Skip to main content
Please wait...

Google abandons URL shortening in Chrome

6 days 2 hours ago

Google has called quits on the notion of truncating URLs in Chrome, according to a note from earlier this month in the Chromium project's bug database.

"This experiment didn't move relevant security metrics, so we're not going to launch it," Emily Stark, a staff software engineer on the Chrome team, wrote in the June 7 entry.

Android Police first reported on Stark's note June 10.

To read this article in full, please click here

Gregg Keizer

Windows updates: The four basic patch personalities

6 days 15 hours ago

If you ask most people what they dislike about Windows 10, they’d probably say it’s the monthly updating process and the disruption it triggers. Depending on your personality type (and how risk averse you are), here’s how to handle Windows updates, deal with the changes, and keep your sanity in the process.

Bleeding-edge patchers

Are you a risk-taker who loves the bleeding edge? Do you look forward to trying out new technologies, dealing with green-colored blue screens of death (BSODs) and happen to have a spare computer that you can use to provide feedback and search for error messages? If so, the Insider version of Windows 10 is for you.

To read this article in full, please click here

Susan Bradley

6 zero-days make this a 'Patch Now' Patch Tuesday

1 week 2 days ago

Microsoft this week pushed out 50 updates to fix vulnerabilities across both the Windows and Office ecosystems. The good news is that there are no Adobe or Exchange Server updates this month. The bad news is that there are fixes for six zero-day exploits, including a critical update to the core web rendering (MSHTML) component for Windows. We've added this month's Windows updates to our "Patch Now" schedule, while the Microsoft Office and development platform updates can be deployed under their standard release regimes. Updates also include changes to Microsoft Hyper-V, the cryptographic libraries and Windows DCOM, all of which require some testing before deployment.

To read this article in full, please click here

Greg Lambert

Securing the Apple mobile enterprise takes context

1 week 2 days ago

Apple’s prescence has expanded from being the brand behind a few Macs in the creative department; it is now a key mobile and productivity provider across every top enterprise. But even Apple’s platforms face security challenges as people work remotely. I caught up with Truce Software CEO Joe Boyle to discuss Apple in the workplace and his company’s approach to managing the mobile enterprise.

To read this article in full, please click here

Jonny Evans

WWDC: Why iCloud+ will help secure the enterprise

1 week 3 days ago

One of the biggest surprises of WWDC 2021 was Apple’s introduction of iCloud+, an upgraded version of its existing service available at no additional charge that provides secure emailing and VPN-style security for users.

iCloud just became a useful business tool

The introduction of these features will transform iCloud into a very useful remote business tool, though it will be interesting to see whether all these features will be available to enterprise folks making use of Managed Apple IDs for their business tools. For the present let's assume they will, given the deep value they promise to those in that sector.

To read this article in full, please click here

Jonny Evans

WWDC: Apple digs deep to secure its platforms

1 week 5 days ago

Apple’s WWDC announcements included plenty for enterprise professionals. One area that deserves  particular attention relates to the variety of privacy improvements the copany is making, because they offer significant benefits for the security conscious.

Putting you in control of your data

The main thrust of Apple’s recent work on privacy is information. The argument is that everyone should know about data collection, what it means, and which apps collect what information — and have at least some understanding of how that data is used.

To read this article in full, please click here

Jonny Evans

Ransomware revisited: As attacks worsen, tried-and-true defenses falter

1 week 5 days ago

Beef? Beef?!

It’s come to this: a ransomware attack has come between me and my Wendy's quarter pounder! As much as I'd like to say that there's nothing to this problem for my favorite fast food lunch, I can't. A ransomware attack on the world’s largest meat processor, JBS, forced nine US beef plants to close their doors on June 1.

It’s not a laughing matter. If major companies such as JBS and Colonial pipeline can get hammered by ransomware, there's nothing stopping a low-life hacker from using Ransomware-as-a-Service (RaaS) to take your business out.

