Apple Vice President of Software Engineering, Craig Federighi, discussed his company’s thoughts on ad tracking and more at the European Data Protection and Privacy Conference today. Not surprisingly, he stressed the importance of privacy for Apple — which has made it a centerpiece — in particular and users in general.

Privacy is possible...

It is “absolutely possible to design technology that respects [customer] privacy and protects their personal information,” Federighi said during this speech. "When it comes to privacy protections, we’re very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from."

To read this article in full, please click here

For years, enterprise IT and security operations have been told they need to advance beyond texting short numeric strings in plain text and calling it meaningful Multi-Factor Authentication (MFA) or even just Two-Factor Authentication (2FA). It is stunning how many enterprises still cling to that entry-level security sham, even knowing how subject it is to man-in-the-middle attacks.

As for the oft-cited defense that, "it's better than having no MFA at all," I am not so sure. It provides false comfort to enterprise users that they have meaningful security. That prevents companies from quickly deploying truly robust security, such as an MFA that uses several authentication layers, including voice-recognition, facial- or finger-ID courtesy of the ubiquitous smartphone and almost any of the mobile encrypted authentication apps. (Don't forget that Signal can work well, too.)

To read this article in full, please click here

It’s the final patching month for 2020 — and what a year it’s been. Two more Windows 10 feature releases, numerous servicing stack updates, the end of Office 2010, the pandemic — this has been a year when technology has driven us slightly crazy, and kept us sane. 

The first Tuesday of the month is the start of my Patching month and serves as a reminder to make sure my machines have all of the mandatory patches installed for November — and I’m ready to pause updates for December. We will not see any optional updates at the end of the month; Microsoft has indicated it will not be releasing the optional preview updates for Windows 10 that they would normally arrive during the third week of December.

To read this article in full, please click here

Richt je cybersecurity in vanuit een platformgedachte of vanuit de afzonderlijke point solutions? Sander Almekinders, hoofdredacteur bij IDG Benelux gaat over onder andere deze vraag in gesprek met Michel Schaalje, Security Lead bij Cisco Nederland.

To read this article in full, please click here

CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.

To read this article in full, please click here

(Insider Story)

Computerworld blogger Susan Bradley takes a look at the latest patches from Microsoft, just in time for Thanksgiving in the US.

Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business purposes, for personal use, or some combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here

In the U.S., we’re quickly coming up to the start of holiday season, meaning it’s time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I’m also taking time to better understand the impact of one specific security bulletin — I honestly can’t figure out exactly what I’m supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I’m ready to give the all-clear to go ahead and install Microsoft’s November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I’d hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here

Apple has long positioned itself as a company that believes in your right to privacy. Here is how to use the privacy tools it provides with macOS for desktop Macs.

[ Related: How to stay as private as possible on Apple's iPad and iPhone ] Use a strong passcode

To secure your Mac, all of your data, and your privacy, it is essential to create a strong alphanumeric login password. The temptation to use something short or easy to remember is understandable, but if your Mac goes missing, your life is on show. So visit Security & Privacy>General and tap Change Password to pick something more challenging.

To read this article in full, please click here

If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I’ve written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I’m also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it’s important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here

A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

"It's time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms," asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. "These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they're the least secure of the MFA methods available today."

To read this article in full, please click here

Though we return to monthly browser updates after last month's brief respite — none of this November's browser security issues are worm-able, and we have not seen anything that would require a return to an urgent browser update cycle. The Windows platform gets the most attention this time, but no single issue requires immediate deployment — though some legacy systems may require full testing for graphically intensive applications that rely on older graphic/media conversion technology. And the Microsoft Office and associated development platforms receive some lower-rated patches, with recommendations for a standard roll-out regime. 

To read this article in full, please click here

November’s updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month’s worth of updates.  I don’t expect another set next month. But then again, I didn’t expect this month’s either.

To read this article in full, please click here

You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here

First a bit of an introduction.  Recently, Woody Leonhard decided to take a much deserved “retirement” from both AskWoody.com and Computerworld. I put “retirement” in quotes because I find that in IT, you never really retire. You're often called on to fix anything that has a motherboard or boots up, no matter what operating system is under the hood — especially when visiting family members and even in a pandemic.  Woody is back in Thailand on what he calls an extended vacation.

To read this article in full, please click here

A combination of medical concerns, family obligations … and a screaming desire to turn my attention to interests outside the computer industry have nudged me into retirement.

And it's my great pleasure to announce that "Patch Lady" Susan Bradley will be taking up the cause here at Computerworld  with a new blog: Microsoft Patch Lady. She will also be major-domo of AskWoody.com, managing editor of the AskWoody Newsletters, as guiding light of the @AskWoody twitter charge — and, most importantly, as a spiritual advisor to gazillions of disenfranchised Microsoft customers.

To read this article in full, please click here

Smart security, just like autumn attire, is all about layers. The more effective pieces you have working to protect you, the less likely you'll be to let a burst of cold air — whether a metaphorical one or a literal one — catch you off-guard. (Also, the more flannel, the better. I'm not entirely sure how that applies to the tech side of things, but I'm stickin' with it.)

When it comes to browsing this wild ol' web of ours, after all, potential threats are a-plenty. Shady sites sit in wait to try to trick you into doing something dangerous, passwords are compromised constantly, and ghoulish virtual boogeymen who look curiously like Gary Busey crouch behind dark corners and prepare to pounce.

To read this article in full, please click here

It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn’t — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn’t out. 

To read this article in full, please click here

It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn’t — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn’t out. 

To read this article in full, please click here

In the midst of a pandemic that’s led to unprecedented levels of remote working, digital tools to monitor employees in real time are gaining popularity among companies looking for new ways to track employee productivity. At the same time, the trend raises concerns about employee privacy and how far companies should be allowed to go to keep tabs on their workers.

Applications such as StaffCop, Teramind, Hubstaff, CleverControl, and Time Doctor include real-time activity tracking, can take screenshots of workers’ computers at regular intervals, do keystroke logging, and record screens. In some cases, the tracking tools can be installed without the knowledge of employees. Companies say they’re focused on transparency and productivity, but privacy groups decry draconian “Big Brother” moves made possible by technology. (Computerworld reached out to several of the vendors for comment; most either did not return messages or could not provide someone to discuss their software.)

To read this article in full, please click here