Tuesday, July 8, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

windows

ComputerWorldIndependent
admin

Microsoft yanks bad Outlook patches of patches KB 3191849, 3213654, 401042

Credit to Author: Woody Leonhard| Date: Sat, 15 Jul 2017 13:16:00 -0700

Read More
ComputerWorldIndependent
admin

Verifying and testing that Firefox is restricted to TLS 1.2

Credit to Author: Michael Horowitz| Date: Sun, 16 Jul 2017 12:56:00 -0700

TLS is the protocol invoked under the covers when viewing secure websites (those loaded with HTTPS rather than HTTP). There are multiple versions of the TLS protocol, and the most recent version, 1.2, is the most secure. Last time, I discussed tweaking Firefox so that it only supports TLS version 1.2 and not the older versions (1.0 and 1.1) of the protocol.

But that begs the question: what happens when a security-reinforced copy of Firefox encounters a website that does not support TLS 1.2? The answer is shown below.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft yanks bad Outlook patches-of-patches KB 3191849, 3213654, 401042

Credit to Author: Woody Leonhard| Date: Sat, 15 Jul 2017 13:16:00 -0700

Read More
ComputerWorldIndependent
admin

Restricting Firefox to TLS version 1.2 makes browsing safer

Credit to Author: Michael Horowitz| Date: Thu, 13 Jul 2017 19:43:00 -0700

Although its common to think of a secure website as the opposite of an insecure one, the choice is not, in fact, binary. For a website to be truly secure, there are about a dozen or so ducks that all need to be lined up in a row.

Seeing HTTPS does not mean that the security is well done, secure websites exist in many shades of gray. Since web browsers don’t offer a dozen visual indicators, many sites that are not particularly secure appear, to all but the most techie nerds, to be secure nonetheless. Browser vendors have dumbed things down for non-techies.

Last September, I took Apple to task for not having all their ducks in a row, writing that some of their security oversights allowed Apple websites to leak passwords.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Kill it! Kill Windows XP now!

Credit to Author: Steven J. Vaughan-Nichols| Date: Mon, 10 Jul 2017 04:20:00 -0700

The headline — “HMS Queen Elizabeth is ‘running outdated Windows XP’, raising cyber attack fears” — was startling, but wrong. The United Kingdom’s newest aircraft carrier wasn’t running Windows XP. But some of the contractors that built the warship were.

The U.S. Navy, meanwhile, has been purchasing Windows XP support, at least through this year, so odds are our military still has XP systems running to this very day.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

With Patch Tuesday imminent, make sure you have Automatic Update turned off

Credit to Author: Woody Leonhard| Date: Mon, 10 Jul 2017 04:17:00 -0700

In case you hadn’t noticed, Microsoft has had a tough time with patches this year. From a total lack of patches in February (except for a late IE patch), to yanked and reissued botched patches that followed, to a jumble of problems with Windows and Office patches — including seven admitted bugs in last month’s Office patches — Microsoft has proved itself adept at Jack-in-the-box patching. You don’t have to join the legions of unpaid patch beta testers.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft releases 15 Office patches for July, but some June bugs still stink

Credit to Author: Woody Leonhard| Date: Thu, 06 Jul 2017 07:23:00 -0700

On Patch Wednesday of this week, Microsoft said it released 14 non-security Office updates, covering such fascinating topics as improved Dutch translations in Word 2013, Danish translations in Access, and Finnish and Swedish translations in Excel. Typical first Tuesday stuff.

Microsoft neglected to mention that it also shipped a fix for the bugs introduced by last month’s patches to Outlook 2010. Dubbed KB 4011042, the neglected fix appears to be a non-security patch that fixes bugs created by a security patch — a red flag for many advanced patchers.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

The ancient Microsoft networking protocol at the core of the latest global malware attack

Credit to Author: Preston Gralla| Date: Thu, 06 Jul 2017 03:20:00 -0700

Another day, another global malware attack made possible by a Microsoft security hole. Once again, attackers used hacking tools developed by the U.S. National Security Agency (NSA), which were stolen and subsequently released by a group called Shadow Brokers.

This time around, though, the late-June attack apparently wasn’t ransomware with which the attackers hoped to make a killing. Instead, as The New York Times noted, it was likely an attack by Russia on Ukraine on the eve of a holiday celebrating the Ukrainian constitution, which was written after Ukraine broke away from Russia. According to the Times, the attack froze “computers in Ukrainian hospitals, supermarkets, and even the systems for radiation monitoring at the old Chernobyl nuclear plant.” After that, it spread worldwide. The rest of the world was nothing more than collateral damage.

To read this article in full or to leave a comment, please click here

Read More