Latest Security News

Microsoft CEO supports Apple on privacy

Computer World Security - Tue, 02/26/2019 - 07:00

Microsoft CEO Satya Nadella seems to agree with Apple CEO Tim Cook when it comes to privacy, calling this a “fundamental human right.”

Microsoft CEO: Privacy a 'human right'

Despite the lack of a successful smartphone franchise, Microsoft is still very much part of today’s industry with a range of services across the mobile ecosystem. That’s probably why Nadella is such an active attendee at Mobile World Congress 2019.

What’s really interesting about what he said during a speech at the show is the extent to which his thinking aligns with what Apple is doing around privacy. For example:

To read this article in full, please click here

Categories: Latest Security News

Microsoft CEO supports Apple on privacy

Computer World Security - Tue, 02/26/2019 - 07:00

Microsoft CEO Satya Nadella seems to agree with Apple CEO Tim Cook when it comes to privacy, calling this a “fundamental human right”.

Microsoft CEO: Privacy a 'human right'

Despite the lack of a successful smartphone franchise, Microsoft is still very much part of today’s industry with a range of services across the mobile ecosystem. That’s probably why Nadella is such an active attendee at Mobile World Congress 2019.

What’s really interesting about what he said during a speech at the show is the extent to which his thinking aligns with what Apple is doing around privacy, for example:

To read this article in full, please click here

Categories: Latest Security News

Microsoft opens top-tier Defender ATP security to Windows 7 PCs

Computer World Security - Mon, 02/25/2019 - 09:28

Microsoft's Windows Defender Advanced Threat Protection (ATP) service is now available for PCs running Windows 7 and Windows 8.1.

The decision to add devices powered by those operating systems was first announced a year ago. At the time, Microsoft said ATP's Endpoint Detection & Response (EDR) functionality would be available for the older OSes by summer 2018.

[ Related: Windows 7 to Windows 10 migration guide ]

Windows Defender ATP is a service that detects ongoing attacks on corporate networks, then follows up to investigate the attack or breach and provides response recommendations and attack remediation. Software baked into Windows 10 detects attacks, while a central management console allows IT administrators to monitor the status of covered devices and react if necessary. Adding the EDR client software to Windows 7 and Windows 8.1 PCs gives enterprise IT the same visibility into those machines as it has had into Windows 10 systems.

To read this article in full, please click here

Categories: Latest Security News

Microsoft opens top-tier Defender ATP security to Windows 7 PCs

Computer World Security - Mon, 02/25/2019 - 09:28

Microsoft's Windows Defender Advanced Threat Protection (ATP) service is now available for PCs running Windows 7 and Windows 8.1.

The decision to add devices powered by those operating systems was first announced a year ago. At the time, Microsoft said ATP's Endpoint Detection & Response (EDR) functionality would be available for the older OSes by summer 2018.

[ Related: Windows 7 to Windows 10 migration guide ]

Windows Defender ATP is a service that detects ongoing attacks on corporate networks, then follows up to investigate the attack or breach and provides response recommendations and attack remediation. Software baked into Windows 10 detects attacks, while a central management console allows IT administrators to monitor the status of covered devices and react if necessary. Adding the EDR client software to Windows 7 and Windows 8.1 PCs gives enterprise IT the same visibility into those machines as it has had into Windows 10 systems.

To read this article in full, please click here

Categories: Latest Security News

Get ready for the age of sensor panic

Computer World Security - Sat, 02/23/2019 - 04:00

A passenger on a Singapore Airlines flight this week noticed a small, circular indentation below the image playing on the seatback in-flight entertainment system in front of him. Could that be, he wondered, a camera?

The passenger did the only logical thing: He tweeted out a photo and asked the Twitterverse for opinions, setting off a chorus of complainers on Twitter.

Singapore Airlines also responded to the tweets, saying that the camera was not used by the airline to capture pictures or video. It then told media outlets in a statement that the embedded cameras “have been intended by the manufacturers for future developments. These cameras are permanently disabled on our aircraft and cannot be activated on board. We have no plans to enable or develop any features using the cameras.”

To read this article in full, please click here

Categories: Latest Security News

Get ready for the age of sensor panic

Computer World Security - Sat, 02/23/2019 - 04:00

A passenger on a Singapore Airlines flight this week noticed a small, circular indentation below the image playing on the seatback in-flight entertainment system in front of him. Could that be, he wondered, a camera?

The passenger did the only logical thing: He tweeted out a photo and asked the Twitterverse for opinions, setting off a chorus of complainers on Twitter.

