Skip to main content
Please wait...

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)

1 month 1 week ago
The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Korolov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Time to install the August Windows patches — but watch out for the bugs

1 month 1 week ago

August brought loads of drama to the Windows and Office patching scene. Microsoft’s first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection. 

Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced “wormable” malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.

To read this article in full, please click here

Woody Leonhard

FTC fines YouTube, but do fines really encourage change? | TECH(feed)

1 month 2 weeks ago
The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Why Apple’s little ‘Find My’ Tile competitor is big news

1 month 2 weeks ago

Apple is expected to introduce its own Tile-competing tracking device(s), perhaps as soon as fall. So, what are the advantages of the device, what can we expect, and what happens next?

Freedom from networks

There are hundreds of tracking devices available today. These cost anything from tens to hundreds of dollars and in most cases require you sign-up to a network provider for SIM card-based network access.

To read this article in full, please click here

Jonny Evans

Microsoft Patch Alert: Full of sound and fury, signifying nothing

1 month 2 weeks ago

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

To read this article in full, please click here

Woody Leonhard

Hedera Hashgraph launches mainnet, hopes to compete with global business networks

1 month 3 weeks ago

Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ]

"There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hedera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here

Lucas Mearian

Throwback Thursday: Timing is everything

1 month 3 weeks ago

It’s many years ago, and this pilot fish regularly travels to company offices around the country, dealing with IT-related problems and running user training sessions.

The big current project is implementing internet filtering after complaints that some workers are viewing inappropriate websites. So fish has to head to a meeting with many directors and managers to demonstrate.

Upon arriving at the meeting site, fish sets up a laptop and projector and connects it to the internal network. Then he tests to make sure the filtering is working, calling up a blocked site that, if it does display, only shows a silhouette of a bunny with a bow tie.

But not to worry: The site is blocked, so everything is ready.

To read this article in full, please click here

Sharky

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV

1 month 3 weeks ago

If you’re using Symantec Endpoint Protection or any Norton Antivirus product on a Windows 7 or Server 2008 R2 machine, you didn’t get the August patches. Shortly after the August Monthly Rollup and Security-only patches were released, Microsoft put a freeze on systems running Symantec or Norton antivirus products.

The conflict stemmed from a long-anticipated change in the way Microsoft signed the August patches: Starting in August, all patches are signed using the SHA-2 encryption method. Somehow, Symantec didn’t get the message back in November that the shift was underway, and missed the deadline.

To read this article in full, please click here

Woody Leonhard

Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers

1 month 3 weeks ago

Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.

"Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit," Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.

Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.

To read this article in full, please click here

Gregg Keizer

Texas ransomware attacks: to pay or not to pay? | TECH(feed)

1 month 3 weeks ago
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker’s ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Throwback Thursday: Eyes only

1 month 4 weeks ago

Programmer pilot fish goes online to a message board for a development system that’s used for one of his company’s applications.

But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company’s access policy.

He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.

But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.

Sputters baffled fish, “It actually blocked the policy!”

To read this article in full, please click here

Sharky

Safari to ape Firefox, go all-in on anti-tracking

1 month 4 weeks ago

The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

"We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques."

To read this article in full, please click here

Gregg Keizer

Installing Windows 7 from a backup? You need a BitLocker patch right away

2 months ago

No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

[ Related: Windows 7 to Windows 10 migration guide ]

A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here

Woody Leonhard

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches

2 months ago

August is going to be a perilous patching month.

We’re tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month’s version of Outlook 365, confusion about Win7 patches being branded as “IA64 only,” dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even more confusion over the difference between Symantec Endpoint Protection and Norton Security Suite, and lots of the usual installation failures and rollbacks.

To read this article in full, please click here

Woody Leonhard

3 Google privacy tips for Mac and iOS users

2 months ago

Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there’s no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do)

Do you use Gmail? Did you one use Google +? Perhaps you employ Google Drive, Google Docs or any of the company’s other products. If so, you have a Google account.

To read this article in full, please click here

Jonny Evans

Chrome, Firefox to expunge Extended Validation cert signals

2 months ago

Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

[ Further reading: 10 must-have Safari extensions ]

The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here

Gregg Keizer

Why blockchain-based voting could threaten democracy

2 months 1 week ago

Public tests of blockchain-based mobile voting are growing.

Even as there's been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through "wholesale fraud" or "manipulation tactics."

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here

Lucas Mearian
Checked
6 minutes 30 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.