ComputerWorld – Page 85 – Computer Security Articles

Credit to Author: Gregg Keizer| Date: Tue, 19 Feb 2019 13:03:00 -0800

Microsoft has revised its schedule to dump support for an outdated cryptographic hash standard by postponing the deadline for Windows 7.

Microsoft, like other software vendors, digitally “signs” updates before they are distributed via the Internet. SHA-1 (Secure Hash Algorithm 1), which debuted in 1995, was declared insecure a decade later, but it was retained for backward-compatibility reasons, primarily for Windows 7. Microsoft wants to ditch SHA-1 and rely only on the more-secure SHA-2 (Secure Hash Algorithm 2).

Late last year, Microsoft said that it would update Windows 7 and Windows Server 2008 R2 SP1 (Service Pack 1) this month with support for SHA-2. Systems running those operating systems would not receive the usual monthly security updates after April’s collection, slated for release April 9, Microsoft promised at the time.

To read this article in full, please click here

ComputerWorld Independent

February 19, 2019 admin

Yabba dabba doo!

Credit to Author: Sharky| Date: Tue, 19 Feb 2019 03:00:00 -0800

Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can’t find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That’s easy enough — but it doesn’t work. Fish gets a message saying his account wasn’t found or the password didn’t match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here

ComputerWorld Independent

February 15, 2019 admin

CIOs, you’re doing blockchain wrong

Credit to Author: Lucas Mearian| Date: Fri, 15 Feb 2019 03:00:00 -0800

IT leaders who’ve taken the plunge into blockchain are mainly deploying it in proofs-of-concept tests to address the same problems a conventional database could handle, according to research firm Gartner.

To read this article in full, please click here

(Insider Story)

ComputerWorld Independent

February 14, 2019 admin

Mozilla to harden Firefox defenses with site isolation, a la Chrome

Credit to Author: Gregg Keizer| Date: Thu, 14 Feb 2019 11:13:00 -0800

Mozilla plans to boost Firefox’s defensive skills by mimicking the “Site Isolation” technology introduced to Google’s Chrome last year.

Dubbed “Project Fission,” the effort will more granularly separate sites and their individual components than is currently the case in Firefox. The goal: Isolate malicious sites and attack code so individual sites cannot wreak havoc in the browser at large, or pillage the browser, the device or the device’s memory of critical information, such as authentication credentials and encryption keys.

“We aim to build a browser which isn’t just secure against known security vulnerabilities, but also has layers of built-in defense against potential future vulnerabilities,” Nika Layzel, the project tech lead of the Fission team, wrote in a post last week to a Firefox development mailing list. “To accomplish this, we need to revamp the architecture of Firefox and support full Site Isolation.” Layzel also published the note as the first newsletter from the Fission engineering group.

To read this article in full, please click here

ComputerWorld Independent

February 14, 2019 admin

How to use your Mac safely in public places

Credit to Author: Jonny Evans| Date: Thu, 14 Feb 2019 10:59:00 -0800

Coffee shops across the planet are populated by earnest Apple Mac-wielding remote and/or freelance workers – but are they taking steps to protect themselves in a public place? Follow this checklist to make sure you are protected.

12 ways to use your Mac safely in public places

1. Worry about Wi-Fi

Public Wi-Fi networks are dangerous places, not least because you don’t really know how the network is set up or who else is sitting on the same network with you.

Criminals are known to set up legitimate-seeming hotspots on which their software lurks, attempting to take data (including your bank and intranet passcodes) in transit. Please beware:

To read this article in full, please click here

ComputerWorld Independent

February 14, 2019 admin

All about Android upgrades (and why they're late) | TECH(talk)

Credit to Author: Ken Mingis| Date: Thu, 14 Feb 2019 03:00:00 -0800

It’s not exactly news that Android upgrades almost always take a lo-o-o-o-o-ng time to roll out to most users. As in months. Often, many months. Sometimes more than a year.

Sometimes never.

(There is an exception: Google delivers new versions of Android to its Pixel line right away, and did just that with the release of Android 9.0 (Pie) last fall.)

It’s now been six months since Pie arrived, which means it’s time for Computerworld blogger JR Raphael’s comprehensive look at how device-makers are doing when it comes to upgrades.

To read this article in full, please click here

ComputerWorld Independent

February 13, 2019 admin

With latest mobile security hole, could we at least focus on the right things?

Credit to Author: Evan Schuman| Date: Wed, 13 Feb 2019 03:00:00 -0800

A bunch of apps from some major players — including Expedia, Hollister, Air Canada, Abercrombie & Fitch, Hotels.com and Singapore Airlines — recently came to grief because of a security/privacy hole in a third-party analytics app they all used, according to a report from TechCrunch. The incident exposed extremely sensitive customer information including payment card and password data shared in clear text. That sort of thing shouldn’t be happening — and yet everyone seems focused on the wrong lesson.

The analytics app, called Glassbox, captures all information from a user’s interaction with the app, including keystrokes entered and spots on the touchscreen the user touched or clicked. It also may include some screen captures. In every case, the apps give insufficient privacy disclosures to app users, or none at all. And, as already mentioned, it shares sensitive data in clear text.

To read this article in full, please click here

ComputerWorld Independent

February 11, 2019 admin

It's time to block Windows Automatic Updating

Credit to Author: Woody Leonhard| Date: Mon, 11 Feb 2019 05:15:00 -0800

Those of you who feel it’s important to install Windows and Office patches the moment they come out – I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you’ll drop by AskWoody.com and tell us all about them.

For those who feel that, given Microsoft’s track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft’s Security Response Center says that only a tiny percentage of patched security holes get exploited within 30 days of the patch becoming available.

To read this article in full, please click here