Skip to main content
Please wait...

Getting started with Google Password Manager

3 hours 6 minutes ago

If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here

JR Raphael

Mobile security forces difficult questions

1 day ago

As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here

Evan Schuman

Apple rejects flawed claims about its contact tracing tech

1 day 23 hours ago

Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you

Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people’s locations and monitor who they meet – which is precisely what it tries not to do.

To read this article in full, please click here

Jonny Evans

Amid the pandemic, using trust to fight shadow IT

1 week 2 days ago

Shadow IT, where workers sometimes go rogue in their efforts to solve business problems, can create challenges – and opportunities – for companies in the best of times. With the COVID-19 pandemic still unfolding, these are not the best of times. With most employees and executives still working from home, the big issue for administrators and IT pros still centers on how to make things work in today’s trying circumstances.

Every major platform has controls IT can use, some of them as blunt as a hammer and others that offer surgical precision. At either end of that spectrum lie two common questions: How restrictive does IT need to be and is there a way to fully communicate areas of risk while making business more secure.

To read this article in full, please click here

(Insider Story)
Ryan Faas

A 'business-as-usual' Patch Tuesday update for Windows desktops

2 weeks ago

It really is saying a lot when Microsoft releases more than 100 updates each month and this is now considered “business as usual." Speaking of the “new normal,” Microsoft has changed the release cadence of its optional updates (generally released later each month).

In a statement about the new update regularity, the company said: "We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

To read this article in full, please click here

Greg Lambert

Zoom to add end-to-end encryption with Keybase acquisition

3 weeks ago

Zoom has acquired secure messaging and identity management firm Keybase as its looks to shore up security capabilities on its platform with end-to-end encryption.

The acquisition will give Zoom access to Keybase’s encryption technology, used to secure online identities, as well as its team of engineers. Launched in 2014, Keybase lets users encrypt social media messages and shared files with public key encryption to ensure that communications stay private. 

Keybase’s cofounder Max Krohn will now head up Zoom’s security team, Zoom said. Krohn’s new role was first detailed by CNBC.

To read this article in full, please click here

Matthew Finnegan

Google extends G Suite identity and security device management to Windows 10 PCs

4 weeks 1 day ago

Google this week extended G Suite's device management tools to Windows 10 PCs, adding them to the Android, iOS and Chrome endpoints already on the list.

Administrators can now use the G Suite console to secure G Suite accounts on Windows 10 systems using Google's anti-hijacking and suspicious-login-detection technologies, and set those machines for single-sign on (SSO) so that G Suite account credentials double as Windows 10 log-in authentication.

The roll-out of the new console capabilities started April 27, with the rapid release and scheduled release tracks (the latter is the default) beginning simultaneously rather than staged, as usual.

To read this article in full, please click here

Gregg Keizer

Microsoft Patch Alert: April 2020, another 'wacky' month

4 weeks 1 day ago

The patching pace this month returned to normal: We had the Patch Tuesday patches on April 14, followed by the “optional, non-security, C/D Week” patches one week later (Monthly Rollup Preview for you Win8.1 afficionados). With a bit of luck, that’s the last round of confusing “optional” Win10 patches: Microsoft promises we won’t see any more of them.

We also had an out-of-band patch for Office 2016 Click-to-Run, Office 2019 (which is only available as Click-to-Run) and Microsoft 365 Apps for Enterprise (previously known as Office 365 ProPlus). The big concern with those patches falls into the “it’s not a bug, it’s a feature” column.

To read this article in full, please click here

Woody Leonhard

Many reported problems with this month’s Win10 Cumulative Update, but few patterns

1 month ago

The blogosphere is awash in reports of problems with this month’s Win10 1903/1909 Cumulative Update, with more than 100 reported bug sightings. What's causing the problems?

The trick every month is to sift through all of the problem reports and see if there are any common strings – whether folks running this piece of hardware or that kind of software should be especially cautious. 

I’ve been looking at the reports and I’ll be hanged if I can see any pattern, aside from the usual cacophony of random error messages and broken systems. Can you see any common threads?

To read this article in full, please click here

Woody Leonhard

Vivaldi joins anti-tracking browser brotherhood

1 month ago

Niche browser maker Vivaldi Technologies this week released version 3.0 of its eponymous application, which included integrated ad- and tracker-blockers.

Both tools were disabled by default in the new version, which was released Wednesday. "We believe that many users would not wish to prevent the sites they like to visit from generating revenue, and for that reason, we don't enable Ad blocker by default," wrote Jon von Tetzchner, co-founder and CEO of Vivaldi, in a post to a company blog.

To read this article in full, please click here

Gregg Keizer

Zoom unveils a host of new privacy, security features

1 month ago

Looking to bounce back from a spate of recent security missteps, video conferencing platform Zoom today announced a variety of new privacy and security capabilities in Zoom 5.0, a key milestone in the company’s recently launched 90-day security plan.

The primary difference between the current version of Zoom software and Zoom 5.0 is the addition of support for AES 256-bit GCM encryption; it’s designed to provide increased protection for meeting data and resistance to tampering. The new level of encryption will be available across Zoom Meeting, Zoom Video Webinar, and Zoom Phone.

To read this article in full, please click here

Charlotte Trueman

Don’t Panic, but do make this month’s Patch Tuesday a priority

1 month 1 week ago

Given that 113 updates arrived for April‘s Patch Tuesday, IT admins have a lot to do. For older systems, Adobe font issues (CVE-2020-0938CVE-2020-1020) will should get immediate attention. Changes to the Windows Scripting handler and the browser-based Chakra scripting engine may require some additional testing for in-house applications.

This month’s Office updates are relatively low impact unless you are running SharePoint server - which will then require a number of updates, leading to a server reboot. With three (so far) zero-days and a number of critical memory-related patches to Windows, my advice is: don’t panic. Patch older systems first. Test core applications for scripting dependencies and then schedule the remaining updates according to your normal update cycle.

To read this article in full, please click here

Greg Lambert

How to protect against 'Apple' phishing scams

1 month 1 week ago

Checkpoint Research recently warned that criminals are exploiting the COVID-19 crisis with a wave of attempts to trick people into sharing their security credentials with fake emails.

To catch a phish

Apple, the research claims, is the most widely impersonated brand.

Phishing is the practice of impersonating legitimate messages from a brand in an email or other message in an attempt to trick people into accessing that service via insecure servers, sharing their login passwords and credentials when they do.

Criminals can then use this information to undermine account security, dig deeper into your identity to get even more confidential data, or even sell your details on the black market to other hackers.

To read this article in full, please click here

Jonny Evans

The coronavirus is revealing our technology blunders

1 month 2 weeks ago

You’ve lost your job and now you face an obsolete, sluggish unemployment system that feels like it was written in the 1950s. Actually, it’s more than a feeling. If you’re in New Jersey, New York or Connecticut, your unemployment system was written in 60-year-old Cobol. Meanwhile, if you want to apply for unemployment benefits online in Washington, D.C., the system insists you use Internet Explorer. As I recall, IE was put out to pasture five years ago.

To read this article in full, please click here

Steven J. Vaughan-Nichols
Checked
49 minutes 34 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.