Skip to main content
Please wait...

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

2 days 6 hours ago

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor's nine-year-old, even the bleeping NSA. It's a little patch. Why not just install it and be done with it?

To read this article in full, please click here

Woody Leonhard

Feds may already have found a way to hack into Apple iPhones

2 days 23 hours ago

After Apple turned down a request by U.S. Attorney General William Barr this week to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to already have the tools needed to access the smartphones.

Apple turned down a request from U.S. Attorney General William Barr saying it would  not help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani. He is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here

Lucas Mearian

Kadena launches a hybrid platform to connect public, private blockchains

3 days 1 hour ago

Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Lucas Mearian

Kadena launches Chainweb, a hybrid platform to connect public, private blockchains

3 days 1 hour ago

Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Lucas Mearian

Windows 7 end of support: Separating the bull from the horns

4 days ago

No, Windows 7 isn’t dead.

No, you don’t need to buy a Win10 computer. 

No, you don’t need to upgrade.

No, you don’t need to install the latest Win7 patches right away.

No, Microsoft isn’t withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren’t disappearing.

No, your Internet Service Provider won’t kick you off your network for using Win7.

To read this article in full, please click here

Woody Leonhard

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent

4 days 6 hours ago

Get ready for your local news station’s weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. “Remarkable” specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems.

To read this article in full, please click here

Woody Leonhard

Microsoft to Windows 7: Beat it, you bum

5 days ago

Microsoft today figuratively told Window 7 - which ended support with a final security update - not to let the door hit it on the way out.

"Ten-year-old tech just can't keep up," Jared Spataro, an executive on the Microsoft 365 team, wrote in a post to a company blog. "As we end support for Windows 7, I encourage you to transition to these newer options right away."

Not surprisingly, Spataro named those newer options as Windows 10 to replace Windows 7, and Office 365 to fill in for the retiring-in-October Office 2010. Combined, they make up the bulk of Microsoft 365, the business subscription plan Microsoft wants all customers to adopt.

To read this article in full, please click here

Gregg Keizer

Apple refuses latest government iPhone-unlock request

5 days ago

After Apple turned down a request by U.S. Attorny General William Barr this week to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to have already had the tools needed to access the smartphones.

Apple turned down a request from U.S. Attorney General William Barr saying it will not help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani, who is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here

Lucas Mearian

Today's Patch Tuesday brings fireworks and — a magic bullet?

5 days 7 hours ago

Over the past few years we’ve seen a few security holes that have drawn Chicken Little warnings and vast amounts of unthinking press reports. When you turn on a local news program and hear from the hometown weather reporter that you really need to get Windows patched, a bit of skepticism might be in order.

Today’s Patch Tuesday appears to be headed down the same well-worn chute.

Brian Krebs, the security guru with impeccable credentials, fired an opening salvo in his blog post yesterday:

To read this article in full, please click here

Woody Leonhard

Seven high points of Windows 7

5 days 9 hours ago

Today Microsoft issues its final free security update for Windows 7, putting an end to that operating system's decade.

To remember that service — a retirement party but without the cloyingly sweet cake and cheap gold watch — Computerworld selected seven highlights of Windows 7. While the seven do not pretend to trace Windows 7's history, they illustrate the influence and impact of the OS.

Here's to Windows 7. Raise a glass, for cryin' out loud.

It salvaged Microsoft's reputation after the Vista debacle

The numbers say it all.

Windows Vista, the 2006 replacement for Windows XP, topped out at 20% of all Windows versions in October 2009. Even though the OS it followed was long in the tooth — XP was nearly twice the age of a typical version when it was supplanted — Vista struggled to put a dent in its forerunner's share.

To read this article in full, please click here

Gregg Keizer

Saying goodbye to Windows 7 isn’t easy, but you must

5 days 10 hours ago

Listen, I get it. Windows 7 has worked really well. After the Vista fiasco, you were so happy to get a decent version of Windows. You dodged the Windows 8.x sinkhole, and, boy, were you glad! Then, you thought about Windows 10, but 7 just did the job so you stuck with it, and then you felt vindicated because of Windows 10’s dodgy upgrades and patches. Now, today, Jan. 14, 2020, Windows 7 has reached its end of life, and either you’ve upgraded to Windows 10 or you’re working on another Windows 7 alternative like Chrome OS, macOS or Linux, right?

To read this article in full, please click here

Steven J. Vaughan-Nichols

Mozilla patches Firefox zero-day as attackers exploit flaw

1 week 3 days ago

Just one day after releasing Firefox 72, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.

On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as CVE-2019-17026. "We are aware of targeted attacks in the wild abusing this flaw," Mozilla said in the short description of the flaw, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.

To read this article in full, please click here

Gregg Keizer

Your Windows PC may become collateral damage in any conflict with Iran

1 week 3 days ago

When Iran launches cyberattacks in revenge for the killing of Major Gen. Qasem Soleimani — which it almost certainly will do — the attack vector, as always, will be Windows. And when that happens, your PC and your business’s PCs will be right in the crosshairs. Here’s why — and how you can protect your machines and your business.

A long history of U.S.-Iranian cyberwarfare

To understand the coming cyberattacks, it’s useful to look back. For more than a decade, the U.S. and Iran have engaged in low-level cyberwarfare, with occasional bursts of higher-level attacks. The most destructive of them was Stuxnet, launched in 2009 by the U.S. and Israel against Iran’s nuclear program. It exploited four zero-day flaws in Windows machines, which controlled the centrifuges Iran used to create nuclear material that can be used in nuclear weapons.

To read this article in full, please click here

Preston Gralla

Apple wants privacy laws to protect its users

1 week 4 days ago

Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know – and a bunch more personal information, too.

The snag with your device knowing all this information is that once the data is understood, that information can be shared or even used against you.

Information is power

Jane Horvath, Apple's senior director for global privacy, appeared at CES 2020 this week to discuss the company’s approach to smartphone security. She stressed the company’s opposition to the creation of software backdoors into devices, and also said:

To read this article in full, please click here

Jonny Evans

Apple’s wants privacy laws to protect its users

1 week 4 days ago

Your iPhone (like most smartphones) knows when it is picked up, what you do with it, who you call, where you go, who you know – and a bunch more personal information, too.

Information is power

The snag with your device knowing all this information is that once the data is understood than that information can be shared or even used against you.

Jane Horvath, Apple's senior director for global privacy, appeared at CES 2012 to discuss the company’s approach to smartphone security.

To read this article in full, please click here

Jonny Evans

FAQ: Last-minute answers about Windows 7's post-retirement patches

1 week 5 days ago

A week from now, Microsoft will serve customers with the last for-free Windows 7 security update, in effect retiring the 2009 operating system.

However, hundreds of millions of personal computers will still power up thanks to Windows 7 on Jan. 14, and for an indeterminate timespan after that date. Windows 7 may be retiring, but it's not disappearing.

Microsoft admitted as much more than a year ago when it announced Extended Security Updates (ESU), a program for commercial customers who needed more time to ditch Windows 7. ESU would provide patches for some security vulnerabilities for as long as three years. For a fee.

To read this article in full, please click here

(Insider Story)
Gregg Keizer
Checked
22 minutes 4 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.