Singapore Airlines also responded to the tweets, saying that the camera was not used by the airline to capture pictures or video. It then told media outlets in a statement that the embedded cameras “have been intended by the manufacturers for future developments. These cameras are permanently disabled on our aircraft and cannot be activated on board. We have no plans to enable or develop any features using the cameras.”

To read this article in full, please click here

Categories: Latest Security News

Apple is losing value and that’s a good thing

Computer World Security - Fri, 02/22/2019 - 09:50

Apple must be doing something right as the cost of Apple ID data on the Dark Web has dropped, even as the value of Fortnite, Facebook, Netflix and Uber accounts has increased.

Apple is losing value

Last year, I reported that online scammers were spending up to $15 per account on Apple ID information, making Apple customers, “the most appealing targets” for scammers.

That’s changed.

The latest edition of Top10VPN’s ​Dark Web Market Price Index​ claims scammers are only willing to spend up to $11 for this information today and are targeting arguably less well-secured services instead.

To read this article in full, please click here

Categories: Latest Security News

Apple is losing value and that’s a good thing

Computer World Security - Fri, 02/22/2019 - 09:50

Apple must be doing something right as the cost of Apple ID data on the Dark Web has dropped, even as the value of Fortnite, Facebook, Netflix and Uber accounts has increased.

Apple is losing value

Last year, I reported that online scammers were spending up to $15 per account on Apple ID information, making Apple customers, “the most appealing targets” for scammers.

That’s changed.

The latest edition of Top10VPN’s ​Dark Web Market Price Index​ claims scammers are only willing to spend up to $11 for this information today and are targeting arguably less well-secured services instead.

To read this article in full, please click here

Categories: Latest Security News

Apple is learning why shortcut security is a bad idea

Computer World Security - Wed, 02/20/2019 - 12:00

When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through to get their internal apps posted. It chose convenience and, well, you can guess what happened.

Media reports say pirate developers used the enterprise program to improperly distribute tweaked versions of popular apps — including Spotify, Angry Birds, Pokemon Go and Minecraft — while others used the platform to distribute porn apps along with real-money gambling apps. And all the bad guys had to do was lie to Apple reps about being associated with legitimate businesses. Apple didn't bother to investigate or otherwise verify the answers.

To read this article in full, please click here

Categories: Latest Security News

Apple is learning why shortcut security is a bad idea

Computer World Security - Wed, 02/20/2019 - 12:00

When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through to get their internal apps posted. It chose convenience and, well, you can guess what happened.

Media reports say pirate developers used the enterprise program to improperly distribute tweaked versions of popular apps — including Spotify, Angry Birds, Pokemon Go and Minecraft — while others used the platform to distribute porn apps along with real-money gambling apps. And all the bad guys had to do was lie to Apple reps about being associated with legitimate businesses. Apple didn't bother to investigate or otherwise verify the answers.

To read this article in full, please click here

Categories: Latest Security News

Microsoft delays Windows 7's update-signing deadline to July

Computer World Security - Tue, 02/19/2019 - 14:03

Microsoft has revised its schedule to dump support for an outdated cryptographic hash standard by postponing the deadline for Windows 7.

Microsoft, like other software vendors, digitally "signs" updates before they are distributed via the Internet. SHA-1 (Secure Hash Algorithm 1), which debuted in 1995, was declared insecure a decade later, but it was retained for backward-compatibility reasons, primarily for Windows 7. Microsoft wants to ditch SHA-1 and rely only on the more-secure SHA-2 (Secure Hash Algorithm 2).

[ Related: Windows 7 to Windows 10 migration guide ]

Late last year, Microsoft said that it would update Windows 7 and Windows Server 2008 R2 SP1 (Service Pack 1) this month with support for SHA-2. Systems running those operating systems would not receive the usual monthly security updates after April's collection, slated for release April 9, Microsoft promised at the time.

To read this article in full, please click here

Categories: Latest Security News

Microsoft delays Windows 7's update-signing deadline to July

Computer World Security - Tue, 02/19/2019 - 14:03

Microsoft has revised its schedule to dump support for an outdated cryptographic hash standard by postponing the deadline for Windows 7.

Microsoft, like other software vendors, digitally "signs" updates before they are distributed via the Internet. SHA-1 (Secure Hash Algorithm 1), which debuted in 1995, was declared insecure a decade later, but it was retained for backward-compatibility reasons, primarily for Windows 7. Microsoft wants to ditch SHA-1 and rely only on the more-secure SHA-2 (Secure Hash Algorithm 2).

