Skip to main content
Please wait...

The ultimate guide to privacy on Android

1 month 1 week ago

On the surface, Android and privacy might not seem like the most natural of bedfellows. Google is known for its advertising business, after all — it's how the company makes the lion's share of its money — and it can be tough to square the notion of data collection with the concept of carefully controlled information.

In actuality, though, Google gives you a good amount of authority over how and when it taps into your Android-associated info. (And even at its worst, the company never shares your data with anyone or sells it to third parties, despite some broad misconceptions to the contrary.) Ultimately, it just comes down to a matter of educating yourself about the possibilities and then determining what balance of privacy and function makes the most sense for you.

To read this article in full, please click here

JR Raphael

Get your May 2020 Windows and Office patches installed

1 month 1 week ago

Headlines scream that you should avoid the May patches. Pshaw. From what I’ve seen they’re largely overblown. Not to say that all is well in patchland – it isn’t. But the situation has stabilized, and I don’t see any reason to hold back on May’s patches.

Of course, I’m assuming that you don’t voluntarily jump down the rabbit hole and join the unpaid beta testers working on Windows 10 version 2004 – the May 2020 Update. It's kicking up all sorts of problems – but that's no reason to hold off on the May patches.

To read this article in full, please click here

Woody Leonhard

Microsoft Patch Alert: May 2020

1 month 2 weeks ago

With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it’s time for those of us who rely on stable PCs to consider installing the May patches.

While the general outlook now is good, we’ve been through some rough patches – which you may, or may not, have noticed.

Unannounced Intel microcode patch triggers reboots

On May 20, Microsoft released another of its ongoing series of “Intel microcode updates,” all named KB 4497165. Ostensibly intended to fix the Meltdown/Spectre security holes, many of them have a history of problems and hassles not commensurate with the amount of protection they provide (unless you’re running a bank transaction system or decrypting top secret emails).

To read this article in full, please click here

Woody Leonhard

Getting started with Google Password Manager

1 month 2 weeks ago

If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here

JR Raphael

Mobile security forces difficult questions

1 month 2 weeks ago

As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here

Evan Schuman

Apple rejects flawed claims about its contact tracing tech

1 month 2 weeks ago

Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you

Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people’s locations and monitor who they meet – which is precisely what it tries not to do.

To read this article in full, please click here

Jonny Evans

Amid the pandemic, using trust to fight shadow IT

1 month 3 weeks ago

Shadow IT, where workers sometimes go rogue in their efforts to solve business problems, can create challenges – and opportunities – for companies in the best of times. With the COVID-19 pandemic still unfolding, these are not the best of times. With most employees and executives still working from home, the big issue for administrators and IT pros still centers on how to make things work in today’s trying circumstances.

Every major platform has controls IT can use, some of them as blunt as a hammer and others that offer surgical precision. At either end of that spectrum lie two common questions: How restrictive does IT need to be and is there a way to fully communicate areas of risk while making business more secure.

To read this article in full, please click here

(Insider Story)
Ryan Faas

A 'business-as-usual' Patch Tuesday update for Windows desktops

1 month 4 weeks ago

It really is saying a lot when Microsoft releases more than 100 updates each month and this is now considered “business as usual." Speaking of the “new normal,” Microsoft has changed the release cadence of its optional updates (generally released later each month).

In a statement about the new update regularity, the company said: "We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

To read this article in full, please click here

Greg Lambert

Zoom to add end-to-end encryption with Keybase acquisition

2 months ago

Zoom has acquired secure messaging and identity management firm Keybase as its looks to shore up security capabilities on its platform with end-to-end encryption.

The acquisition will give Zoom access to Keybase’s encryption technology, used to secure online identities, as well as its team of engineers. Launched in 2014, Keybase lets users encrypt social media messages and shared files with public key encryption to ensure that communications stay private. 

Keybase’s cofounder Max Krohn will now head up Zoom’s security team, Zoom said. Krohn’s new role was first detailed by CNBC.

To read this article in full, please click here

Matthew Finnegan

Google extends G Suite identity and security device management to Windows 10 PCs

2 months 2 weeks ago

Google this week extended G Suite's device management tools to Windows 10 PCs, adding them to the Android, iOS and Chrome endpoints already on the list.

Administrators can now use the G Suite console to secure G Suite accounts on Windows 10 systems using Google's anti-hijacking and suspicious-login-detection technologies, and set those machines for single-sign on (SSO) so that G Suite account credentials double as Windows 10 log-in authentication.

The roll-out of the new console capabilities started April 27, with the rapid release and scheduled release tracks (the latter is the default) beginning simultaneously rather than staged, as usual.

To read this article in full, please click here

Gregg Keizer

Microsoft Patch Alert: April 2020, another 'wacky' month

2 months 2 weeks ago

The patching pace this month returned to normal: We had the Patch Tuesday patches on April 14, followed by the “optional, non-security, C/D Week” patches one week later (Monthly Rollup Preview for you Win8.1 afficionados). With a bit of luck, that’s the last round of confusing “optional” Win10 patches: Microsoft promises we won’t see any more of them.

We also had an out-of-band patch for Office 2016 Click-to-Run, Office 2019 (which is only available as Click-to-Run) and Microsoft 365 Apps for Enterprise (previously known as Office 365 ProPlus). The big concern with those patches falls into the “it’s not a bug, it’s a feature” column.

To read this article in full, please click here

Woody Leonhard

Many reported problems with this month’s Win10 Cumulative Update, but few patterns

2 months 2 weeks ago

The blogosphere is awash in reports of problems with this month’s Win10 1903/1909 Cumulative Update, with more than 100 reported bug sightings. What's causing the problems?

The trick every month is to sift through all of the problem reports and see if there are any common strings – whether folks running this piece of hardware or that kind of software should be especially cautious. 

I’ve been looking at the reports and I’ll be hanged if I can see any pattern, aside from the usual cacophony of random error messages and broken systems. Can you see any common threads?

To read this article in full, please click here

Woody Leonhard

Vivaldi joins anti-tracking browser brotherhood

2 months 2 weeks ago

Niche browser maker Vivaldi Technologies this week released version 3.0 of its eponymous application, which included integrated ad- and tracker-blockers.

Both tools were disabled by default in the new version, which was released Wednesday. "We believe that many users would not wish to prevent the sites they like to visit from generating revenue, and for that reason, we don't enable Ad blocker by default," wrote Jon von Tetzchner, co-founder and CEO of Vivaldi, in a post to a company blog.

To read this article in full, please click here

Gregg Keizer

Zoom unveils a host of new privacy, security features

2 months 3 weeks ago

Looking to bounce back from a spate of recent security missteps, video conferencing platform Zoom today announced a variety of new privacy and security capabilities in Zoom 5.0, a key milestone in the company’s recently launched 90-day security plan.

The primary difference between the current version of Zoom software and Zoom 5.0 is the addition of support for AES 256-bit GCM encryption; it’s designed to provide increased protection for meeting data and resistance to tampering. The new level of encryption will be available across Zoom Meeting, Zoom Video Webinar, and Zoom Phone.

To read this article in full, please click here

Charlotte Trueman
Checked
1 month ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.