ComputerWorld – Page 149 – Computer Security Articles

Credit to Author: Preston Gralla| Date: Mon, 31 Jul 2017 07:53:00 -0700

Russian’s spy-hackers have taken on almost a mythical status as more details have emerged about how they hacked the Democratic National Committee and the Clinton campaign and influenced the last presidential election. The National Security Agency and the entire U.S. intelligence community seem to be a step behind them, and the worst may be yet to come.

And now comes an unlikely potential savior: Microsoft’s lawyers. They’re using a combination of cyber-sleuthing and innovative legal filings to strike at one of Russia’s most dangerous cyber-espionage groups, Fancy Bear. So far, the tactic is paying off. But it’s not clear that Microsoft can defeat the hackers in the long run.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 28, 2017 admin

How the dark web has gone corporate

Some criminals on the dark web are taking their cues from the practices of corporate IT. Illicit offerings run the gamut from code that buyers have to implement themselves to turnkey solutions and consulting services. Here’s a look at what’s out there.

ComputerWorld Independent

July 28, 2017 admin

Bringing behavioral game theory to security defenses

Kelly Shortridge and CSO senior writer Fahmida Y Rashid talk about using behavioral game theory to take advantage of hackers’ mistakes and manipulate the data they think they're receiving. People generally make decisions by either thinking ahead to figure out how people may act in a given situation, or by learning over time by observing what people are doing. Since attackers learn over time by collecting feedback, obfuscating what they get can really mess up what the attackers are able to learn.

ComputerWorld Independent

July 27, 2017 admin

Microsoft releases KB 3213643, 2956078, 4011078, 4011052 to fix June Outlook security bugs

Credit to Author: Woody Leonhard| Date: Thu, 27 Jul 2017 14:00:00 -0700

A week ago, I lamented the lack of a fix for the bad June Office security patches. On June 13, those of you with Automatic Update turned on were treated to seven different, documented bugs that persisted until today.

I expected to see these patches on Tuesday, in normal cadence. For reasons that are only known to Microsoft, they waited until today, Thursday, to release the files.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 27, 2017 admin

Simple tips to keep your devices secure when you travel

CSO security reporters Fahmida Rashid and Steve Ragan share some easy ways to keep your data and devices secure while traveling, even at the Black Hat conference, where active scanning is the norm. (And check out the built-in Faraday cage in Fahmida's jacket).

ComputerWorld Independent

July 27, 2017 admin

How DevOps and cloud will speed up security

Zane Lackey, CSO and co-founder of Signal Sciences, talks with CSO senior writer Fahmida Rashid about how DevOps and cloud can help organizations embed security into their technology structures, enabling business to move faster.

ComputerWorld Independent

July 26, 2017 admin

Tiptoe through the bugs and get Windows and Office updated

Credit to Author: Woody Leonhard| Date: Wed, 26 Jul 2017 09:55:00 -0700

The fourth Tuesday of the month has come and gone, and it now looks reasonably safe to patch Windows and Office. I was expecting two big releases yesterday — one to fix numerous bugs in Win10 Creators Update, version 1703; the other to plug the bugs introduced by June’s Office security patches — but neither trove appeared. Given Microsoft’s past patterns, it’s unlikely that we’ll see any more serious patches until next month’s Patch Tuesday, on Aug. 8.

There’s also a bit of additional impetus right now. On July 17, security researcher Haifei published a proof of concept for running malware scripts directly in Office apps. I haven’t seen any exploits in the wild as yet, but it would be a good idea to install KB 3213640 (Office 2007), KB 3213624 (Office 2010), KB 3213555 (Office 2013) and/or KB 3213545 (Office 2016) in the short term. (Thx to @LeaningTowardsLinux.) Note that none of these patches, as best as I can tell, correct the Office bugs introduced in June.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 26, 2017 admin

Wasn't this supposed to speed things up?

Credit to Author: Sharky| Date: Wed, 26 Jul 2017 03:00:00 -0700

IT pilot fish is moving on with his career, but before he changes employers, he comes up with an easier way for users to get on the company intranet.

“I wanted to relieve the staff of the need to memorize yet another username/password combination — or write it on a sticky note to be posted on the wall,” says fish.

“So I set up an interface that used Windows Active Directory for access authorization, with appropriate fallback in case the domain controller couldn’t be accessed. The whole thing worked like a dream.”

Fast forward a couple years: Fish is brought back in to add more capabilities to the Intranet that’s been faithfully chugging along since he left. But as fish starts on the new project, the IT director casually mentions that intranet logins have been running a lot slower. Could fish perhaps check into that too?

To read this article in full or to leave a comment, please click here