Skip to main content
Please wait...

5 big buts about the Pixel 4 phone

2 months 4 weeks ago

Look, I'll just come out and say it: I'm a big believer in buts.

Now, hang on a sec: You haven't accidentally stumbled onto the world's last remaining Sir Mix-a-Lot fan site. (If only!) No, the buts of which I speak at this particular moment are the single "t" variety — as in, the contradictory kinds of statements that are so frequently missing when we talk about technology.

You know what I'm talking about, right? Here in these tribal times of 2019, it's all too easy to fall into a pattern of seeing a certain sort of product or type of device as being either "awesome" or "inferior," with little gray space between those extremes. You've used this kind of smartphone for years now, damn it, so it has to be the best! And that other company's devices are, like, obviously awful. They're from the competing team! They could never be worth your while.

To read this article in full, please click here

JR Raphael

Train to be a certified cyber security professional for just $39

2 months 4 weeks ago

Cyber crime is responsible for a staggering amount of damage and chaos around the world. Want to be a part of the solution? Then train for a career in this demanding field with The A to Z Cyber Security and IT Certification Training Bundle.

This e-training bundle is perfect for anyone who has an interest in putting a stop to cyber crime. It includes twelve courses that’ll introduce students to ethical hacking methods, show them how to test a network for weaknesses, and identify problems so they can be fixed prior to being exploited. It’s fast, flexible, and you can even apply your training in preparation for several certification exams

To read this article in full, please click here

DealPost Team

But I’m still me

2 months 4 weeks ago

Longtime user at a big bank can’t access the archiving system, the intranet kicks her back to the login screen, and the attendance system that pilot fish supports never heard of her. She’s frantic to be recognized by the system, and she starts flooding the IT department with calls — not just the help desk, but operations and individual IT employees as well.

Everyone who gets a call is solicitous and sympathetic, and they all run down the list of questions that could rule out scenarios. Did she get a new PC? No. Did she change offices? No. Is anyone else affected? No. So what is going on?

The answer is simple after all. The woman had just gotten married, and upon her return from her honeymoon, she started using her new last name with every application — without first requesting to have her name changed in any applications. What isn’t so simple is understanding why she never thought to try logging in with her maiden name.

To read this article in full, please click here

Sharky

Utah county moves to expand mobile voting through blockchain

2 months 4 weeks ago

Disabled voters in Utah County will be able to use their smartphones to vote in the November municipal election, an expansion of an earlier pilot test of the blockchain-based technology and anothert step toward allowing all voters to cast ballots with a mobile device.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies, a non-profit focused on expanding mobile voting nationally. The latest pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here

Lucas Mearian

Can Facebook's Libra cryptocurrency survive the exodus?

3 months ago

After the withdrawal of seven of the 29 founding members of the Libra Association, the governing council for Facebook's planned global cryptocurrency, the project's fate  looks increasingly uncertain.

PayPal, Visa, Mastercard, eBay, Stripe, Mercado Pago and Brooking Holdings have backed away from participation on the Libra Association; their hands were forced when  all members met Monday in Switzerland for formalize their commitment to the project.

To read this article in full, please click here

Lucas Mearian

Why we need Apple’s HomeKit-enabled routers

3 months ago

How secure are the connected smart devices you keep in your home and at work? How much protection have you put in place, and have you even taken a minute to change your default router password?

Computer says no

The truth is many smart home device users (and those running connected devices in smart offices, enterprises, manufacturing and beyond) may not yet have taken stock of their security.

[ Related: What to look for in a 4G mobile hotspot ]

This is a particular problem when it comes to older smart devices, many of which are still in use even though a large number of them shipped with weak or non-replaceable factory default passcodes.

To read this article in full, please click here

Jonny Evans

A Chrome security setting you shouldn't overlook

3 months 1 week ago

We spend tons o' time talking about Android security settings — like the added Android 10 option to limit how and when apps are able to access your location. Often lost in the shuffle, though, is the fact that the Chrome desktop browser has some significant security options of its own, and they're just as critical to consider.

