By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Having your identity stolen can be a nightmare, and cleaning up the mess can take months. You can make life difficult for a would-be identity thief by locking down these five key aspects of your online life. What happened to my ZDNet colleague Matthew Miller this month is the stuff nightmares are made of. The title pretty much says it all: "SIM swap horror story: I've lost decades of data and Google won't lift a finger." In Matthew's case, hackers were able to convince T-Mobile to issue a replacement SIM that gave them access to his primary phone number. That, in turn, allowed them to reset passwords on his Gmail account, which pretty much gave them unfettered access to his entire identity. They then proceeded to shut down his Twitter account, wipe out everything associated with his Google account, and even access his online banking accounts. As I read Matthew's story, I had flashbacks to a similar incident that happened to Mat Honan back in 2012. Honan, who's now San Francisco Bureau Chief for Buzzfeed, documented his excruciating experience at the time in a memorable Wired article: "How Apple and Amazon Security Flaws Led to My Epic Hacking." The lesson from both of these horrifying experiences is that your primary phone number and your primary email address are far more valuable than you think. As our reliance upon online services grows, these two data points are extremely common means of authentication. If either one is compromised, an attacker can do bad things. And if those two factors are tied too closely together, it's game over for your online identity. You don't have to be the next victim. With a little effort (and, yes, a little expense), you can lock down the security of crucial online services. Follow these five guidelines and you can make life extremely difficult for a would-be identity thief. Fight hackers with 5 security safeguards we have posted on OUR FORUM.

Back in the day, Microsoft seemingly kept a long list of enemies otherwise known as competitors, as the company’s product portfolio grew in ambition. However, the days of vindictive and arguably petty Microsoft seem to be behind the company as it’s enemies list shrinks and its collaboration roster expands, yet, there are still a few areas in where the company keeps a healthy competitive nature and to that end, some software, services, and companies remain on a figurative and literal blacklist. According to a report from GeekWire, not only does Microsoft have a figurative blacklist, there is a literal blacklist of products that have been obtained and services from the following companies are frowned upon in internal use by the Redmond-based software company including obvious names such as Amazon Web Services and Kaspersky as well as a few head-scratchers in Grammarly and GitHub. Perhaps, the most noteworthy exclusions come from recent IPO darling Slack, to which Microsoft offers a competitor product in its Teams communication service. Unlike its more neutral stance on cross-platform usage and development, Microsoft seems to be taking an active roll in discouraging and even prohibiting the use of Slack by company employees.  We have some of this prohibited software posted on OUR FORUM.

Google will not be launching a sequel to last year’s Pixel Slate tablet, according to Business Insider and Computer World, and will instead focus its Chrome OS hardware efforts on traditional laptop devices like the Pixelbook. “For Google’s first-party hardware efforts, we’ll be focusing on Chrome OS laptops and will continue to support Pixel Slate,” a spokesperson told Business Insider. Translation: you can expect the Slate to continue to receive software and security updates for several years to come — but there won’t be a Pixel Slate 2. Rick Osterloh, who leads Google’s hardware business, confirmed as much on Twitter on Thursday afternoon. Google went so far as to reveal that it has axed two in-development tablet products, moving the employees who had been working on them to other areas of the company. (Most have apparently joined the Pixelbook team.) The tablets were both smaller in size than the Pixel Slate and were planned for release “sometime after 2019.” But disappointing quality assurance testing results led Google to completely abandon both devices. Google informed employees of its decision on Wednesday. The Pixel Slate received largely mediocre reviews when it went on sale last year. Google earned praise for the device’s hardware design, but the software felt unfinished — Chrome OS has yet to really feel at home on a tablet — and lower-priced versions of the Slate suffered from extremely sluggish performance and lag. Google has resolved some of those issues with updates, but more than anything else, the company might have realized that taking on Apple’s iPad was going to be a losing battle. Follow this thread on OUR FORUM.

Microsoft might be adding an Office app key to physical keyboards for Windows 10 PCs or laptops. In addition to the Windows key, the future keyboards from Redmond may also come with a dedicated Office key that will let you access Microsoft’s Office suite and associated shortcuts. Like the Windows key, a dedicated Office key may help users quickly launch the productivity suite. An internal survey about Office key was also spotted online to determine the usefulness of an Office key on PC keyboards. The idea hasn’t been finalized yet and Microsoft’s form is gathering suggestions or feedback from users. The feedback form is for users (?employees) who have experimented with keyboards that have a dedicated Office key. Microsoft has also included a concept image of the key on a keyboard. As per the concept render, the Office key would be located next to the alt key on the left side. If such a key is introduced, the new layout of the keyboards could be – Windows Key, Alt, Office key and Space bar. The form, which is part of an internal survey at Microsoft, also gives us a little bit of insight into the new keyboard key. The Office key would introduce new shortcuts on Windows and you’ll be able to launch a particular Office app with a keyboard combo. For instance, Office Key + W and Office Key + P will launch Microsoft Word and PowerPoint respectively. If the idea is brought to production, the manufacturers have to dedicate more space to integrate this button into the existing keyboard layout. Get a better perspective by visiting OUR FORUM.

Microsoft issued a warning over the weekend about an active Linux worm that is targeting a recently disclosed Linux Exim mail server vulnerability. Though existing mitigations exist to block the worm functionality of this infection, Microsoft states that Azure servers can still be infected or hacked through this vulnerability. Exim is a very popular mail server software, or message transfer agent (MTA), that is used to send and receive an email for its users. Recently, the CVE-2019-10149 vulnerability was discovered in Exim 4.87 to 4.91 that allows attackers to remotely execute commands on a vulnerable server. Last week, Amit Serper of CyberReason discovered an active worm utilizing this vulnerability to infect Linux servers running Exim with cryptocurrency miners. The worm would then utilize the infected server to search for other vulnerable hosts to infect. In an article posted Saturday, the Microsoft Security Response Center (MSRC) confirms that they have detected this worm targeting Azure customers. "This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91," stated a blog post by  JR Aquino, a Microsoft manager in Azure Incident Response. "Azure customers running VMs with Exim 4.92 are not affected by this vulnerability," Microsoft warns, though, that even though the worm functionality is being mitigated, it does not mean that vulnerable Azure server is protected from the remote code execution vulnerability and could still be infected or hacked. Complete details are posted on OUR FORUM.

Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees' email accounts. All three universities — Graceland University, Oregon State University, and Missouri Southern State University — have notified the individuals whose personal information was potentially stolen or accessed about the security incidents. In addition, no evidence has been found of the impacted personal information being stolen or used in a malicious manner while investigating the disclosed data privacy incidents involving all three universities. As the university discovered during the breach investigation, "the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access." As the university discovered during the breach investigation, "the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access." After analyzing the contents of the impacted Office 365 accounts, MSSU found that the emails contained within stored "first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers." We have named all 3 universities and have their comments posted on OUR FORUM.

 

GTranslate