Latest Security News

Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams

Computer World Security - Mon, 10/15/2018 - 14:52

New York University professor and global economist Nouriel Roubini testified before the U.S. Senate Committee on Banking last week, saying cryptocurrencies such as bitcoin are the mother of all scams and bubbles.

He followed that assertion up by calling blockchain, the technology unpinning bitcoin, "the most over-hyped — and least useful — technology in human history."

[ Further reading: What is FinTech (and how has it evolved)? ]

Today, Roubini doubled down on his claims in a column published on CNBC.com in which he said blockchain has promised to cure the world's ills through decentralization but is "just a ruse to separate retail investors from their hard-earned real money."

To read this article in full, please click here

Categories: Latest Security News

Regulating the IoT: A conversation with Bruce Schneier | Salted Hash Ep 49

Computer World Security - Thu, 10/11/2018 - 23:00
Security expert and author Bruce Schneier talks with senior writer J.M. Porup about that widespread use of connected chips -- allowing hackers to access cars, refrigerators, toys and soon, even more home consumer items.
Categories: Latest Security News

How secure are electronic voting machines? | Salted Hash Ep 48

Computer World Security - Thu, 10/11/2018 - 23:00
With the midterm elections looming, electronic voting machines are getting increased scrutiny. J.M. Porup, senior writer at CSO, sits in the hosts chair this episode, breaking down the security risk with content producer Juliet Beauchamp.
Categories: Latest Security News

Talking DerbyCon, spy chip whispers and Google's data breach | Salted Hash Ep 47

Computer World Security - Thu, 10/11/2018 - 23:00
Steve Ragan and J.M. Porup catch up post-DerbyCon conference to discuss psychological issues in the infosec community, supply chain security and whether it's time to make China the boogeyman again, as well as Google's recent data breach.
Categories: Latest Security News

Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'

Computer World Security - Thu, 10/11/2018 - 04:00

Data breaches have become so common, and so frequent, that when companies like Facebook or Google admit to data leaks or outright hacks, users fret, the companies pledge to do better, and government regulators (sometimes) issue stern warnings.

Lather. Rinse. Repeat.

In recent weeks, Facebook acknowledged a breach affecting 50 million users and Google had to fess up to a breach affecting Google Plus users after initially deciding to keep quiet.

To read this article in full, please click here

Categories: Latest Security News

Mingis on Tech: Data breaches in a world of 'surveillance capitalism'

Computer World Security - Thu, 10/11/2018 - 04:00
Facebook and Google recently acknowledged data breaches affecting millions of users. This won't be the last time that happens. CSO's J.M. Porup and Computerworld's Ken Mingis examine what's really going.
Categories: Latest Security News

Why Apple must be looking into using blockchain

Computer World Security - Wed, 10/10/2018 - 09:23

Everyone who can is looking into using Blockchain, and Apple is no exception, though it will be a long time before we see any consumer-facing implementations of this.

Apple looks at lots of technologies

If it’s on the Gartner Hype Cycle, you can bet a few bucks Apple is looking at it.

That’s why I think it will eventually introduce a 3D printer that works in conjunction with ARKit (unverified prediction), and also why it must be thinking about how to use blockchain.

To read this article in full, please click here

Categories: Latest Security News

What the heck is it with Windows updates?

Computer World Security - Wed, 10/10/2018 - 04:00

To help make life better for you, my loyal readers, I suffer by running Windows 7 and 10 on two harmless — never hurt anyone in their lives — PCs. Well, I did. But, in the last week I ran into not one, but two, showstopper update bugs.

First, on Windows 10, I was one of those “lucky” people who had files vaporize when I “updated” to Windows 10 October 2018 Update (version 1809). Because I only use Windows for trivial tasks, I didn’t lose anything valuable when the patch decided to erase everything in the My Documents folder.

[ Related: How to block the Windows 10 October 2018 Update, version 1809, from installing ]

Somehow, I think most Windows users use Windows for more important work than I do. I hope you have current backups. At least Computerworld’s Woody Leonhard has some good news: You can get those deleted files back.

To read this article in full, please click here

Categories: Latest Security News

Spy chips on servers? Lessons learned (and questions to ask)

Computer World Security - Sat, 10/06/2018 - 05:17

On Thursday, Bloomberg Businessweek published an in-depth report alleging that Chinese suppliers for server hardware company Supermicro had placed microchips onto motherboards ordered by the San Jose-based company that were later sold to fill orders from as many as 30 customers. 

To read this article in full, please click here

(Insider Story)
Categories: Latest Security News

Apple, Amazon server spy story is wake-up call to security pros (u)

Computer World Security - Fri, 10/05/2018 - 05:29

Apple and Amazon have strenuously denied Bloomberg’s claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips

Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it’s claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company’s server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here

Categories: Latest Security News

Apple, Amazon server spy story is wake-up call to security pros

Computer World Security - Fri, 10/05/2018 - 05:29

Apple and Amazon have strenuously denied Bloomberg’s claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips

Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it’s claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company’s server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here

Categories: Latest Security News

Time to lock the security team in a hotel room?

Computer World Security - Fri, 10/05/2018 - 04:00

IT security has laptops at this company really locked down, and that includes only limited admin rights, reports a road warrior pilot fish.

"On a recent trip, at my hotel I had to make an internet connection and open a web page to log into the hotel's internet service before I could get a connection to the real internet," fish says.