In fact, Chrome has an easily overlooked setting that's somewhat similar to that new location control feature in Android. It's attached to every Chrome extension you install, as of not that long ago, and it lets you decide exactly when an extension should be able to see what you're doing on the web and be made privy to all the details (yes, even those details) of your browsing activity.

To read this article in full, please click here

JR Raphael

IoT dangers demand a dedicated group

3 months 2 weeks ago

The internet of things (IoT) brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars.

Internal problem No. 1: Departments that typically have little to no interactions with IT are now directly ordering corporate IoT devices. Maybe you've got Facilities purchasing IoT door locks or Maintenance buying a ton of IoT light bulbs. Given that those departments have been purchasing door locks and light bulbs for as long as anyone can remember and have never needed IT or security's signoff, this can be a problem.

Internal problem No. 2: In many ways, IoT devices (think of devices for tracking pallets on ships or for monitoring where every fleet car is and how fast it's been driven) are very different from anything else that IT or security has dealt with. The units are capturing data that has never been tracked before — Hello, Compliance. Go away, GDPR regulator — and in different ways, such as bypassing enterprise LANs and cloud networks and using internal antennas to directly communicate.

To read this article in full, please click here

Evan Schuman

Will 5G increase mobile security?

3 months 2 weeks ago
We love our smartphones, but there's a dark side. Their prevalence and users’ tendencies to connect over public Wi-Fi make mobile devices a common target of bad guys. Analyst Jack Gold looks at how to mitigate the risk.
Jack Gold

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day

3 months 2 weeks ago

You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn’t go out through Windows Update, or through the Update Server. 

Sept. 24: Microsoft released “optional, non-security” cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn’t bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they’re “optional” and “Preview,” which means most savvy individuals and companies won’t install them until they’ve been tested.

To read this article in full, please click here

Woody Leonhard

Google launches leaked-password checker, will bake it into Chrome in December

3 months 2 weeks ago

Google has launched a web-based hacked-password checker, part of its efforts to bake an alert system into Chrome.

Called "Password Checker," the service examines the username-password combinations stored in Chrome's own password manager and reports back on those authentication pairings that have been exposed in publicly-known data breaches.

[ Further reading: Google's Chromium browser explained ]

The web version can be found at passwords.google.com<>, the umbrella site for Chrome users who run the browser after logging in with their Google account, then use that to synchronize data - including passwords - between copies of Chrome on different devices.

To read this article in full, please click here

Gregg Keizer

Throwback Thursday: Everybody gets an F

3 months 2 weeks ago

As the IT communications manager at this university, pilot fish is the person who sends out memos about IT policy to users. And he does just that when a phishing email starts circulating on campus.

Never send your user name and password to anyone via email, he warns them, and to give them an example of what to look out for, he pastes in the text of the phishing attempt.

Within minutes, his inbox is flooded with responses from students sending him their campus passwords, their Gmail passwords, their Yahoo passwords and more.

Sharky is looking for fish, not phish. Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here

Sharky

Time to install Microsoft's mainstream September patches – and avoid the dregs

3 months 2 weeks ago

It’s a smelter-weight slapdown. 

In one corner you have the Chicken Little contingent, which insists that September’s IE zero-day patch must be important because Microsoft marked it as “Exploited: Yes” and memorialized it with an extremely odd patch on a Monday, followed in Keystone Kops fashion with a stumbling trail of follow-ons

To read this article in full, please click here

Woody Leonhard

Post-retirement Windows 7 patches: Not just for the big dogs now

3 months 2 weeks ago

Microsoft on Tuesday changed its plans for selling Windows 7 post-retirement support, saying that it will offer patches-for-a-price to any business, no matter how small, that's willing to pay.

"Through January 2023, we will extend the availability of paid Windows 7 Extended Security Updates (ESU) to businesses of all sizes," Jared Spataro, an executive in the Microsoft 365 group, wrote in a post to a company blog.

[ Related: How to clean up your Windows 10 act ]

Microsoft had announced the ESU program in September 2018. Since April, when the company started selling ESU, only customers with volume licensing deals for Windows 7 Enterprise or Windows 10 Professional have been eligible to purchase the support add-on.

To read this article in full, please click here

Gregg Keizer
Checked
23 minutes 41 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.