RSS Reader for Computer Security Articles
Credit to Author: Woody Leonhard| Date: Wed, 02 Oct 2019 11:00:00 -0700
It’s a smelter-weight slapdown.
In one corner you have the Chicken Little contingent, which insists that September’s IE zero-day patch must be important because Microsoft marked it as “Exploited: Yes” and memorialized it with an extremely odd patch on a Monday, followed in Keystone Kops fashion with a stumbling trail of follow-ons.
Credit to Author: Gregg Keizer| Date: Wed, 02 Oct 2019 05:29:00 -0700
Microsoft on Tuesday changed its plans for selling Windows 7 post-retirement support, saying that it will offer patches-for-a-price to any business, no matter how small, that’s willing to pay.
“Through January 2023, we will extend the availability of paid Windows 7 Extended Security Updates (ESU) to businesses of all sizes,” Jared Spataro, an executive in the Microsoft 365 group, wrote in a post to a company blog.
Microsoft had announced the ESU program in September 2018. Since April, when the company started selling ESU, only customers with volume licensing deals for Windows 7 Enterprise or Windows 10 Professional have been eligible to purchase the support add-on.
Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the “crypto-erase” method works.
Credit to Author: Woody Leonhard| Date: Mon, 30 Sep 2019 10:16:00 -0700
So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.
In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.
Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:
Credit to Author: Sharky| Date: Fri, 27 Sep 2019 03:00:00 -0700
Pilot fish has a sweet deal with one of the owners of a local drinking establishment he frequents. The bar owner is in the habit of using the main office computer for what fish calls “nonstandard business activity.” What does that mean? Suffice to say that that computer gets infected by viruses a couple of times a year. Bar owner would then call fish and ask for expedited service.
Fish stops by on his way home, grabs the tower, and disinfects the hard drive at home. He usually returns the system to the bar late that night or on his way to work the next morning.
Either way, the next time he stops by for an adult beverage, he receives a gift card that usually covers several rounds.
Credit to Author: Woody Leonhard| Date: Wed, 25 Sep 2019 07:29:00 -0700
Microsoft set the patching world on its ear on Monday when it released an “out of band” patch to fix a vulnerability known as CVE-2019-1367. Susan Bradley raised the alarm immediately. I chimed in a few hours later with more details.
Credit to Author: Jonny Evans| Date: Wed, 25 Sep 2019 07:15:00 -0700
Enterprise users can now wrap a new layer of security around their web services, thanks to Apple’s introduction of support for USB security keys in Safari 13.0.1.
Dongles aren’t a terribly convenient security protection for most people, but government, military and regulated industries are always searching out new ways to secure themselves, and their data.
FIDO2-compliant USB security keys – such as those made by Yubico – add a layer of security to the verification process:
Microsoft is turning off basic authentication, so it’s wise to move mobile users to the Outlook app to better protect them from attackers.