"Problem was, the work laptop was not going to let me use the browsers until I had established a VPN connection, which of course I could not do without the web page login.

"In a way, that was good -- I took some real vacation time.

"In another way, it was bad, I have big hands and fingers, so using an iPhone and those stupid virtual keyboards is a one-finger, error-prone task. An email that could take seconds to type on a full-size keyboard takes minutes on the phone.

To read this article in full, please click here

Categories: Latest Security News

Open door policy

Computer World Security - Mon, 10/01/2018 - 04:00

This server room is getting keycard access to make sure only those on the approved list are allowed to enter, reports a pilot fish on the scene.

"A card reader is installed on the outside of the door to get in," fish says. "But how to handle exiting the room? Someone has the bright idea that a system administrator inside the server room might have their hands full when they're trying to leave.

"So a motion sensor is installed on the inside, looking down on the doorway. That way, if someone walks up to the door from the inside, it will automatically unlock.

"But whoever created this system is a much more trusting soul than one of the sysadmins, who looks over the already installed system and sees the flaw.

To read this article in full, please click here

Categories: Latest Security News

Easy-to-prevent Apple flaw may threaten enterprise security

Computer World Security - Thu, 09/27/2018 - 07:46

An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing

Duo Security researchers say they’ve figured out how to enroll a rogue device onto an enterprise’s mobile device management (MDM) system if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrollment Program (DEP) but not yet set up on the company’s MDM server, they said.

To read this article in full, please click here

Categories: Latest Security News

Apple's dropping Back To My Mac Remote Access. Here's an Alternative, Currently Discounted.

Computer World Security - Fri, 09/21/2018 - 09:10

Apple is dropping the Back To My Mac remote access feature, and in a recent support document they urge you to be prepared by looking for alternatives.

RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.

To read this article in full, please click here

Categories: Latest Security News

Back to the ol' spam-fighting drawing board

Computer World Security - Fri, 09/21/2018 - 04:00

Pilot fish returns from an extended holiday weekend to find his inbox full of spam -- and for once, dozens of the messages seem to be related.

"I was curious, so I didn't delete all 50 of them right away," says fish. "The first one was obviously spam -- a 'Hi, do you remember me, can we talk?' message with a phishing link.

"But the first reply was from an autoresponder at a legal-services company: Thank you for your email. You have reached the email inbox for... Please let us know if you have any questions."

The next message is from another autoresponder, replying not to the spam but to the first autoresponder: Thank you for contacting us. This is an automated response confirming the receipt of your ticket. Our team will get back to you as soon as possible.

To read this article in full, please click here

Categories: Latest Security News

Microsoft Patch Alert: Despite weird timing, September’s Windows and Office patches look good

Computer World Security - Thu, 09/20/2018 - 09:40

As we near the end of patching’s “C Week” (which is to say, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft’s patches for Intel’s Meltdown/Spectre bugs, you should be in good shape.

[ Related: Windows 10 October 2018 Update: Key enterprise features ] Why a Patch Monday?

On Sept. 17, Microsoft released two very-out-of-band cumulative updates for Windows 10:

To read this article in full, please click here

Categories: Latest Security News

Why Windows 10 is the most secure Windows ever

Computer World Security - Tue, 09/18/2018 - 15:40

Three years after its debut, Windows 10 is poised to overtake Windows 7 as the most popular version of the Windows operating system. Microsoft introduced virtualization-based security features – namely Device Guard and Credential Guard – in Windows 10, and in subsequent updates, has added other virtualization-based protections to the operating system.

Microsoft tackled the two biggest challenge for enterprises with Windows 10, password management and protecting the operating system from attackers. Windows Defender was renamed Windows Security in 2017 and now includes anti-malware and threat detection, firewall and network security, application and browser controls, device and account security, and device health. Windows Security shares status information between Microsoft 365 services and interoperates with Windows Defender Advanced Threat Protection, Microsoft's cloud-based forensic analysis tool.

To read this article in full, please click here

Categories: Latest Security News

Easy way to bypass passcode lock screens on iPhones, iPads running iOS 12

Computer World Security - Tue, 09/18/2018 - 12:16
Update for iOS 12

With iOS 12 and iPhones that have Touch ID, you can still bypass the iPhone lock screen and trick Siri into getting into a person's phone. The bypass is the same as it was in earlier versions of the operating system:

  • Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up.
  • Say to Siri: Cellular data.

Siri then opens the cellular data settings where you can turn off cellular data.

[ Further reading: How to use a strong passcode to better secure your iPhone ]

As was the case before, anyone can do this. It doesn't have to be the person who "trained" Siri.

To read this article in full, please click here

Categories: Latest Security News

9+ iOS 12 security improvements you should know about

Computer World Security - Tue, 09/18/2018 - 05:03

Apple has shipped iOS 12 and it’s packed with new security improvements and settings every user needs to know about.

Ad tracking

Apple has made it much harder for data harvesting companies to exfiltrate your data without you knowing.

Safari in iOS 11 blocked third-party cookies that tracked you across multiple websites and cookies older than 30-days in age.

iOS 12 also gives you the option to block social media sharing icons and comment boxes from tracking you. Apple has also made it much harder for fingerprinting technologies to track and identify you by gathering information about your device, such as capacity or installed apps.

To read this article in full, please click here

Categories: Latest Security News

Pages

Subscribe to SecurityFeeds aggregator - Latest Security News