Getting passwords right for you and your business

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 04 May 2021 04:00:00 -0700

Chances are you’ve never heard of the National Institute of Standards and Technology (NIST) Special Publication 800-63, Appendix A. But you’ve been using its contents from your first online account and password until today. That’s because, within it, you’ll find the first password rules such as requiring a combination of a lowercase and uppercase letter, a number, and a special character — and the recommendation of changing your password every 90 days.

There’s only one problem. Bill Burr, who originally set up these rules, thinks he blew it. “Much of what I did I now regret,” Burr told the The Wall Street Journal a few years ago.

To read this article in full, please click here

Read more

For Windows, it’s ‘squirrel away time’

Credit to Author: Susan Bradley| Date: Mon, 03 May 2021 04:51:00 -0700

It’s that semi-annual time of the year we in AskWoody land call “squirrel away time” — time to make sure you have a copy of the ISO currently installed on your computer in case you need to reinstall it. There are a number of ways to get older versions of Windows by using a trick publicized on the Thurrott.com site. But the easiest way to grab a copy of, say, 20H2 is to go to the software download site, download a copy and store it on a spare hard drive, flash drive or external USB drive.

To read this article in full, please click here

Read more

A highly sarcastic Android security warning

Credit to Author: JR Raphael| Date: Thu, 29 Apr 2021 06:38:00 -0700

Holy floppin’ hellfire, Henry! Have you heard? A terrifying new form of Android malware is running amok — stealing passwords, emptying bank accounts, and drinking all the grape soda from the refrigerators of unsuspecting Android phone owners.

We should all be quivering in our rainboots, according to almost all the information I’ve read on these here internets. Numerous adjective-filled news stories have warned me that the “scary new Android malware” is “spreading quickly,” targeting “millions” (millions!) of users, and occasionally even “kicking people square in the groin.” (All right, so I made that last part up. But you get the idea.)

To read this article in full, please click here

Read more

How long until Apple boots apps from its stores for privacy issues?

Credit to Author: Jonny Evans| Date: Wed, 28 Apr 2021 09:13:00 -0700

Apple will inevitably begin enforcing the privacy requirements it has put in place across its ecosystem, meaning developers who attempt to avoid or dissemble their way around these protections should expect action, including removal from the App Store.

What Apple is doing

Everyone recognizes how seriously Apple takes privacy. Statement by statement and all through iterative software and product releases, the company is making it crystal clear that it believes privacy is essential to achieve the potential of digital transformation.

To read this article in full, please click here

Read more

Microsoft patents biometric 'wellness insights' tool for workers

Credit to Author: Matthew Finnegan| Date: Wed, 28 Apr 2021 04:32:00 -0700

Microsoft has patented an employee “wellbeing” recommendation feature that uses biometric data to detect a worker’s stress levels when completing tasks such as sending emails, encouraging them to take a break when anxiety levels run high.

The “Emotion Detection From Contextual Signals For Surfacing Wellness Insights” patent, filed in October 2019 and published last week, describes a “wellness insights service” that collates data from a range of sources. This includes blood pressure and heartrate monitoring data that could be obtained from an employees’ wearable devices, such as smart watches and fitness trackers.

To read this article in full, please click here

Read more

Why enterprises must install the latest macOS software patch

Credit to Author: Jonny Evans| Date: Tue, 27 Apr 2021 07:52:00 -0700

Enterprises should install Apple’s latest macOS Big Sur 11.3 update to secure their Macs. I spoke with Jamf Mac security expert Jaron Bradley, who explained why.

Install macOS 11.3 immediately

Enterprise users running fleets of Macs should get their IT support teams to approve the installation of Apple’s macOS Big Sur 11.3 update as swiftly as possible; the update should protect Macs against a serious software vulnerability that places data at risk.

As first spotted by Cedric Owens (and subsequently heavily researched by Jamf), the malware — a new version of a known Shlayer vulnerability — spreads in the following ways:

To read this article in full, please click here

Read more

April patch recap: Mostly quiet on the Microsoft front

Credit to Author: Susan Bradley| Date: Mon, 26 Apr 2021 13:53:00 -0700

Unlike March, when patch updates caused issues with some printers, Microsoft’s updates for April were relatively tame. Windows users lost the old pre-Chromium version of Edge; some users saw performance issues; and Microsoft started talking up “News and Interests.”

In fact, it’s that last one that has some IT admins concerned. (More about that below.)

Old Edge out, new Edge in

First off, Microsoft this month installed the new Chromium-based Edge browser and removed the old Edge. Now that the browser relies on the Chromium engine, it will receive updates on the same schedule as Google Chrome.

Note: the rollout wasn’t without some side effects. If you had some other application set to open up PDF files, the April release reset your default PDF reader to be Edge. So, you’ll need to reset the default application back to whatever your preference was. (This can be easily done; check out this recent YouTube video for details.) Microsoft also moved the default download location from the bottom left of the browser window to the top right — in line with other browser download locations. If you’re a longtime Edge user like me, this takes a bit of getting used to.

To read this article in full, please click here

Read more

Rethinking mobile security in a post-COVID workplace

Credit to Author: Evan Schuman| Date: Mon, 26 Apr 2021 06:10:00 -0700

In the world of enterprise mobile security, sometimes horrible situations force security corner-cutting to preserve the company. And COVID-19 forcing companies to empty office buildings and move everything (and everyone) to remote locations and the cloud in March 2020 is the classic example. What led to the security shortcuts was not just the abrupt change to work from home, but the fact that companies typically had to make the transition in a few days.

Add to that increased problems with IoT security — especially as IoT devices in home environments accessed global systems via VPNs, sometimes spreading malware through the pipeline — and you have a mess. A recent Verizon mobile security report put it bluntly: “Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That’s an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds [67%] in our IoT sample. And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed.”

To read this article in full, please click here

Read more