ComputerWorld – Page 141 – Computer Security Articles

Credit to Author: Sharky| Date: Tue, 26 Sep 2017 03:00:00 -0700

It’s a few decades back, and this IT pilot fish’s desk is within easy earshot of the woman in the Security group who unlocks user accounts for the tech staff.

“It was in a corner of the technical library — an office with racks of technical manuals that people would come and look up error codes in, back in the previous century,” says fish.

“Because I was so close to this woman’s desk, I overheard the following conversation many times each day:

“Hello, this is Security.”

Pause.

“What is your ID?”

Sound of typing.

“What is your password, so I can verify your account?”

Pause. More typing.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 21, 2017 admin

Where we stand with messy September Windows and .NET patches

Credit to Author: Woody Leonhard| Date: Thu, 21 Sep 2017 10:54:00 -0700

This month’s Windows and .Net patches hold all sorts of nasty surprises — some acknowledged, some not, some easy to skirt, some waiting to swallow the unwary whole. Here’s a quick overview of what’s going on with this month’s missives.

Most important: If you can’t keep yourself (or your clients) from clicking “Enable Editing” in Word, you must install a broad range of .NET patches (if you’re running Windows 7 or 8.1) or cumulative updates (if you’re running Windows 10), like, NOW.

Windows 10 Creators Update version 1703

Cumulative Update KB 4038788, which brings the build number up to 15063.608, has two acknowledged (but not fixed) bugs:

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 21, 2017 admin

Keybase takes on Slack with new end-to-end encrypted team messaging tool

Credit to Author: Matthew Finnegan| Date: Thu, 21 Sep 2017 10:11:00 -0700

Keybase has unveiled a Slack-style team messaging service that promises to protect private communications with end-to-end encryption.

The company launched in 2015 with the aim of making encryption technology more accessible to consumers. Its latest service, Keybase Teams, has a look similar to Slack with features such as chat rooms and channels. Admins can add set up groups of users to work on a particular project, and encrypted files can be uploaded and shared.

An early release version of the software is now available for download for desktops and mobile devices.

The key advantage, Keybase said, involves enhanced security and privacy.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 21, 2017 admin

IDG Contributor Network: Microsoft Security stopped being an oxymoron with the acquisition of Hexadite

Credit to Author: Rob Enderle| Date: Thu, 21 Sep 2017 05:00:00 -0700

One of the most frustrating things to watch during the early years of Microsoft (Disclosure: Microsoft is a client of the author) was their lack of interest in security. It was almost as if, when anyone there heard the term, they’d cover up their ears and say “la, la, la, la, la” until you went away. And, as the century turned, Microsoft security meant anything but security, it was mostly bad joke that hit products like Windows and Internet Explorer particularly hard. But this week’s announcement (ranked as the 3rd most important acquisition this year) they are buying Hexadite showcases that over the last ten years Microsoft made a huge pivot. It finally understood that being unsecure could not only result in massive liability for the firm, but was creating a massive drag on the brand because it reflected poorly on quality. It particularly hurt sales of their products in the enterprise.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 20, 2017 admin

Tower of Babel Outlook 2007 security patch KB 4011086 yanked, replaced

Credit to Author: Woody Leonhard| Date: Wed, 20 Sep 2017 10:44:00 -0700

With one month left until Outlook 2007 hits end of life, Microsoft released a fix yesterday for the September security patch’s polyglot ways. You may recall KB 4011086 as the Outlook 2007 patch that displays Swedish menus in the Hungarian language version, Portuguese in Italian, Swedish in Slovenian, Spanish in Italian, and many more. One hitch: You have to manually uninstall the old patch before you can install the new patch.

For those of you using Outlook 2010 who got hit with the same language switcheroo, I haven’t seen any notice that this month’s KB 4011089 has been fixed or pulled.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 20, 2017 admin

Outlook security patches intentionally break custom forms

Credit to Author: Woody Leonhard| Date: Tue, 19 Sep 2017 06:37:00 -0700

When Microsoft released its Outlook security patches on Sept. 12, several readers complained that their custom form printing capabilities disappeared. Ends up the bug that broke VBScript printing isn’t a bug at all.

Microsoft announced over the weekend that it intentionally disabled scripts in custom forms, and those with printable custom forms need to make manual Registry changes to bring the feature back.

Those of you who have installed any of this month’s Outlook security patches:

Outlook 2007 KB 4011086
Outlook 2010 KB 4011089
Outlook 2013 KB 4011090
Outlook 2016 KB 4011091

will have to dive into the Registry if you want to enable any custom form scripts, including the VBScript printing capability. It’s complicated, and the method varies, depending on which version of Office you’re using and the bittedness of Windows and Office. Diane Poremsky has detailed instructions on her Slipstick Systems site.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 18, 2017 admin

Heads up: Malware found in Piriform’s CCleaner installer

Credit to Author: Woody Leonhard| Date: Mon, 18 Sep 2017 05:22:00 -0700

If you installed the free version of CCleaner after Aug. 15, a couple of nasty programs came along for the ride. Talos Intelligence, a division of Cisco, just published a damning account of malware that it found hiding in the installer for CCleaner 5.33, the version that was released on Aug. 15 and which, according to Talos, was still the primary download on the official CCleaner page on Sept. 11.

After notifying Piriform, CCleaner was, ahem, cleaned up and version 5.34 appeared on Sept. 12.

I just checked, and the current version available from Piriform is version 5.34. (Piriform was bought by antivirus giant Avast in July.)

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

September 18, 2017 admin

Apple’s clever strategy for forcing partners to use Face ID

Credit to Author: Evan Schuman| Date: Mon, 18 Sep 2017 03:00:00 -0700

When Apple announced the iPhone X last week, the most sophisticated (and widely predicted) feature revealed was the facial recognition approach, called Face ID. But by choosing to go all or nothing with the iPhone X — it’s only Face ID, with no support for Touch ID — the big risk for Apple was that all the companies that support Touch ID in their apps wouldn’t quickly make the move to Face ID. So Apple made the decision for them.

As the recent healthcare debate in the U.S. demonstrated, it’s extremely hard to take back something people have grown to like. Apple’s choice of biometric authentication faced the same problem. If Amazon, Chase, Fidelity or any of the other major companies whose apps use Touch ID as a way to log in without a password failed to move to Face ID, their customers would have been forced to go back to typing in long passwords. Apple, ever mindful of customer experience, chose to not permit that to happen. To make sure companies use Face ID in their apps, Apple simply didn’t give them any practical choice.

To read this article in full or to leave a comment, please click here