fish. "We 'systems' people were given access to everything, so we could troubleshoot application problems for the users.
"Then one day I was called into the CEO's office. He told me that according to the logs, I did a search against the Child Welfare data for a particular family on a date and time six months earlier -- and wanted to know why I did the search."
As best fish can recall, he was doing the search to troubleshoot a particular report that one caseworker was trying to run. To do that, he used his own workstation to duplicate the steps that the caseworker took to get to the error.
This month’s bad patches made headlines. Lots of headlines. For good reason.
You have my sympathy if you clicked “Check for updates” and got all of the files in your Documents and Photos folders deleted. Even if you didn’t become a “seeker” (didn’t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP (“Metro” Store) apps might have been kicked off the internet.
You didn’t need to lift a finger.[ Further reading: Windows 10 update (and retirement) calendar: Mark these dates ] Worst Windows 10 rollout ever
Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:
The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.
"In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]
The latest version of Apple's mobile operating system — iOS 12 — was released just a few weeks ago, and yet it's already installed on 53% of relatively newer iPhones (introduced since September 2014) and 50% of all iPhones. Bottom line: It's the fastest acceptance of any Apple OS.
This is more than a minimally interesting statistic. It illustrates the key difference between Apple mobile devices and Android mobile devices: Although there are more Android users on the globe, Apple's users are much more of a community. That means many things from an Apple marketing perspective, but for IT, it means far greater security.