Monday, January 19, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Patching meltdown: Windows fixes, sloppy .NET, warnings about Word and Outlook

Credit to Author: Woody Leonhard| Date: Fri, 19 Jan 2018 09:28:00 -0800

On the heels of the Jan. 17 release of 14 Windows and .NET patches, we now have a huge crop of new patches, revised older patches, warnings about bugs, and a bewildered ecosystem of Microsoft customers who can’t figure out what in the blue blazes is going on.

Let’s step through the, uh, offerings on Jan. 18.

Windows 10 patches

Win10 Fall Creators Update version 1709 — Cumulative update KB 4073291 brings the Meltdown/Spectre patches to 32-bit machines. What, you thought 32-bit machines already had Meltdown/Spectre patches? Silly mortal. Microsoft’s Security Advisory ADV180002 has the dirty details in the fine print, point 7:

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Mozilla mandates that new Firefox features rely on encrypted connections

Credit to Author: Gregg Keizer| Date: Thu, 18 Jan 2018 10:37:00 -0800

Mozilla this week decreed that future web-facing features of Firefox must meet an under-development standard that requires all browser-to-server-and-back traffic be encrypted.

“Effective immediately, all new features that are web-exposed are to be restricted to secure contexts,” wrote Mozilla engineer Anne van Kesteren in a post to a company blog. “A feature can be anything from an extension of an existing IDL-defined object, a new CSS property, a new HTTP response header, to bigger features such as WebVR.”

Secure contexts, dubbed a “minimum security level,” is a pending standard of the W3 (World Wide Web Consortium), the primary standards body for the web. Secure contexts’ main purpose, according to its documentation: “Application code with access to sensitive or private data be delivered confidentially over authenticated channels that guarantee data integrity.”

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

More Windows patches, primarily previews, point to escalating problems this month

Credit to Author: Woody Leonhard| Date: Thu, 18 Jan 2018 06:39:00 -0800

Never give a sucker an even break. Yesterday, on a very out-of-band Wednesday, Microsoft released preview patches for Windows 8.1 (but not 7!), Server 2012, and Windows 10 1709 (for bricked AMD machines only), with preview cumulative updates for Win10 1703 and 1607. There are also nine different .NET preview patches.

What should you do? Nothing. More accurately, make sure you DON’T install any of them. Fortunately, all of these patches require that you download and install them — and you’d have to be crazy (or an admin trying to shore up some critical servers) to dive into the cesspool.

It’s the same advice I’ve been giving all month. There’s nothing here that you need right now — there are no known exploits for Meltdown or Spectre in the wild, in particular — and machines are dropping like flies.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Throwback Thursday: What are the odds?

Credit to Author: Sharky| Date: Thu, 18 Jan 2018 03:00:00 -0800

Internet filter is installed at this site, and in the beginning, there are complaints from users who can’t get to their favorite non-business sites, says an IT pilot fish working there.

But after six months and lots of explanations to users, the complaints have stopped. “Then one Saturday evening, a user called me,” fish says.

“He called to report that something must be wrong, because he could get to his lottery numbers tonight.

“I told him thanks, and that I would inform the individual in charge of the filter on Monday morning, as it wasn’t stopping anything production-critical during the weekend hours.

“I still can’t decide which is funnier: the fact that apparently every day for nearly six months this user tried to get to his lottery numbers even though the page should have never loaded again — or that, when he actually was able to, he reported it as a problem.”

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

InSpectre: See whether your PC's protected from Meltdown and Spectre

Credit to Author: Woody Leonhard| Date: Tue, 16 Jan 2018 11:16:00 -0800

If you’re wondering whether your computer is susceptible to the latest bête noir, Meltdown and Spectre, you can take the official Microsoft patch and, after a suitable amount of technical drudgery, come away with a result that doesn’t answer much. Or you can try Steve Gibson’s new InSpectre and – with suitable caveats – see some meaningful results and a few hints about catching up.

Microsoft has a complex PowerShell script that details your machine’s exposure to the Meltdown and Spectre security flaws. Running that script on all but the simplest and most up-to-date systems turns into a hair-pulling exercise, and the results are coated in 10 layers of technical gobbledygook.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft's mystifying Meltdown/Spectre patches for AMD processors

Credit to Author: Woody Leonhard| Date: Tue, 16 Jan 2018 07:33:00 -0800

I’ve seen a lot of bizarre Microsoft patches-of-patches, but the new patches for AMD processors are in a world of their own. The security-only, manually downloadable patches appear to be Meltdown/Spectre patches for machines that were bricked by other bad patches, earlier this month, but they’ve arrived with no instructions — and a strange circular logic.

Last week, Microsoft released two patches, with these official titles:

  • KB 4073578: Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1
  • KB 4073576: Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2

The Win7 KB article says:

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

How to make sure Windows gets the right patches coming to it

Credit to Author: Gregg Keizer| Date: Tue, 16 Jan 2018 03:12:00 -0800

The Windows emergency security updates issued by Microsoft earlier this month came with an unprecedented prerequisite – a new key stored in the operating system’s registry – that antivirus vendors were told to generate after they’d guaranteed their code wouldn’t trigger dreaded Blue Screens of Death (BSoD) when users apply the patches.

The demands confused customers, and fueled a flood of support documents and an avalanche of web content. Those who heard about the Meltdown and Spectre vulnerabilities struggled to figure out whether their PCs were protected, and if not, why not. Millions more, not having gotten wind of the potential threat, carried on without realizing that their PCs might be barred from receiving several months’ worth of security updates.

To read this article in full, please click here

Read More