[ Related: Windows 7 to Windows 10 migration guide ]

Late last year, Microsoft said that it would update Windows 7 and Windows Server 2008 R2 SP1 (Service Pack 1) this month with support for SHA-2. Systems running those operating systems would not receive the usual monthly security updates after April's collection, slated for release April 9, Microsoft promised at the time.

To read this article in full, please click here

Categories: Latest Security News

Yabba dabba doo!

Computer World Security - Tue, 02/19/2019 - 04:00

Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can’t find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That’s easy enough — but it doesn’t work. Fish gets a message saying his account wasn’t found or the password didn’t match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here

Categories: Latest Security News

Yabba dabba doo!

Computer World Security - Tue, 02/19/2019 - 04:00

Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can’t find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That’s easy enough — but it doesn’t work. Fish gets a message saying his account wasn’t found or the password didn’t match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here

Categories: Latest Security News

CIOs, you’re doing blockchain wrong

Computer World Security - Fri, 02/15/2019 - 04:00

IT leaders who've taken the plunge into blockchain are mainly deploying it in proofs-of-concept tests to address the same problems a conventional database could handle, according to research firm Gartner.

Relying on a survey of consulting firms whose clients had deployed some form of blockchain, Gartner found that CIOs are using blockchain for shared record keeping and asset tracking. They're not using it as a decentralized ledger able to support immutable data audit trails for exchanging a single version of transactional truth – the core mission at the heart of blockchain.

For many, blockchain remains a technology in search of a problem, Gartner said in a research note.

To read this article in full, please click here

(Insider Story)
Categories: Latest Security News

CIOs, you’re doing blockchain wrong

Computer World Security - Fri, 02/15/2019 - 04:00

IT leaders who've taken the plunge into blockchain are mainly deploying it in proofs-of-concept tests to address the same problems a conventional database could handle, according to research firm Gartner.

To read this article in full, please click here

(Insider Story)
Categories: Latest Security News

Mozilla to harden Firefox defenses with site isolation, a la Chrome

Computer World Security - Thu, 02/14/2019 - 12:13

Mozilla plans to boost Firefox's defensive skills by mimicking the "Site Isolation" technology introduced to Google's Chrome last year.

Dubbed "Project Fission," the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device's memory of critical information, such as authentication credentials and encryption keys.

[ Further reading: 14 must-have Firefox add-ons ]

"We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities," Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. "To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation." Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here

Categories: Latest Security News

Mozilla to harden Firefox defenses with site isolation, a la Chrome

Computer World Security - Thu, 02/14/2019 - 12:13

Mozilla plans to boost Firefox's defensive skills by mimicking the "Site Isolation" technology introduced to Google's Chrome last year.

Dubbed "Project Fission," the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device's memory of critical information, such as authentication credentials and encryption keys.

[ Further reading: 14 must-have Firefox add-ons ]

"We aim to build a browser which isn't just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities," Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. "To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation." Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here

Categories: Latest Security News

How to use your Mac safely in public places

Computer World Security - Thu, 02/14/2019 - 11:59

Coffee shops across the planet are populated by earnest Apple Mac-wielding remote and/or freelance workers – but are they taking steps to protect themselves in a public place? Follow this checklist to make sure you are protected.

12 ways to use your Mac safely in public places 1. Worry about Wi-Fi

Public Wi-Fi networks are dangerous places, not least because you don’t really know how the network is set up or who else is sitting on the same network with you.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

Criminals are known to set up legitimate-seeming hotspots on which their software lurks, attempting to take data (including your bank and intranet passcodes) in transit. Please beware:

To read this article in full, please click here

Categories: Latest Security News

How to use your Mac safely in public places

Computer World Security - Thu, 02/14/2019 - 11:59

Coffee shops across the planet are populated by earnest Apple Mac-wielding remote and/or freelance workers – but are they taking steps to protect themselves in a public place? Follow this checklist to make sure you are protected.

12 ways to use your Mac safely in public places 1. Worry about Wi-Fi

Public Wi-Fi networks are dangerous places, not least because you don’t really know how the network is set up or who else is sitting on the same network with you.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

Criminals are known to set up legitimate-seeming hotspots on which their software lurks, attempting to take data (including your bank and intranet passcodes) in transit. Please beware:

To read this article in full, please click here

Categories: Latest Security News

Pages

Subscribe to SecurityFeeds aggregator - Latest Security News