ComputerWorld – Page 121 – Computer Security Articles

Credit to Author: Sharky| Date: Tue, 20 Feb 2018 03:00:00 -0800

This pilot fish supervises the IT help desk, so he’s on the scene when one of his support techs takes a call that’s very ordinary — mostly.

“It was some normal problem like ‘install this printer’ or ‘the computer forgot my password, please reset it,'” says fish.

“But at the end of the call, when they were discussing various things, the user happened to mention, very proudly, that she always turns off her computer at the end of the day every Friday, so it can get its updates over the weekend.

“The tech didn’t have the heart to break the bad news to her. He just told her that was a good idea and to have a nice day.”

Sharky has a better idea: Send me your true tale of IT life at sharky@computerworld.com. You’ll score a sharp Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here

ComputerWorld Independent

February 19, 2018 admin

Ransomware: Do you pay the ransom? | Salted Hash Ep 19

Robert Gibbons, CTO at Datta, joins host Steve Ragan to talk about why companies pay out ransoms, the role of incident response plans and continuity strategies, and how companies weigh the risks.

ComputerWorld Independent

February 16, 2018 admin

Microsoft is distributing security patches through insecure HTTP links

Credit to Author: Woody Leonhard| Date: Fri, 16 Feb 2018 09:12:00 -0800

The Microsoft Update Catalog uses insecure HTTP links – not HTTPS links – on the download buttons, so patches you download from the Update Catalog are subject to all of the security problems that dog HTTP links, including man-in-the-middle attacks.

Security researcher Stefan Kanthak, writing on Seclist’s Bugtraq mailing list, elaborates:

Even if you browse the “Microsoft Update Catalog” via the HTTPS link, ALL download links published there use HTTP, not HTTPS!
That’s trustworthy computing … the Microsoft way!
Despite numerous mails sent to <secure () microsoft com> in the last years, and numerous replies “we’ll forward this to the product groups,” nothing happens at all.
To read this article in full, please click here

ComputerWorld Independent

February 15, 2018 admin

Microsoft's free analytics service sniffs out Meltdown, Spectre patch status

Credit to Author: Gregg Keizer| Date: Thu, 15 Feb 2018 12:11:00 -0800

Microsoft’s free Windows Analytics service now scans enterprise Windows 7, Windows 8.1 and Windows 10 PCs, and reports whether they’ve been updated to defend against potential attacks exploiting the Meltdown and Spectre processor vulnerabilities.

The new capabilities of Windows Analytics’ “Upgrade Readiness” were announced Tuesday by Terry Myerson, the top Windows executive at the company. Myerson called the vulnerabilities – found by Google security researchers and reported to vendors in mid-2017 – “a new challenge for all of us” because they were in the silicon, not in software.

“We have added new capabilities to our free Windows Analytics service to report the status for all the Windows devices that [IT professionals] manage,” Myerson wrote in a post to a company blog.

To read this article in full, please click here

ComputerWorld Independent

February 14, 2018 admin

February patches bring ominous Outlook fixes and a rebirth of KB 2952664

Credit to Author: Woody Leonhard| Date: Wed, 14 Feb 2018 10:44:00 -0800

The very early reports are in, and it looks like this month’s monstrous panoply of patches isn’t as destructive as last month’s – so far, at least. Aside from a few reported incompatibilities, the big news involves two Outlook security holes that kick in when you download email, or preview a message. There are no known exploits, but if you use Outlook, you need to understand the dangers – and should seriously consider patching sooner rather than later.

First, the blast. Yesterday, Microsoft released its usual Patch Tuesday security updates, which include 50 separately identified security holes (CVEs). Those 50 are in addition to the one Adobe Flash Player security hole, CVE 4074595, that was plugged on Feb. 6. Of the 50, 14 are rated Critical, 34 rated Important (which means they aren’t) and two are Moderate.

To read this article in full, please click here

ComputerWorld Independent

February 14, 2018 admin

Mac: What does 'System Scan is Recommended' mean?

Credit to Author: Jonny Evans| Date: Wed, 14 Feb 2018 09:03:00 -0800

Many Mac users may have come across a small window that appears on top of their browser when surfing the Web that warns them, ‘System Scan is Recommended’. So, what is this message, and what should you do if you see it?

TL;DR: Don’t panic

The first thing to learn is that this is not a Mac system message. If you ever come across this message you can be utterly certain that it is a scam. Whoever is behind the message (and it may not be the website owner, but some poorly policed ads network) wants you to agree to something that will probably cost you money, leave your data at risk, or otherwise cause you unwanted problems. While scams like these are nowhere near as widespread on Macs as they are on other platforms, they do appear sometimes.

To read this article in full, please click here