It's time: Make sure Windows Auto Update is turned off

Credit to Author: Woody Leonhard| Date: Mon, 11 Dec 2017 03:44:00 -0800

It’s time to make sure your computer is locked down. If history is any indication, we’re going to be in for a rocky ride over the next week or two.

In September, folks who were set to update Windows automatically were greeted by Word docs and Excel spreadsheets that wouldn’t display merged cells, switched languages and intentionally broke one-click printing on custom forms. In October, admins who let patches go through automatically were greeted by oceans of blue screens and failures in Microsoft’s own Dynamics CRM. Last month, every version of Windows was hit with a patching bug that blocked Epson dot matrix printers — and those who had told Win10 Creators Update to wait to upgrade found themselves “accidentally” upgraded to Win10 Fall Creators Update, version 1709.

To read this article in full, please click here

Read more

Microsoft quietly repairs Windows Defender security hole CVE-2017-11937

Credit to Author: Woody Leonhard| Date: Fri, 08 Dec 2017 07:23:00 -0800

Many malware researchers were surprised to find an unexpected patch on their machines yesterday. It didn’t arrive through the front door — Windows Update wasn’t involved. Instead, the new version of mpengine.dll arrived automatically, around the back, even if you have Windows Update turned off.

This vulnerability is particularly nasty. If the Malware Protection Engine scans a jimmied file, the file can take over your computer and run whatever it wants. Since the MPE routinely runs all the time, in the background, that means a bad file could infect your computer in myriad ways. To quote Microsoft’s Security Vulnerability notice:

To read this article in full, please click here

Read more

Apple’s HomeKit security blunder exposes the risk of smart homes

Credit to Author: Jonny Evans| Date: Fri, 08 Dec 2017 06:42:00 -0800

The expression “safe as houses” will become a thing of the past if tech firms don’t get connected home security right, and the need to be incredibly watchful was visible in Apple’s latest security blunder this week.

Not so ideal home

The latest iOS 11.2 update held a zero-day vulnerability attackers could exploit to control smart home devices, including connected locks, 9to5Mac explains. While the vulnerability was difficult to exploit, and Apple has acted very swiftly to close this security gap, its existence exposes the risk of smart homes.

To read this article in full, please click here

Read more

How blockchain will underpin the new trust economy

Credit to Author: Lucas Mearian| Date: Thu, 07 Dec 2017 03:20:00 -0800

Over the next two years, enterprises are expected to ramp up their efforts to test blockchain technology as part of a new method of establishing trust in a digital economy.

New research from consultancy Deloitte LLP shows a “trust economy” is now developing around person-to-person (P2P) transactions enabled by blockchain technology and not dependent on more traditional methods such as credit ratings or guaranteed cashier’s checks.

“Rather, it relies on each transacting party’s reputation and digital identity – the elements of which may soon be stored and managed in a blockchain,” Deloitte analysts said in a report.

To read this article in full, please click here

Read more

Thanks, Microsoft, but I’m still saying no to Windows 10

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 05 Dec 2017 05:26:00 -0800

I’ve been hearing a lot from friends recently about how Windows 10 is the best Windows ever and people would be stupid not to switch. These being friends, I don’t want to be rude, but — cough, ahem — I don’t buy it.

Is security your No. 1 concern? Well, Windows 10 is no more secure than Windows 7 — which is to say it is a profoundly insecure operating system. There have been a lot of serious Windows security patches in the last year, and Windows 10 had all the same problems as Windows 7.

True, Windows didn’t have anything as bad as macOS’s unbelievably stupid “Let anyone log in as the administrator” security hole, but just because Microsoft didn’t botch things as badly as Apple did doesn’t get it off the hook. I mean, what do you call it when Microsoft fixes security holes in Windows 10 that it doesn’t patch in Windows 7? I call it really, really stupid.

To read this article in full, please click here

Read more

When the threats get weird, the security solutions get weirder

Credit to Author: Mike Elgan| Date: Sat, 02 Dec 2017 02:00:00 -0800

The world of security is getting super weird. And the solutions may be even weirder than the threats.

I told you last week that some of the biggest companies in technology have been caught deliberately introducing potential vulnerabilities into mobile operating systems and making no effort to inform users.

One of those was introduced into Android by Google. In that case, Android had been caught transmitting location data that didn’t require the GPS system in a phone, or even an installed SIM card. Google claimed that it never stored or used the data, and it later ended the practice.

To read this article in full, please click here

Read more

Get November Windows and Office updates installed — carefully

Credit to Author: Woody Leonhard| Date: Thu, 30 Nov 2017 04:23:00 -0800

The list of complaints about this month’s patches goes on forever. I covered the high points a couple of days ago. We’ve seen people who are running Win10 Creators Update and who specifically said they didn’t want to upgrade to Fall Creators Update get pushed into an upgrade anyway. Those using Epson dot matrix or POS printers lost them for a couple of weeks. Add to that a heaping handful of hooey and there were enough problems to keep most Windows customers shaking their heads. Or quaking in their boots.

To read this article in full, please click here

Read more

Apple apologizes, issues Mac login security patch

Credit to Author: Jonny Evans| Date: Wed, 29 Nov 2017 09:33:00 -0800

With great apology, Apple has rushed to respond to the appalling macOS High Sierra security flaw, issuing a software update that has been made immediately available for download and will be automatically installed in existing Macs.

‘We greatly regret’

Apple has shared the following statement:

“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8:00 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra. 

To read this article in full, please click here

Read more