Articles about Security

Windows XP user survey shows little hope for change

Windows XP

Last week was the much talked about XPocalypse, meaning support came to an official end for XP, despite a large number of users, both home and business, still running the operating system. It seems that this setback isn't doing much to daunt those users, either.

Security firm Avast has released a survey it conducted just before April 8th, and results will be disappointing to Microsoft. Many customers plan to stick it out with the aging platform.

Continue reading

Google is a bully, but that's not necessarily a bad thing

Puppet

Google has a lot of mud thrown at it, and while a lot of it slides off, there is a good proportion that sticks. There are a variety of accusations levelled at the search giant -- evil, self-serving, monopolistic, nosey, invasive, overbearing, corporate, et cetera, et cetera -- but could it be that the power the company wields is actually a good thing? Could Google use the sway it holds over website owners to make the web a better place? But before we start praising Google, there's no harm in sticking the boot in first, eh?

For many people, Google is a bully. In the constant search for page views, ranking in Google matters -- it matters a lot. My colleague Joe Wilcox argues that writers should write for themselves and their readers rather than Google -- something I would strongly advocate -- but until this notion gathers momentum, there are still countless bloggers panicking themselves silly about what impact the latest search algorithm changes will have on their position in search results. It can be a constant game of catch-up, requiring endless changes to optimize content for maximum visibility -- all too often at the expense of readability and reader experience.

Continue reading

The security risks of BYOD -- Amtel [Q&A]

BYOD jigsaw

Allowing employees to use their own mobile devices for work has led to a number of new challenges, particularly when it comes to keeping devices and data secure.

We talked to PJ Gupta, CEO of mobile security specialist Amtel about the risks BYOD presents to enterprises and what they can do to ensure they remain safe.

Continue reading

Are Dropbox users overreacting to Condoleezza Rice? The company responds

Condi

Condoleezza Rice is a beautiful, accomplished woman. However, her legacy in the eyes of many, is tainted by her association with the Bush Administration. While that administration was marred with controversial moments, it is debatable if Ms. Rice should be forever linked to it by detractors.

Nevertheless, her appointment to the Dropbox board of directors has sparked an outcry of disappointment from users of the cloud service. Users seem concerned that her government associations will taint the integrity of the company and its stance on security. But is the furor warranted? As stated in a new blog posting, Dropbox does not seem to think so.

Continue reading

I think we’ve seen this before... Why 'incident intelligence' is imperative

Malware

Lately, I’ve had a lot of conversations about how threat intelligence can enrich organizations’ incident response processes and how the right intelligence can make them more effective. As a note, I’m a former full time lead incident responder for a massive organization and now a researcher.

I can confidently say that when you’re dealing with literally hundreds of malware incidents per day, the minute differences in identified indicators can all start to blur together. Being able to very quickly and efficiently answer the question of whether or not a particular indicator of compromise has been seen before (and in what context) is crucial. Let’s call this "incident intelligence". Incident responders always need to have a clear picture of what they are dealing with and how it may relate to something already encountered during previous incidents, but unfortunately for most teams, this is easier said than done.

Continue reading

The most popular stories on BetaNews this past week: April 6 -- April 12

April 6-12

Microsoft was in the headlines this week not for launching new products but for, finally, bringing an end to support for Windows XP. Yes, the now ancient and decrepit -- although still much loved and used -- operating system is no more. It will be interesting to see how long it manages to survive now it has been officially dropped -- some are suggesting that a move to Linux might be in order, or even a switch to Chromebook. But, of course, it hasn’t all been about XP. After the announcements at Build, Joe Belfiore revealed on Twitter that developers will be able to get their hands on Windows Phone 8.1 in the "first part of April".

There is also renewed interest in Windows 8.1 following the release of Update, and Microsoft published a guide to making the most of the new features and options. Will the operating system be viewed as fondly as XP in years to come? Only time will tell. Working in conjunction with Google, Microsoft also gave a new and improved YouTube experience to Xbox One owners.

Continue reading

Heartbleed -- the passwords you need to change

Heartbleed logo

The unveiling of the Heartbleed OpenSSL flaw this week has led to major ripples through the IT industry and the online community.

There has been all kinds of advice on offer about changing passwords -- but only after the site in question has been made safe. To be certain you're doing the right thing you therefore need to either check the site yourself or wait for some official confirmation that it's been patched.

Continue reading

Heartbleed -- should we panic now?

Heart blood

Yesterday the IT world went a little bit crazy over the disclosure of the Heartbleed bug and the chance that encrypted information could potentially be intercepted by hackers.

We know that some big sites, notably Yahoo, have been exposed and Google was quick to apply the necessary patches to its servers. If you’re still worried, a number of sites have sprung up allowing you to check if a site has been patched -- thanks to Bob Grant on the comments thread to yesterday’s story for highlighting that one.