To read this article in full, please click here

Steven J. Vaughan-Nichols

Patch Tuesday: The rules of updating Windows (and Microsoft apps)

1 week 6 days ago

Patch Tuesday week is that time of the month when I get verklempt, — excited,and in a tizzy over the release of this month’s raft of security updates. Will we get fixes for remote code execution attacks? Fixes for privilege escalations? Will we get…? Oh, you don’t get verklempt, excited, and in a tizzy? You actually dread Patch Tuesday?

Let me help you out. When you install updates from Microsoft there are some fundamental rules to keep in mind.

First, when patching you should never ever lose data. Several years ago, when Microsoft rolled out the feature release version of Windows 10 1809, some users reported losing files and folders during the process. The problem caused Microsoft to pause the feature update to investigate what was triggering the issue. As it turned out, the root cause was not the update — it was the timing and rollout of a feature in One Drive. As Microsoft noted in a blog post at the time, the culprits involved three different scenarios with Onedrive — in particular, a setting called known-folder redirection. Although the issues were not widespread, the damage and loss of trust in the Windows update process was immense; even now, users remember that issue when updates arrive. Microsoft revised the 1809 release to deal with the problem and loss of data did not recur afterwards.

To read this article in full, please click here

Susan Bradley

Note to IT: Google really wants its privacy settings left alone

2 weeks 2 days ago

The biggest difference in business models between mobile giants Google and Apple is that Apple sells hardware and software whereas Google sells information. So when Apple makes a big play out of protecting privacy—such as pushing back against encryption backdoors and government subpoenas—it's relatively easy for them. That's not primarily how they make money.

Google, though, has a business model that truly hates privacy. To Google, enterprise data privacy, along with consumer data privacy, is just something that deprives them of raw material that they can sell. In short, Google has to publicly say that it protects its customers' privacy while privately doing whatever it can to keep leveraging that data.

To read this article in full, please click here

Evan Schuman

The missing context around Google's Android privacy fallout

2 weeks 3 days ago

If you've read much tech news lately, you might be feeling a slight sense of shock right now.

A series of newly publicized documents related to an Arizona lawsuit reveals that Google's had some complicated systems for collecting location data across Android over the years — and that, according to the info, the company at one point tried putting a catch-all location toggle into the software's Quick Settings panel but saw a substantial increase in the number of users who took advantage of it with that more prominent positioning in place.

To read this article in full, please click here

JR Raphael

When is a cybersecurity hole not a hole? Never

2 weeks 4 days ago

In cybersecurity, one of the more challenging issues is deciding when a security hole is a big deal, requiring an immediate fix or workaround, and when it's trivial enough to ignore or at least deprioritize. The tricky part is that much of this involves the dreaded security by obscurity, where a vulnerability is left in place and those in the know hope no one finds it. (Classic example: leaving a sensitive web page unprotected, but hoping that its very long and non-intuitive URL isn't accidentally found.)

And then there's the real problem: in the hands of a creative and well-resourced bad guy, almost any hole can be leveraged in non-traditional ways. But — there is always a but in cybersecurity — IT and security pros can’t pragmatically fix every single hole anywhere in the environment.

To read this article in full, please click here

Evan Schuman

To secure your remote workforce, lock down ‘your’ computers

2 weeks 5 days ago

I know some of you are still convinced you'll soon shepherd your flock of workers back into the comfortable cubicles of the corporate office. Not going to happen. I've been following the working from home revolution closely, and, trust me, your people like working from home. A lot.

According to a FlexJobs survey, 58% of workers currently working remotely said they'd "absolutely look for a new job” if they're not allowed to continue remote work. 

To read this article in full, please click here

Steven J. Vaughan-Nichols

Android 12's quietly important privacy progress

3 weeks 5 days ago

This year, for the first time in a long time, it's easy to glance at Google's latest Android effort and focus mostly on the surface.

