Skip to main content
Please wait...

Get the January 2020 Patch Tuesday patches installed

2 months ago

This month has seen a whole lotta hand waving and sky-is-falling-caliber rhetoric, but the reality is much more prosaic. If you aren’t running a major network (and thus aren’t susceptible to the imminent problems with Remote Desktop Gateway, the Citrix network bugs or the whopping 334 patches in Oracle), there’s been little reason to install this month’s updates. 

To read this article in full, please click here

Woody Leonhard

Microsoft Patch Alert: January 2020 patches look relatively benign

2 months ago

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

Woody Leonhard

Galaxy users, take note: Samsung's probably selling your data

2 months 1 week ago

Relying on Google services, as most of us Android-carrying primates do, comes with a certain tradeoff. It's no big secret or anything: Google makes its money by selling ads, which are more effective when they're catered to our interests — the subjects we tend to search about, the things we buy (when Google knows about 'em, at least), and often even the places we go with our location-enabled phones in tow (and/or in toe, for the monkeys among us).

That's all par for the course, as I frequently say — part of the deal we all accept when we use Google services. That's what makes it possible for Google to give us top-notch apps for free, and it's also what opens the door to certain advanced features that wouldn't be possible without that information's presence.

To read this article in full, please click here

JR Raphael

Feds may already have found a way to hack into Apple iPhones

2 months 1 week ago

Although Apple turned down a request by U.S. Attorney General William Barr to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to already have the tools needed to access the smartphones.

Apple rejected a request from Barr to help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani. He is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here

Lucas Mearian

Don’t worry about CurveBall just yet — get your Citrix systems patched

2 months 1 week ago

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.” 

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781. 

To read this article in full, please click here

Woody Leonhard

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

2 months 1 week ago

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor's nine-year-old, even the bleeping NSA. It's a little patch. Why not just install it and be done with it?

To read this article in full, please click here

Woody Leonhard

Kadena launches a hybrid platform to connect public, private blockchains

2 months 1 week ago

Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Lucas Mearian

Kadena launches Chainweb, a hybrid platform to connect public, private blockchains

2 months 1 week ago

Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Lucas Mearian

Windows 7 end of support: Separating the bull from the horns

2 months 2 weeks ago

No, Windows 7 isn’t dead.

No, you don’t need to buy a Win10 computer. 

No, you don’t need to upgrade.

No, you don’t need to install the latest Win7 patches right away.

No, Microsoft isn’t withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren’t disappearing.

No, your Internet Service Provider won’t kick you off your network for using Win7.

To read this article in full, please click here

Woody Leonhard

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent

2 months 2 weeks ago

Get ready for your local news station’s weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. “Remarkable” specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems.

To read this article in full, please click here

Woody Leonhard

Microsoft to Windows 7: Beat it, you bum

2 months 2 weeks ago

Microsoft today figuratively told Window 7 - which ended support with a final security update - not to let the door hit it on the way out.

"Ten-year-old tech just can't keep up," Jared Spataro, an executive on the Microsoft 365 team, wrote in a post to a company blog. "As we end support for Windows 7, I encourage you to transition to these newer options right away."

Not surprisingly, Spataro named those newer options as Windows 10 to replace Windows 7, and Office 365 to fill in for the retiring-in-October Office 2010. Combined, they make up the bulk of Microsoft 365, the business subscription plan Microsoft wants all customers to adopt.

To read this article in full, please click here

Gregg Keizer

Apple refuses latest government iPhone-unlock request

2 months 2 weeks ago

After Apple turned down a request by U.S. Attorny General William Barr this week to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to have already had the tools needed to access the smartphones.

Apple turned down a request from U.S. Attorney General William Barr saying it will not help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani, who is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here

Lucas Mearian

Today's Patch Tuesday brings fireworks and — a magic bullet?

2 months 2 weeks ago

Over the past few years we’ve seen a few security holes that have drawn Chicken Little warnings and vast amounts of unthinking press reports. When you turn on a local news program and hear from the hometown weather reporter that you really need to get Windows patched, a bit of skepticism might be in order.

Today’s Patch Tuesday appears to be headed down the same well-worn chute.

Brian Krebs, the security guru with impeccable credentials, fired an opening salvo in his blog post yesterday:

To read this article in full, please click here

Woody Leonhard

Seven high points of Windows 7

2 months 2 weeks ago

Today Microsoft issues its final free security update for Windows 7, putting an end to that operating system's decade.

To remember that service — a retirement party but without the cloyingly sweet cake and cheap gold watch — Computerworld selected seven highlights of Windows 7. While the seven do not pretend to trace Windows 7's history, they illustrate the influence and impact of the OS.

Here's to Windows 7. Raise a glass, for cryin' out loud.

It salvaged Microsoft's reputation after the Vista debacle

The numbers say it all.

Windows Vista, the 2006 replacement for Windows XP, topped out at 20% of all Windows versions in October 2009. Even though the OS it followed was long in the tooth — XP was nearly twice the age of a typical version when it was supplanted — Vista struggled to put a dent in its forerunner's share.

To read this article in full, please click here

Gregg Keizer

Saying goodbye to Windows 7 isn’t easy, but you must

2 months 2 weeks ago

Listen, I get it. Windows 7 has worked really well. After the Vista fiasco, you were so happy to get a decent version of Windows. You dodged the Windows 8.x sinkhole, and, boy, were you glad! Then, you thought about Windows 10, but 7 just did the job so you stuck with it, and then you felt vindicated because of Windows 10’s dodgy upgrades and patches. Now, today, Jan. 14, 2020, Windows 7 has reached its end of life, and either you’ve upgraded to Windows 10 or you’re working on another Windows 7 alternative like Chrome OS, macOS or Linux, right?

To read this article in full, please click here

Steven J. Vaughan-Nichols
Checked
52 minutes 19 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.