Continue reading

Microsoft: Azure? Windows? Heartbleed? No way, maybe if you're using Linux

Security Lock

You will have heard by now that a major vulnerability in the OpenSSL library was just made public. Called Heartbleed, it affects the security of a huge number of cloud services and sites as well as various products, like operating systems and apps, which have employed it during the past two years. The impact can be devastating, as there is no way of telling if Heartbleed was exploited, or how much data may have been stolen so far.

A number of companies have already announced the patching of their OpenSSL-toting services and products. Google was among the first to do so, yesterday. Evernote, however, just revealed that its users are not affectedMicrosoft has also decided to shed light on whether Heartbleed impacts its users, saying that Windows Azure, Microsoft account, and Windows are immune.

Continue reading

How to check if your Android phone is vulnerable to Heartbleed

Heartbleed logo

Heartbleed is a critical bug in OpenSSL that allows for the stealing of information that would normally be protected by SSL/TLS encryption. Essentially anyone on the internet can read the memory of systems protected by vulnerable versions of the popular cryptographic software library. The bug affects two-thirds of the Internet and while Google has patched its services, Android remains affected.

If you have an Android phone you can quickly check to see what version of OpenSSL it’s running, and whether the vulnerable feature, called Heartbeats, is enabled.

Continue reading

Google stops the hemorrhaging -- patches OpenSSL Heartbleed bug

BandAid

The Heartbleed bug is quite the devastating blow to computer security. The OpenSSL failure has the unfortunate effect of lowering computer users' confidence in SSL. However, the mistrust in SSL is misplaced, as it is only the OpenSSL implementation that is affected. No matter though, the damage is done and the flaw has been available for exploit since 2011.

When the news of the flaw was announced, many people's attention turned to Google. No, the company is not the cause of the bug, but since it controls such a huge part of the Internet, people hoped that its services were unaffected. Sorry people, Google was affected too. However, the company was also quick to patch, announcing the details of such today.

Continue reading

Automate login and bypass the lock screen in Windows 8.1

user accounts

I hate waiting for my computer to boot up. My impatience stems from when I owned an XP system that took upwards of five minutes to get to a usable state no matter what I did to try and speed things along. Scarred by that experience I used to leave my system on permanently (just flipping the monitors off when I stepped away), but obviously that wastes electricity. Switching to an SSD, and configuring Windows to boot as quickly as possible, offered a decent solution.

The problem is Windows 8.1 seems to be designed to slow you down. Once your computer has booted up there is a lock screen to clear, then you have to enter your password and log to in your Microsoft account. Obviously Microsoft has done this for security purposes, and that's great. But if you don't share your computer with other people, and are confident no one will have access to your PC, you can configure the OS to bypass both delaying stages and boot straight in.

Continue reading

Mega data breaches indicate shift in cybercrime landscape

crime scene featured

Cybercriminals are increasingly plotting for longer to pull off big heists rather than carrying out quick hits for smaller rewards.

Symantec's latest Internet Security Threat Report shows a significant shift in criminal behaviour as some of the most damaging attacks in history were carried out in the last year.

Continue reading

The Apple myth: Why security through obscurity isn't security

Apple worm

My girlfriend was on the prowl for a new vehicle not too long ago, and decided on a Subaru. Not only do the company's vehicles arguably receive some of the highest safety ratings in the States, but their policy of across-the-board all wheel drive is another nicety I love about them. Even so, she wouldn't think of ditching her safety belt, no matter how safe the cars claim to be.

Likewise, sizable portions of American society lives out in rural areas where crime and theft are almost unheard of. Yet they most likely still use locks on all of their doors, and keep them locked shut at night. Their risk of forced entry or other crimes are leagues lower than in congested urban areas (like my neck of the woods, Chicago) but they still follow plain commonsense.

Continue reading

The most popular stories on BetaNews this past week: March 30 -- April 5

April 2014

It's difficult to deny Microsoft at least some of the limelight this week as the Build developer conference generated some interesting news. Bringing Windows version numbers in line with each other, Windows Phone 8.1 was finally revealed, complete with a notification center and Siri-like Cortana. The highly anticipated Windows 8.1 Update (which you may have heard something about) was official unveiled and given a launch date of April 8. Wayne, for one, liked what he saw.

Microsoft came over all open source, making the Roslyn compiler as well as WinJS freely available. Brian was pleased with the tech giant's latest moves, proclaiming Microsoft is now back. Build also gave us a sneaky glimpse of an upcoming, but as yet unnamed, version of Windows that features the return of the Start menu -- all of this chopping and changing is getting confusing. Maybe next on the list of things to do with Windows will be getting rid of those apps and features that should have been killed some time ago.

Continue reading

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.