ComputerWorld – Page 151 – Computer Security Articles

July 19, 2017 admin

More June security patch bugs: You can patch an IE flaw, CVE-2017-8529, or print inside iFrames — but not both

Credit to Author: Woody Leonhard| Date: Wed, 19 Jul 2017 12:00:00 -0700

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 17, 2017 admin

Microsoft yanks bad Outlook patches of patches KB 3191849, 3213654, 401042

Credit to Author: Woody Leonhard| Date: Sat, 15 Jul 2017 13:16:00 -0700

I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches:

KB 4011042 – July 5, 2017, update for Outlook 2010
KB 3191849 – June 27, 2017, update for Outlook 2013
KB 3213654 – June 30, 2017, update for Outlook 2016

As I mentioned last week, Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 16, 2017 admin

Verifying and testing that Firefox is restricted to TLS 1.2

Credit to Author: Michael Horowitz| Date: Sun, 16 Jul 2017 12:56:00 -0700

TLS is the protocol invoked under the covers when viewing secure websites (those loaded with HTTPS rather than HTTP). There are multiple versions of the TLS protocol, and the most recent version, 1.2, is the most secure. Last time, I discussed tweaking Firefox so that it only supports TLS version 1.2 and not the older versions (1.0 and 1.1) of the protocol.

But that begs the question: what happens when a security-reinforced copy of Firefox encounters a website that does not support TLS 1.2? The answer is shown below.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 15, 2017 admin

Microsoft yanks bad Outlook patches-of-patches KB 3191849, 3213654, 401042

Credit to Author: Woody Leonhard| Date: Sat, 15 Jul 2017 13:16:00 -0700

I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches:

KB 4011042 – July 5, 2017, update for Outlook 2010
KB 3191849 – June 27, 2017, update for Outlook 2013
KB 3213654 – June 30, 2017, update for Outlook 2016

As I mentioned last week, Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 13, 2017 admin

Restricting Firefox to TLS version 1.2 makes browsing safer

Credit to Author: Michael Horowitz| Date: Thu, 13 Jul 2017 19:43:00 -0700

Although its common to think of a secure website as the opposite of an insecure one, the choice is not, in fact, binary. For a website to be truly secure, there are about a dozen or so ducks that all need to be lined up in a row.

Seeing HTTPS does not mean that the security is well done, secure websites exist in many shades of gray. Since web browsers don’t offer a dozen visual indicators, many sites that are not particularly secure appear, to all but the most techie nerds, to be secure nonetheless. Browser vendors have dumbed things down for non-techies.

Last September, I took Apple to task for not having all their ducks in a row, writing that some of their security oversights allowed Apple websites to leak passwords.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 12, 2017 admin

The 15 worst data security breaches of the 21st century

Some of the largest companies in the U.S. have been targets of hackers, including Yahoo, JP Morgan Chase and TJX. Watch as we detail the top 15 breaches and their overall impact on customers or employees.

ComputerWorld Independent

July 12, 2017 admin

Mingis on Tech: The language of malware

Credit to Author: Ken Mingis, Fahmida Y. Rashid| Date: Wed, 12 Jul 2017 03:00:00 -0700

Sometimes, how you say something can be as important as what you say — especially when’s there been a cyberattack and law enforcement officials are trying to figure out who you are.

That’s what CSO senior writer Fahmida Rashid found when she looked into how cybersecurity firms go about tracking down the bad actors behind malware campaigns. While linguistics may not be the first thing companies worry about when trying to protect — or retrieve access to — their data, it can help pinpoint an attack’s origin, Rashid told Computerworld Executive Editor Ken Mingis.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

July 12, 2017 admin

Mingis on Tech: How linguistics can help catch cyberattackers

When it comes to tracking down the bad actors behind malware and ransomware, cybersecurity firms are turning to linguists.