Friday, January 16, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Microsoft tells IT admins to nix 'obsolete' password reset practice

Credit to Author: Gregg Keizer| Date: Tue, 30 Apr 2019 03:00:00 -0700

Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.

The company called the practice – once a cornerstone of enterprise identity management – “ancient and obsolete” as it told IT administrators that other approaches are much more effective in keeping users safe.

“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value,” Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing

Credit to Author: Woody Leonhard| Date: Mon, 29 Apr 2019 09:32:00 -0700

You have to wonder who’s testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn’t show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month – the mythical “E week” that Microsoft never talks about – so the month may yet end with both a bang and whimper.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Why wearables, health records and clinical trials need a blockchain injection

Credit to Author: Lucas Mearian| Date: Mon, 29 Apr 2019 03:00:00 -0700

TORONTO – The opportunity exists in healthcare to hand over control of medical records to patients who can choose not only what info providers can see but what personal data gets added to records via wearables, genomics and even lifestyle choices.

And once patients begin accumulating more data about themselves in personal health records (PHRs), they can opt to anonymize that information and sell it to researchers, vastly expanding the pool of information available for clinical studies.

Because no data is as sensitive as a medical record, being able to assure its security and immutability through blockchain encryption represents a unique opportunity to “repatriate” and “monetize” that record for the patient, according to Dr. Eric Hoskins, chair of Canada’s Federal Advisory Council on the Implementation of National Pharmacare.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

FedEx CIO: It’s time to mandate blockchain for international shipping

Credit to Author: Lucas Mearian| Date: Thu, 25 Apr 2019 10:26:00 -0700

TORONTO — When railroad tracks were first laid across the western U.S., there were eight different gauges all competing to dominate the industry – making a nationwide, unified rail system impossible; it took an act of Congress in 1863 to force the adoption of an industry standard gauge of 4-ft., 8-1⁄2 inches.

FedEx CIO Rob Carter believes the same kind of thing needs to happen for blockchain to achieve widespread enterprise adoption.

While the promise of blockchain to create a more efficient, secure and open platform for ecommerce can be realized using a proprietary platform, it won’t be a global solution for whole industries now hampered by a myriad of technical and regulatory hurdles. Instead, a platform based on open-source software and industry standards will be needed to ensure process transparency and no one entity profits from the technology over others.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Apple edges closer to cursory code review for all Mac apps

Credit to Author: Gregg Keizer| Date: Wed, 24 Apr 2019 04:25:00 -0700

Apple will soon make a code review mandatory for all applications distributed outside its own Mac App Store by new developers, a first step towards requiring all Mac software to pass similar reviews.

The Cupertino, Calif. company argued that the process, which it calls “notarization,” would build a more secure macOS environment. “We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the [Mac] App Store or outside of it, is signed or notarized by Apple,” the company stated in an April 10 message on its developer portal.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Security theater, ’80s style

Credit to Author: Sharky| Date: Tue, 23 Apr 2019 03:00:00 -0700

It’s the late 1980s and pilot fish is working on business application development for an aerospace and defense contractor where physical security is surprisingly lax. There’s a guard on duty at the front desk during business hours, but that’s about the extent of it. That changes with the announcement that all personal gear will be subject to inspection on leaving the building.
Now there are guards 24/7, and everyone leaving the building is politely requested by those guards to open their briefcases and backpacks. The guards then take a look inside before waving the owners through.
Rumor has it that this security push came about because some Apple Mac computers have gone missing. And it continues for about six months, and then suddenly ceases.
What happened? Employees have to rely on rumor again, which holds that the cleaning crew had taken the Macs, which makes sense given that large, wheeled trashcans would make the job easy.
The exit checks never turned up anything, but even law-abiding pilot fish can’t help but notice that it would be pretty easy to cover any contraband in a bag with a few clothes or newspapers and never be discovered, given the cursory nature of the searches.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Here's an easier way to block the IE XXE zero day security hole

Credit to Author: Woody Leonhard| Date: Thu, 18 Apr 2019 09:57:00 -0700

The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

It’s a doozy of a security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

To read this article in full, please click here

Read More