Skip to main content
Please wait...

Utah County to pilot blockchain-based mobile voting

2 months 3 weeks ago

Utah County is the latest government entity to pilot a mobile voting application based on blockchain to allow military absentee voters and their family members living overseas to vote in an upcoming municipal primary election.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies on a national effort to expand mobile voting. The pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here

Lucas Mearian

9 steps to lock down corporate browsers

2 months 3 weeks ago

Everyone in the enterprise loves the web browser when it’s delivering news, email, documentation, and sales leads. With the shift to web apps, it’s arguably the most important installed software on any corporate desktop. But the internet is filled with people who aren’t nice — sometimes even dangerous — and the same browser can also bring viruses, rootkits, and worse. Even if the browser sits on a little-used desktop in a dusty corner with no access to sensitive information, an attacker can use the seemingly unimportant machine as a stepping stone.

Keeping your users’ browsers secure is essential. The browser companies work hard to block the attackers by sealing the back doors, side doors, and cracks in between, but that isn’t always enough. Some useful features have dark sides, and enterprises can increase security dramatically by shutting down or tightly limiting access to these options.

To read this article in full, please click here

(Insider Story)
Peter Wayner

Mozilla to add password manager, hack alert to Firefox 70

2 months 3 weeks ago

Mozilla plans bake its Lockwise password manager into Firefox 70, the upgrade now set to launch Oct. 22.

At the same time, the browser will also be more tightly integrated with Firefox Monitor, which will provide warnings to users when their saved passwords have been revealed by a data hack.

[ Further reading: 14 must-have Firefox add-ons ]

According to Firefox bug reports and project documentation, Lockwise will automatically record username-and-password pairs, generate complex passwords on demand, identify victimized accounts and instruct users to change any passwords that have leaked.

To read this article in full, please click here

Gregg Keizer

Slack tweaks desktop app to be faster, more efficient

2 months 4 weeks ago

Slack has overhauled its desktop software, adding offline access and tweaking the software for faster load times.

Recent efforts to improve the desktop app were highlighted at Slack Frontiers last year and the coming update – which the company says will launch 33% faster than before – will be available to users “over the next few weeks.”

[ Related: AR and VR bring a new twist to collaboration ]

Calls made to team mates via the app should be a speedier too, up to 10 times quicker, Slack said. “That could mean the difference between showing up to a meeting on time or not,” the company said in a blog post Monday. “These moments saved can quickly add up, giving you more time to focus on the tasks at hand.”

To read this article in full, please click here

Matthew Finnegan

How and why Apple users should switch to DuckDuckGo for search

3 months ago

Like liberty for all, privacy demands vigilance, and that’s why Apple users who care about those things are moving to DuckDuckGo for search.

Why use DuckDuckGo?

Privacy is under attack.

It doesn’t take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:

And then there’s Duck Duck Go.

To read this article in full, please click here

Jonny Evans

How to take control of Face ID (with tools you may not know exist)

3 months ago

If you travel frequently and use an iPhone or iPad, then you simply must familiarize yourself with these two tips – they’ll make it much easier to secure your device and its contents when you are on the move.

In praise of Face ID

I’ve become very used to using Face ID. It’s seamless.

On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.

My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right – this isn’t always as intuitive as I would like.

[ Related: Get to know Apple’s 11+ new privacy tools ]

All the same, given Apple’s claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person’s face, I’ll always opt for the highly secure choice.

To read this article in full, please click here

Jonny Evans

Memory-Lane Monday: Even worse than you thought

3 months ago

This government agency has cashiers’ stations for handling transactions with the public, and the treasurer’s office decides it needs new software to run those stations, according to a pilot fish in IT.

And there’s going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID “Cash.” They don’t share the top-secret password, though; that’s just for the cashiers to know.

To read this article in full, please click here

Sharky

Zoom fixes webcam flaw for Macs, but security concerns linger

3 months 1 week ago

Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user’s webcam. 

The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.

[ Related: 6 tips for scaling up team collaboration tools ]

Zoom said it’s seen “no indication” any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.

To read this article in full, please click here

Matthew Finnegan

New Windows 7 'security-only' update installs telemetry/snooping, uh, feature

3 months 1 week ago

Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes – and we frankly don’t know what else – rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing “security-only” patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here

Woody Leonhard

Microsoft delivers Defender ATP security service to Macs

3 months 1 week ago

Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.

To read this article in full, please click here

Gregg Keizer

How Apple is improving iCloud this year

3 months 1 week ago

Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what’s going on?

What we know so far about Apple's iCloud plans

Apple at WWDC made several announcements that will be reliant on iCloud – these include obvious things like new services and support for new functions, and less evident topics around sync, data, and artificial intelligence (AI).

Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone), you can access your online iCloud services with the touch of a finger or a quick eye scan.

To read this article in full, please click here

Jonny Evans

The top 8 problems with blockchain

3 months 1 week ago

While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)
Lucas Mearian

Throwback Thursday: Spoilsport

3 months 2 weeks ago

This IT security pilot fish knows something about audits — and knows what he expects of auditors.

“I have more than 15 years of audit experience in IT,” fish says. “I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards.”

Then the internal audit director decides to perform an audit of fish’s group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here

Sharky

Message to IT: Trusting Apple and Google for mobile app security is career suicide

3 months 2 weeks ago

Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."

To read this article in full, please click here

Evan Schuman

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

3 months 2 weeks ago

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

To read this article in full, please click here

Woody Leonhard
Checked
6 minutes 47 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.