Android 12's most striking element is without a doubt the overhauled look and feel it brings to the operating system (even if realistically, Pixel owners are the only ones who'll reap the full benefits of that change). We haven't seen such a dramatic reimagining of the Android interface in many a moon — since 2014's Android 5.0 (a.k.a. Lollipop) release — and this progression stretches past the core software itself, even, with effects set to reach the experience of using apps within Android and eventually also Google apps on the web. The same principles will apply to Chromebooks, Smart Displays, and Wear-based wearables before long as well, making this a true Google ecosystem evolution.

To read this article in full, please click here

JR Raphael

5 free ways to get better business security

3 weeks 5 days ago

Ransomware to the left of you, malware to the right—what's a small business stuck in the middle to do?

We all know that securing your company isn't easy or cheap. As Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), and Matthew Masterson, former CISA Senior Cybersecurity Advisor, both recently pointed out: we're "now in the midst of a new normal of cyber-enabled malicious activity."

To read this article in full, please click here

Steven J. Vaughan-Nichols

Apple's Mac security warning shows that closed beats open

4 weeks 2 days ago

Apple’s software engineering chief Craig Federighi recently told us that Macs aren’t yet as secure as iOS devices, but does this mean Mac users need to worry?

What Federighi said

Apple’s software lead was appearing as part of the interminable Epic v Apple trial (which today involves Apple CEO Tim Cook taking the stand). Federighi was arguing that by maintaining a highly controlled third-party app environment on iOS, Apple has been able to build an extremely secure platform.

To read this article in full, please click here

Jonny Evans

Firefox previews site-isolation tech in move to catch up to Chrome

1 month ago

Mozilla on Tuesday announced that a years-long effort to harden Firefox's defenses can now be previewed in the browser's Nightly and Beta builds.

Debuting as "Project Fission" in February 2019, the project was also linked to the more descriptive "site isolation," a defensive technology in which a browser devotes separate processes to each domain or even each website, and in some cases, assigns different processes to site components, such as iframes, so they are rendered separately from the process handling the overall site.

To read this article in full, please click here

Gregg Keizer

Here's what you can do about ransomware

1 month ago

Last week, people in my neck of the woods, North Carolina, went into a panic. You couldn't get gasoline for love or money. The root cause? Colonial Pipeline, a major oil and gas pipeline company, had been hit by a major ransomware attack. With four main fuel pipelines shut down, people throughout the southeast U.S. lined up at gas stations for every drop of gas they could get.

You may not believe that ransomware is a serious threat. But I and most everyone else in the southeast? We believe.

To read this article in full, please click here

Steven J. Vaughan-Nichols

For Windows users, tips on fighting ransomware attacks

1 month ago

Ransomware.

It’s one word that strikes fear in the minds of many a computer user, especially given the near daily headlines about companies affected. It makes us wonder why this keeps happening to users and businesses, large and small.

But there’s plenty you can do to protect yourself or your business.

Be wary of what you click on

Most of the time, ransomware that affects an individual happens after someone clicks on something they shouldn’t — maybe a phishing-related email or a web page that installs malicious files. In a business setting, the attacks often come from an attacker going after open remote access protocol, either using brute force or harvested credentials. Once inside the network, they can disable backups and lie in wait until the best time to attack.

To read this article in full, please click here

Susan Bradley

Google makes a big security change, but other companies must follow

1 month ago

In a wonderful cybersecurity move that should be replicated by all vendors, Google is slowly moving to make multi-factor authentication (MFA) default. To confuse matters, Google isn't calling MFA "MFA;' instead it calls it "two-step verification (2SV)."

The more interesting part is that Google is also pushing the use of FIDO-compliant software that is embedded within the phone. It even has an iOS version, so it can be in all Android as well as Apple phones.

To be clear, this internal key is not designed to authenticate the user, according to Jonathan Skelker, product manager with Google Account Security. Android and iOS phones are using biometrics for that (mostly facial recognition with a few fingerprint authentications) — and biometrics, in theory, provides sufficient authentication. The FIDO-compliant software is designed to authenticate the device for non-phone access, such as for Gmail or Google Drive.

To read this article in full, please click here

Evan Schuman
Checked
37 minutes 26 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.