RSS Reader for Computer Security Articles
Credit to Author: Woody Leonhard| Date: Tue, 30 Jan 2018 05:17:00 -0800
Late last year, landave, a self-described “Computer Science student enjoying cryptography, reverse engineering, and other information security topics,” discovered two startling security holes in 7-Zip, a free zip program I’ve recommended for years.
Credit to Author: Gregg Keizer| Date: Mon, 29 Jan 2018 12:23:00 -0800
Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the “Spectre” vulnerabilities.
The weekend release was Microsoft’s response to an announcement seven days ago by Intel, which told customers of all stripes – from computer makers to end users – to stop deploying the firmware updates it had offered after disclosures of the Spectre and Meltdown flaws. According to Intel, the new firmware “may introduce [a] higher-than-expected [number of] reboots and other unpredictable system behavior” on Broadwell and Haswell processors. Those silicon families were introduced in 2015 and 2013, respectively.
Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 06:45:00 -0800
If you’ve been playing the cat-and-mouse Microsoft patching game for a while, you know that Microsoft changes its Knowledge Base articles from time to time, without warning and at times without documentation. Now there’s a resource for those who need to know who moved their cheese — and when.
Several times in the past month, the eagle-eyed crew at AskWoody, led by @MrBrian, have found out about new Windows patches before they were announced. They’ve also looked at the raw data showing which KB articles have been changed — even if Microsoft doesn’t document the changes. The secret? A new monitoring program called KBNew.
Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 05:49:00 -0800
As we crawl deeper down the Meltdown/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the “fix” that’s supposed to protect you against one of the Spectre variants. It’s the same patch, that works the same way, on every version of Windows, from Win7 to the latest Win10 beta builds.
I’m tempted to call it an out-of-band patch, but truth is that all of this month’s patches have been out of band.
You’ve no doubt been inundated by the news about Meltdown and Spectre, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer.
CSO senior editor Michael Nadeau joins host Steve Ragan to talk about predictions for 2018, including the looming GDPR compliance deadline.
Credit to Author: Ken Mingis| Date: Fri, 26 Jan 2018 11:30:00 -0800
When it comes to tech trends we’re likely to see in 2018, nothing would likely be more welcome than the end of passwords. With companies looking for ever better ways to protect data, it seems clear that “password123” has no indefinite future. (Nor does you pet’s name, if that’s what you use.)
But just how quickly passwords will be shunted aside, and by what technology – biometrics? two-factor authentication? algorithms? – remains unclear.
That was topic No. 1 for our panel of tech experts – CSO‘s Michael Nadeau, Infoworld‘s Serdar Syegulalp, Computerworld Executive Editor Ken Mingis and Macworld‘s Michael Simon – as they peer into the near-future to discern what’s coming in 2018 and what’s not.
Our tech panel envisions the end of passwords, looks at how blockchain is evolving, details why 'serverless' computing is a boon to devs and wonders why Apple's HomePod seems late to the game.
