Skip to main content
Please wait...

10 steps to smarter Google account security

4 months 2 weeks ago

There are important accounts to secure, and then there are important accounts to secure. Your Google account falls into that second category, maybe even with a couple of asterisks and some neon orange highlighting added in for good measure.

I mean, really: When you stop and think about how much stuff is associated with that single sign-in — your email, your documents, your photos, your files, your search history, maybe even your contacts, text messages, and location history, if you use Android — saying it's a "sensitive account" seems like an understatement. Whether you're using Google for business, personal purposes, or some combination of the two, you want to do everything you possibly can to keep all of that information locked down and completely under your control.

To read this article in full, please click here

JR Raphael

Top secret

4 months 2 weeks ago

It’s back when 5-inch floppy disks roamed the Earth, and a customer service tech sends a software update to a customer known to be a bit more than a little computer-challenged, says a pilot fish in the know. This involves physically mailing a stack of disks to the customer, along with a note saying to call the tech when she’s ready to install the update.

When the call comes, the tech is prepared to walk her through the installation step by step. After getting the computer booted up and verifying that the user has located disk No. 1, the tech says, “Insert the floppy disk into the disk drive, with the label facing up.”

Customer: “Done.”

Tech: “Type ‘A,’ and press the Enter key.”

To read this article in full, please click here

Sharky

Why every user needs a smart speaker security policy

4 months 2 weeks ago

Does your voice assistant wake up randomly when you are engaged in normal conversation, listening to radio, or watching TV? You’re not alone, and this could have serious implications in enterprise security policy.

All things being equal (they’re not)

“Anyone who has used voice assistants knows that they accidentally wake up and record when the 'wake word' isn't spoken - for example, 'seriously' sounds like the wake word 'Siri' and often causes Apple's Siri-enabled devices to start listening," the Smart Speakers research study says.

To read this article in full, please click here

Jonny Evans

Apple joins industry effort to eliminate passwords

4 months 3 weeks ago

In a somewhat unusual move for Apple, the company has joined the Fast IDentity Online (FIDO) Alliance, an authentication standards group dedicated to replacing passwords with another, faster and more secure method for logging into online services and apps.

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. "Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

To read this article in full, please click here

Lucas Mearian

The mess behind Microsoft’s yanked UEFI patch KB 4524244

4 months 3 weeks ago

Remember the warning about watching how sausage is made? This is an electronic sausage-making story with lots of dirty little bits.

First, the chronology. On February’s Patch Tuesday, Microsoft released a bizarre standalone security patch, KB 4524244, which was then called “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: Feb. 11, 2020.” The name has changed, but bear with me.

The original problems with KB 4524244

That patch had all sorts of weird hallmarks as I discussed at the time:

To read this article in full, please click here

Woody Leonhard

Complying with CCPA: Answers to common questions

4 months 3 weeks ago
Enforcement of the California Consumer Privacy Act begins this summer, but lawsuits are already being filed. To help you comply and avoid being sued, CSO contributor Maria Korolov joins IDG TECH(talk) host Juliet Beauchamp to discuss critical components of the CCPA and answer viewers’ questions.

Dump Windows 7 already! Jeez!

4 months 3 weeks ago

Why am I still writing about Windows 7? It’s dead, Jim! The tombstone reads, “June 22, 2009 – January 14, 2020.” It was a good run, but unless you’re shelling out some serious coin for Windows 7 Extended Security Updates (ESU), you shouldn’t be running Windows 7.

But many of you are. According to the best survey of who’s running what, the U.S. government’s Digital Analytics Program (DAP), on Feb. 14, weeks after Win7’s end of life, just over one in 20 of Windows users was still using Windows 7! Oh, come on! More than 5%! A dead and buried OS! Get with the program!

To read this article in full, please click here

Steven J. Vaughan-Nichols

Mobile security: Worse than you thought

4 months 3 weeks ago

Many security professionals have long held that the words "mobile security" are an oxymoron. True or not, with today's mobile usage soaring in enterprises, that viewpoint may become irrelevant. It's a reasonable estimate that 2020 knowledge workers use mobile devices to either supplement or handle much of their work 98% of the time. Laptops still have a role (OK, if you want to get literal, I suppose a laptop can be considered mobile), but that's only because of their larger screens and keyboards. I'd give mobile players maybe three more years before that becomes moot.

That means that security on mobile needs to become a top priority. To date, that usually has been addressed with enterprise-grade mobile VPNs, antivirus and more secure communication methods (such as Signal). But in the latest Verizon Data Breach Investigations Report — always a worthwhile read — Verizon eloquently argues that aside from wireless, the form factor of mobile in and of itself poses security risks.

To read this article in full, please click here

Evan Schuman

How blockchain could help block fake news

4 months 3 weeks ago

In 2018, a video of former President Barrack Obama surfaced on YouTube explaining how easily technology could be used to manipulate video and create fake news. It got more than 7.2 million views.

In the video, Obama explains how we live in dangerous times when “enemies” can make anyone say anything at any point in time. Moments later, it’s revealed that the video was itself faked.

Whether its news articles, images or video, fake and misleading content has proliferated across the internet over the past five or so years. One possible solution to the problem now being proposed would standardize how content is delivered online, with anything outside those standards not trusted.

To read this article in full, please click here

Lucas Mearian
Checked
1 month ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.