Mozilla this week announced it would automatically move users running outdated versions of macOS to the Firefox Extended Support Release (ESR), an edition that provides security updates only.

The move, a first step towards dropping all support, will take place June 30, when Mozilla releases Firefox 78. On that date, users of Firefox still running OS X 10.9 (Mavericks), 10.10 (Yosemite) and 10.11 (El Capitan) on their Macs will instead be shunted to the extended channel and given 78.0 ESR. While that and Firefox 78 will be identical, when the latter shifts to version 79 four weeks later, ERS will remain at 78, increased to 78.1 to mark its first security update.

To read this article in full, please click here

Surf the web in complete anonymity and keep your file system safe from hardware failure as well as cybercrime.

Internecine conflict seems to be a recurring theme at Microsoft, but this one takes it to new levels. Somehow, somebody forgot to test the latest patched version of Outlook with the latest patched version of Windows. The result is an error message that makes Outlook inoperable.

The official announcement appears on the Microsoft 365 support site:

To read this article in full, please click here

Sysadmin pilot fish is checking out encryption for his company’s backups.

“We have a mainframe that runs our core system,” explains fish. “Each night we back up to an on-site tape and then make a copy of the tape to go off-site. Couriers shuttle the tape back and forth between the sites each day.”

The obvious place to apply encryption is to those off-site tapes, so fish decides to create an encrypted copy of a tape to show how well the process works.

And the encryption process works fine every time. But when fish tries to decrypt the tape, no data comes out.

After fish spends several weeks experimenting, talking to vendors and growing more and more frustrated, one of his co-workers asks whether he has checked the script that generates the copy of the tape.

To read this article in full, please click here

Chrome next month will begin to block notifications from sites that Google believes misuse or abuse the privilege of issuing the warnings.

Starting with Chrome 84 – scheduled to release July 14 – sites that Google thinks traffic in notifications meant to trick users will be blacklisted. Such sites' notifications will be scaled back to what Google earlier defined as its "Quiet UI" and a Chrome-produced warning will appear telling the user that the website may be trying to dupe him or her into accepting future notices.

To read this article in full, please click here

Many admins report that installing the latest June cumulative updates knock out their networked printers. The problem seems to span all common versions of Windows and Server and many printers that have been installed and working in place for years. The bug appears to cause a conflict with older (but very common) PCL 5 and PCL 6 version 2 drivers on printers that are attached to networks, although the details aren’t yet clear. 

Microsoft has acknowledged a bug in the June patches (it isn’t clear precisely which ones) where the USB printer port disappears:

To read this article in full, please click here

Enterprises, government officials or individuals – anyone who seriously wants to secure their communications – uses the cross-platform Signal service. Here are a dozen tips to help you get more from using this on your iPhone.

Secure by design

Signal is built to be secure, so much so that the European Commission this year instructed staff to begin using the encrypted messaging app for public instant messaging. Encrypted emails and highly secure document exchange systems are also used.

To read this article in full, please click here

On the surface, Android and privacy might not seem like the most natural of bedfellows. Google is known for its advertising business, after all — it's how the company makes the lion's share of its money — and it can be tough to square the notion of data collection with the concept of carefully controlled information.

In actuality, though, Google gives you a good amount of authority over how and when it taps into your Android-associated info. (And even at its worst, the company never shares your data with anyone or sells it to third parties, despite some broad misconceptions to the contrary.) Ultimately, it just comes down to a matter of educating yourself about the possibilities and then determining what balance of privacy and function makes the most sense for you.

To read this article in full, please click here

Headlines scream that you should avoid the May patches. Pshaw. From what I’ve seen they’re largely overblown. Not to say that all is well in patchland – it isn’t. But the situation has stabilized, and I don’t see any reason to hold back on May’s patches.

Of course, I’m assuming that you don’t voluntarily jump down the rabbit hole and join the unpaid beta testers working on Windows 10 version 2004 – the May 2020 Update. It's kicking up all sorts of problems – but that's no reason to hold off on the May patches.

To read this article in full, please click here

With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it’s time for those of us who rely on stable PCs to consider installing the May patches.

While the general outlook now is good, we’ve been through some rough patches – which you may, or may not, have noticed.

Unannounced Intel microcode patch triggers reboots

On May 20, Microsoft released another of its ongoing series of “Intel microcode updates,” all named KB 4497165. Ostensibly intended to fix the Meltdown/Spectre security holes, many of them have a history of problems and hassles not commensurate with the amount of protection they provide (unless you’re running a bank transaction system or decrypting top secret emails).

To read this article in full, please click here

If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here

As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here

Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you

Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people’s locations and monitor who they meet – which is precisely what it tries not to do.

To read this article in full, please click here

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Shadow IT, where workers sometimes go rogue in their efforts to solve business problems, can create challenges – and opportunities – for companies in the best of times. With the COVID-19 pandemic still unfolding, these are not the best of times. With most employees and executives still working from home, the big issue for administrators and IT pros still centers on how to make things work in today’s trying circumstances.

Every major platform has controls IT can use, some of them as blunt as a hammer and others that offer surgical precision. At either end of that spectrum lie two common questions: How restrictive does IT need to be and is there a way to fully communicate areas of risk while making business more secure.

To read this article in full, please click here

(Insider Story)

It really is saying a lot when Microsoft releases more than 100 updates each month and this is now considered “business as usual." Speaking of the “new normal,” Microsoft has changed the release cadence of its optional updates (generally released later each month).

In a statement about the new update regularity, the company said: "We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

To read this article in full, please click here

Your browser is one of the easiest ways for malware to penetrate your network. Here are 10 ways to practice safe surfing in Google Chrome, Microsoft Edge and Mozilla Firefox.

Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to agriculture.

Zoom has acquired secure messaging and identity management firm Keybase as its looks to shore up security capabilities on its platform with end-to-end encryption.

The acquisition will give Zoom access to Keybase’s encryption technology, used to secure online identities, as well as its team of engineers. Launched in 2014, Keybase lets users encrypt social media messages and shared files with public key encryption to ensure that communications stay private. 

Keybase’s cofounder Max Krohn will now head up Zoom’s security team, Zoom said. Krohn’s new role was first detailed by CNBC.

To read this article in full, please click here

Companies now have the opportunity to learn from what is and isn’t working during the coronavirus crisis. Use this time to build out a strategy so you won’t have to use band aids and duct tape next time.