Sunday, January 18, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Root Cause Analysis

Credit to Author: Sharky| Date: Tue, 10 Apr 2018 03:00:00 -0700

The company this pilot fish works for is acquired by a larger outfit, and everyone gets a new login based on just the employee’s family name — which in fish’s case is Root.

“That should have been a non-issue with any other name,” says fish. “But when the administrators created my account, they apparently didn’t think about the fact that root is the superuser account in our Unix systems.

“Following the instructions provided in an email, I logged in and changed the password on my ‘root’ account. The next time I logged in, the password didn’t work. I called the help desk for the new company and they reset my password — and it worked until I logged off and tried to log back in.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Watch out for continuing bugs: Turn off Windows Update, temporarily

Credit to Author: Woody Leonhard| Date: Mon, 09 Apr 2018 10:30:00 -0700

March Windows patches were a mess. With the revelation of Total Meltdown, we recently discovered that all of this year’s Win7 patches left gaping security holes. It’s fair to say that the initial Patch Tuesday patches for almost every version of Windows, for every month this year, have had confirmed bugs. Every one.

If you want to help test this month’s Windows and Office patches, hey, I salute you! Most folks, though, would be well advised to turn off Automatic Update and wait for the initial wave of devastation to pass.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

How blockchain could solve the internet privacy problem

Credit to Author: Lucas Mearian| Date: Mon, 09 Apr 2018 03:00:00 -0700

Fintech firms, software makers, telecom providers and other businesses have joined forces develop a blockchain-based network that will enable anyone to exchange digital credentials online and without the risk of unintentionally exposing any private data.

The companies are part of the Sovrin Foundation, a new nonprofit organization now developing the Sovrin Network, which could enable anyone to globally exchange pre-verified data with any entity also on the network.

The online credentials would be akin to identify information you or I might have in our physical wallets: a driver’s license, a bank debit card or a company ID.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

A bad day with mobile 2FA

Credit to Author: Evan Schuman| Date: Mon, 09 Apr 2018 03:00:00 -0700

As a longtime proponent of two-factor authentication (2FA) in a mobile world, I was pained to get hit with two problems using 2FA on Thursday (April 4). But maybe the ability to publicize those two mobile-oriented problems with 2FA will do some good, if sites just pay attention.

The day started with my trying to link to an interesting mobile security story in my social feed (yes, that would shortly prove ironic). The story link wouldn’t work for me, with my browser telling me the site had redirected me too many times. It suggested that I clear out my cookies. That made little sense to me given the immediate problem, but I was overdue for a cookie cleanout anyway, so I gave it a shot.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

This is how blockchain might solve the internet privacy problem

Credit to Author: Lucas Mearian| Date: Mon, 09 Apr 2018 03:00:00 -0700

Fintech firms, software makers, telecom providers and other businesses have joined forces develop a blockchain-based network that will enable anyone to exchange digital credentials online and without the risk of unintentionally exposing any private data.

The companies are part of the Sovrin Foundation, a new nonprofit organization now developing the Sovrin Network, which could enable anyone to globally exchange pre-verified data with any entity also on the network.

The online credentials would be akin to identify information you or I might have in our physical wallets: a driver’s license, a bank debit card or a company ID.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Get the March patches for your Windows machines installed, but watch out for Win7

Credit to Author: Woody Leonhard| Date: Fri, 06 Apr 2018 13:51:00 -0700

The quality of March’s patches set new lows, even by Windows’ tarnished standards. The Win10 patches flew fast and furious, with new Microsoft-induced bugs introduced and swatted multiple times over the month. The Word 2016 security patch demands that you first install the Word 2016 non-security patch, or Word refuses to open files. That bug hasn’t been fixed. Windows 8.1/Server 2012R2 escaped relatively unscathed. Server 2008 got a fix for its buggy patch, KB 4090450, on April 3. But Windows 7… ah, that’s a dying horse of a completely different color.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Facebook's data debacle is a wake-up call for Android users

Credit to Author: JR Raphael| Date: Thu, 05 Apr 2018 09:06:00 -0700

Whew. This whole Facebook data mess sure is spiraling into quite the fiasco, isn’t it?

Seems every day lately, there’s some new shocking twist to how everyone’s personal data was used (and abused) without their knowledge. While much of the issue revolves around Facebook itself and practices that are out of our control, there’s an angle that ties in directly to Android — and it’s one that’s important to think through, whether you use Facebook or not.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft jiggles — but doesn’t fix — buggy Win7 patches KB 4088875, KB 4088878

Credit to Author: Woody Leonhard| Date: Thu, 05 Apr 2018 06:17:00 -0700

Last night we were treated to new versions of the badly banged-up March Win7 patches. It looks like the new ones are the same as the old ones, but the internal handling instructions (the metadata) now force installation of a “Total Meltdown” fix-up patch prior to installing the old patch.

Of course, none of this is documented anywhere.

Starting with Günter Born’s report, and checking the Microsoft Update Catalog, I can see modified versions of:

To read this article in full, please click here

Read More