ComputerWorld – Page 155 – Computer Security Articles

Credit to Author: Gregg Keizer| Date: Tue, 13 Jun 2017 15:22:00 -0700

Microsoft today followed May’s unprecedented release of security updates for expired operating systems, including Windows XP, by issuing another dozen patches for the aged OS.

The Redmond, Wash. company cited fears of possible attacks by “nation-states,” a label for government-sponsored hackers or foreign intelligence services, for the updates’ release. “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” said Adrianne Hall, general manager, issues and crisis management, for Microsoft.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 12, 2017 admin

What Microsoft owes customers, and answers to other 'WannaCry' questions

Credit to Author: Gregg Keizer| Date: Mon, 12 Jun 2017 12:57:00 -0700

A month ago, Microsoft took the unprecedented step of issuing security patches for Windows XP, an edition supposedly interred in Support Cemetery more than three years ago.

The decision to help aged personal computers running Windows XP — as well as also-retired Windows 8 and Windows Server 2003 — was intended to slow the spread of the “WannaCry” ransomware, which encrypted files on hundreds of thousands of PCs worldwide. The cyber criminals than tried to extort payments from the machines’ owners in return for unlocking the files.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 12, 2017 admin

For real Windows 10 privacy, you need the China Government Edition

Credit to Author: Steven J. Vaughan-Nichols| Date: Mon, 12 Jun 2017 11:19:00 -0700

Because Windows doesn’t make much money for Microsoft these days, the company decided, beginning in Windows 10, that snooping on users à la Google and Facebook could be profitable. But one country said enough was enough. It would stand up for its users’ “privacy.” That country? The People’s Republic of China.

Cough. Didn’t see that one coming, did you?

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 12, 2017 admin

IDG Contributor Network: Can Dell change endpoint security?

Credit to Author: Jack Gold| Date: Mon, 12 Jun 2017 09:15:00 -0700

Endpoint security is changing dramatically. It’s becoming clear that simply doing anti-malware the way it’s always been done with an add-on software program that scans for threats through signature comparisons as files are opened is not enough. The two major traditional AV companies, Symantec and McAfee, who championed this approach for many years, now have competition from next generation players like Cylance, who use predictive machine learning and AI approaches to evaluating and discovering new malware not easily detected through signature-only approaches. And processor suppliers like Intel, ARM, Qualcomm, etc. are getting into the act, designing-in trusted segments of their chips intended to become impenetrable vaults for protected execution of critical parts of the OS and apps. With newer sophisticated malware attacks, security must move beyond an outdated add-on only approach and into a multilayered approach that includes hardware, OS, layered software and network awareness.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 12, 2017 admin

Dealing with NIST's about-face on password complexity

Credit to Author: Sandra Henry-Stocker| Date: Mon, 05 Jun 2017 11:13:00 -0700

In the last few years, we’ve been seeing some significant changes in the suggestions that security experts are making for password security. While previous guidance increasingly pushed complexity in terms of password length, the mix of characters used, controls over password reuse, and forced periodic changes, specialists have been questioning whether making passwords complex wasn’t actually working against security concerns rather than promoting them.

Security specialists have also argued that forcing complexity down users’ throats has led to them writing passwords down or forgetting them and having to get them reset. They argued that replacing a password character with a digit or an uppercase character might make a password look complicated, but does not actually make it any less vulnerable to compromise. In fact, when users are forced to include a variety of characters in their passwords, they generally do so in very predictable ways. Instead of “password”, they might use “Passw0rd” or even “P4ssw0rd!”, but the variations don’t make the passwords significantly less guessable. People are just not very good at generating anything that’s truly random.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 12, 2017 admin

Eight steps to the GDPR countdown

Credit to Author: Sandra Henry-Stocker| Date: Thu, 25 May 2017 12:52:00 -0700

One year from today, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses that work with personal data of citizens and residents of the EU. GDPR was approved a year ago and will be going into effect in another year. It applies directly to organizations within the EU, but also applies to organizations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 12, 2017 admin

The complexity of password complexity

Credit to Author: Sandra Henry-Stocker| Date: Thu, 25 May 2017 05:47:00 -0700

Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users’ passwords will all have twelve or more characters. Let’s stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.

First, if you haven’t done this already, install the password quality checking library with this command:

apt-get -y install libpam-pwquality

The files that contain most of the settings we’re going to look at will be:

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

June 9, 2017 admin

24% off Resqme Keychain Car Escape Tool 2-Pack – Deal Alert

Credit to Author: DealPost Team| Date: Fri, 09 Jun 2017 06:42:00 -0700

Made in the USA and originally developed for first responders, this 2-in-1 safety and survival tool is amazingly powerful despite its mini size. A fierce but safe spring loaded stainless steel spike allows the vehicle occupant to easily break side windows, and a carefully concealed stainless steel razor blade slices through a jammed seat belt to prevent vehicular entrapment. resqme is small enough to keep on your keychain, or clip it to your visor where it will always be at arm’s reach. The resqme vehicle escape tool averages 4.5 out of 5 stars on Amazon from over 2,600 reviewers (read reviews). The typical list price on a 2-pack is $19.95, but with this 24% discount you can pick them up for $15.25. See this deal on Amazon.

To read this article in full or to leave a comment, please click here