security

A security researcher says he's published proof that users of password manager tool LastPass could easily be tricked into handing over login details. LastPass insists there is no bug with the service itself, but has made some changes to mitigate the ... issue. Sean Cassidy published details of the potential attack at a security conference. He says the way LastPass operates makes it too easy to create bogus looking login pages that could fool users into handing over their login credentials. According to Cassidy, two main problems combine to create the phishing risk. One is that LastPass ... (view more)

In a move surely to upset many users, Microsoft has said it will be ditching support for Windows 7 and 8.1 on most new PCs. Some other PCs will lose support next July, earlier than many expected. The change is to do with the Skylake micro ... architecture for processors released by Intel in August 2015. Many PCs purchased recently will be running Skylake, as will most in the future. Until now, Microsoft had promised to offer extended support for Windows 7 until January 2020 and for Windows 8.1 until January 2023. Extended support means Microsoft continues to fix bugs and issue security updates, ... (view more)

Microsoft has officially dropped support for Windows 8. The move leaves an estimated 30 to 50 million devices needing an upgrade to get security and usability updates. The move, which takes effect with this weeks updates, is potentially confusing as ... Windows 7 is still supported by Microsoft. Additionally, this isn't the usual support timetable that applies to older editions of Windows. Instead, Microsoft is simply dropping support for Windows 8 where users haven't applied the first major batch of updates. Previously that was known as a service pack, but in this case Microsoft chose to ... (view more)

A popular antivirus browser extension has been labeled as a security risk by Google. The tool in question is called Web TuneUp and is a browser extension by AVG; in this case, the problem involves Web TuneUp and the Chrome Browser, but the threat ... itself likely includes other browsers as well. Web TuneUp works by validating links that appear on a web browser page, such as on a search engine results list. It then warns the user if a link points to a page that could compromise security. It's arguably overkill, given that Chrome includes similar tools - plus the fact that Google itself ... (view more)

Microsoft has confirmed it automatically uploads Windows 10 disk encryption keys to its servers. The company says it was a deliberate decision based on weighing up the worst case scenarios. The encryption key in question is not related to logging ... into and running Windows itself. Instead its an encryption of the entire hard drive of the device running Windows 10. This means that if somebody physically steals your computer, they can't make any sense of the data, even if it's been copied to another device (using a disk image backup, for example). Encryption Key Would Help Computer Thieves ... (view more)

Google is testing a login method that doesn't require a password. The problem is that the method doesn't necessarily add any convenience and isn't as secure as it could be. Reports of the new method have come from a user at the discussion site ... Reddit, who was invited to test the new system. As part of the test, the user must have a smartphone registered. (Source: reddit.com ) The user posted screenshots which show the normal login screen but only asking for an email address (the Google equivalent of a user name) and not for a password. Code Sent To Mobile Screen The screenshots ... (view more)

A newly-identified piece of malware has achieved arguably the ultimate goal of cybercriminals. "Nemesis" is able to infect a Windows computer before the operating system is loaded. The malware is a particularly nasty form of a rootkit . That's ... software which is able to inappropriately access some of the core components of a computer (both hardware and software), often disguising its actions. A rootkit is a serious problem because it's often completely undetectable, which means that it can easily override antivirus software to carry out malicious tasks. In this case, the Nemesis ... (view more)

Infopackets Reader Tom H. writes: " Dear Dennis, I'm currently running Windows 7 and would like to upgrade to Windows 10. However, the one thing I'm greatly concerned about is how Windows 10 will track and share my information online. In your ... opinion is Windows 10 worth it or should I stick with Windows 7? " My response: That's a good question, and there a number of things to consider. Updates for the Life of the Machine In my opinion, it's definitely worth the upgrade to go from Windows 7 or 8 to Windows 10 simply for the fact that you will be running the latest operating system from ... (view more)

The Federal Communications Commission (FCC) has hired a noted privacy campaigner to investigate Internet providers. It's part of a joint move with the Federal Trade Commission (FTC) to strengthen security and privacy measures in the communications ... industry. Jonathan Mayer has been hired as the FCC chief technologist in its enforcement division. In effect, he'll deal with the practical issues involved in deciding whether or not a company is following the law. It's a strong sign the commission intends to get tougher on company violations. New Appointee Exposed Google Trickery Mayer ... (view more)

Apple has told a court that it's impossible to access data in most iPhones and iPads without a password. It could lead to a legal standoff in the 'security versus privacy' debate. The comments came in a case involving a recently-seized iPhone. The ... United States Justice Department is unable to access the contents of the phone and has therefore asked the court to order Apple to help them gain access. In this specific case however, Apple is physically able to access the device's data because the phone itself is running a susceptible operating system (iOS version 7). Nonetheless, Apple has ... (view more)