Independent – Page 199 – Computer Security Articles

Credit to Author: Sharky| Date: Tue, 10 Apr 2018 03:00:00 -0700

The company this pilot fish works for is acquired by a larger outfit, and everyone gets a new login based on just the employee’s family name — which in fish’s case is Root.

“That should have been a non-issue with any other name,” says fish. “But when the administrators created my account, they apparently didn’t think about the fact that root is the superuser account in our Unix systems.

“Following the instructions provided in an email, I logged in and changed the password on my ‘root’ account. The next time I logged in, the password didn’t work. I called the help desk for the new company and they reset my password — and it worked until I logged off and tried to log back in.

To read this article in full, please click here

ComputerWorld Independent

April 9, 2018 admin

Watch out for continuing bugs: Turn off Windows Update, temporarily

Credit to Author: Woody Leonhard| Date: Mon, 09 Apr 2018 10:30:00 -0700

March Windows patches were a mess. With the revelation of Total Meltdown, we recently discovered that all of this year’s Win7 patches left gaping security holes. It’s fair to say that the initial Patch Tuesday patches for almost every version of Windows, for every month this year, have had confirmed bugs. Every one.

If you want to help test this month’s Windows and Office patches, hey, I salute you! Most folks, though, would be well advised to turn off Automatic Update and wait for the initial wave of devastation to pass.

To read this article in full, please click here

ComputerWorld Independent

April 9, 2018 admin

How blockchain could solve the internet privacy problem

Credit to Author: Lucas Mearian| Date: Mon, 09 Apr 2018 03:00:00 -0700

Fintech firms, software makers, telecom providers and other businesses have joined forces develop a blockchain-based network that will enable anyone to exchange digital credentials online and without the risk of unintentionally exposing any private data.

The companies are part of the Sovrin Foundation, a new nonprofit organization now developing the Sovrin Network, which could enable anyone to globally exchange pre-verified data with any entity also on the network.

The online credentials would be akin to identify information you or I might have in our physical wallets: a driver’s license, a bank debit card or a company ID.

To read this article in full, please click here

ComputerWorld Independent

April 9, 2018 admin

A bad day with mobile 2FA

Credit to Author: Evan Schuman| Date: Mon, 09 Apr 2018 03:00:00 -0700

As a longtime proponent of two-factor authentication (2FA) in a mobile world, I was pained to get hit with two problems using 2FA on Thursday (April 4). But maybe the ability to publicize those two mobile-oriented problems with 2FA will do some good, if sites just pay attention.

The day started with my trying to link to an interesting mobile security story in my social feed (yes, that would shortly prove ironic). The story link wouldn’t work for me, with my browser telling me the site had redirected me too many times. It suggested that I clear out my cookies. That made little sense to me given the immediate problem, but I was overdue for a cookie cleanout anyway, so I gave it a shot.

To read this article in full, please click here

ComputerWorld Independent

April 9, 2018 admin

This is how blockchain might solve the internet privacy problem

Credit to Author: Lucas Mearian| Date: Mon, 09 Apr 2018 03:00:00 -0700

The online credentials would be akin to identify information you or I might have in our physical wallets: a driver’s license, a bank debit card or a company ID.

To read this article in full, please click here

Independent Krebs

April 8, 2018 admin

Don’t Give Away Historic Details About Yourself

Credit to Author: BrianKrebs| Date: Mon, 09 Apr 2018 04:31:17 +0000

Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts. I’m willing to bet that a good percentage of regular readers here would never respond — honestly or otherwise — to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks — particularly Facebook — seem positively overrun with these data-harvesting schemes. What’s more, I’m constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same. On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

ComputerWorld Independent

April 6, 2018 admin

Get the March patches for your Windows machines installed, but watch out for Win7

Credit to Author: Woody Leonhard| Date: Fri, 06 Apr 2018 13:51:00 -0700

The quality of March’s patches set new lows, even by Windows’ tarnished standards. The Win10 patches flew fast and furious, with new Microsoft-induced bugs introduced and swatted multiple times over the month. The Word 2016 security patch demands that you first install the Word 2016 non-security patch, or Word refuses to open files. That bug hasn’t been fixed. Windows 8.1/Server 2012R2 escaped relatively unscathed. Server 2008 got a fix for its buggy patch, KB 4090450, on April 3. But Windows 7… ah, that’s a dying horse of a completely different color.

To read this article in full, please click here

Independent Krebs

April 5, 2018 admin

Secret Service Warns of Chip Card Scheme

Credit to Author: BrianKrebs| Date: Thu, 05 Apr 2018 15:50:42 +0000

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.