June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.
Course Of The Month
2 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
OS Security
21K
Solutions
55
Articles & Videos
23K
Contributors
Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.
Share tech news, updates, or what's on your mind.
Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.
South Korean web host pays largest ransomware demand ever.
https://www.cnet.com/news/largest-ransomware-ever-demand-south-korea-web-host/
https://www.cnet.com/news/largest-ransomware-ever-demand-south-korea-web-host/
Active 1 day ago
why to pay 1 Million, if you can do the same thing in a very less bucks.. http://bit.ly/2rJTnVj
Drew Frey writes articles on cyber security and ransomware protection. Follow him if you're interested in seeing new articles in those topics.
https://www.experts-exchange.com/members/Drew-Frey.html
https://www.experts-exchange.com/members/Drew-Frey.html
UpGuard's cyber risk analyst, Chris Vickery, discovers 198 million US voting records in an Amazon S3 bucket freely available online. One particular spreadsheet also calculates the voters probabilities for situations such as "how likely you are to have voted for a certain presidential candidate". This breach is another reminder of how important personal data security is.
A recent post by Brian Matis motivated me to make this alternate post to see what sort of reaction others might have about these recent revelations.
A recent article on The Verge claims that "The older operating system was less vulnerable that anyone expected"
Windows XP computers were mostly immune to WannaCry
Another article from the same source claims "Windows XP was ‘insignificant,’ researchers say" with regards to helping the WannaCry outbreak spread.
"Almost all WannaCry victims were running Windows 7"
Lots of folks (from their perspective) with a genuine need to keep running on Windows XP suffered a lot of grief in Tech forums as being one of the root causes of giving WannaCry a platform to spread and thrive from, yet now it appears all the criticism may have been a little premature and unjustified.
For the record, I personally don't condone anyone using unsupported operating systems and actively encourage everyone I deal with to get themselves up to date, but I am also sympathetic to those who feel they have a genuine need to do that, so also think they shouldn't be …
A recent article on The Verge claims that "The older operating system was less vulnerable that anyone expected"
Windows XP computers were mostly immune to WannaCry
Another article from the same source claims "Windows XP was ‘insignificant,’ researchers say" with regards to helping the WannaCry outbreak spread.
"Almost all WannaCry victims were running Windows 7"
Lots of folks (from their perspective) with a genuine need to keep running on Windows XP suffered a lot of grief in Tech forums as being one of the root causes of giving WannaCry a platform to spread and thrive from, yet now it appears all the criticism may have been a little premature and unjustified.
For the record, I personally don't condone anyone using unsupported operating systems and actively encourage everyone I deal with to get themselves up to date, but I am also sympathetic to those who feel they have a genuine need to do that, so also think they shouldn't be …
Active 2 days ago
We have too many XP computers at my institution (some with only SP2) - mostly due to budgets and instrumentation.
Active today
Hi Thomas,
Have you considered purchasing an XP Updates agreement with Microsoft? Might be an easier solution if budget restraints prevent you from upgrading? I wouldn't feel comfortable with a lot of XP machines in an environment as it would be a case of when, not if, it will come back to bite you. Patches are available, just at a cost.
Incidentally, SP3 for XP is still provided by Microsoft - why not install it?
Steps to take before you install Windows XP Service Pack 3
How to obtain Windows XP Service Pack 3 (SP3)
Cheers..
Have you considered purchasing an XP Updates agreement with Microsoft? Might be an easier solution if budget restraints prevent you from upgrading? I wouldn't feel comfortable with a lot of XP machines in an environment as it would be a case of when, not if, it will come back to bite you. Patches are available, just at a cost.
Incidentally, SP3 for XP is still provided by Microsoft - why not install it?
Steps to take before you install Windows XP Service Pack 3
How to obtain Windows XP Service Pack 3 (SP3)
Cheers..
NYS 20th Annual Cyber Security Conference
I will be attending this conference in Albany, N.Y. this Wednesday and Thursday. If you are going to be there, ley me know (maybe we can meet).
Over the years I have become more involved in security related areas of information technology. I hope to learn more/ keep up to date by attending this conference.
I will be attending this conference in Albany, N.Y. this Wednesday and Thursday. If you are going to be there, ley me know (maybe we can meet).
Over the years I have become more involved in security related areas of information technology. I hope to learn more/ keep up to date by attending this conference.
Active today
That sounds great, Thomas! I'm a huge fan of the Socratic method (to the point where I get worried some people may try to poison me one day... j/k ;-) And thinking strategically about anything can be quite a challenge, but an increasingly important one as more and more of the tactical type work is moving entirely into automation.
Not familiar with Bloom's Taxonomy; I'll have to go look that one up...
Looking forward to the summary!
Not familiar with Bloom's Taxonomy; I'll have to go look that one up...
Looking forward to the summary!
Active 2 days ago
My summary of the 20th Annual New York State Cyber Security Conference & 12th Annual ASIA conference
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal. If those do not apply to you, this conference may have limited application as well.
I did enjoy putting some faces to people I had only corresponded with. I also wanted to hear as much as possible about ransomware (these presentations turned out to be only okay), and cryptography (not a gripping presentation – it was a presentation of thesis work and ongoing research – but nonetheless very interesting). They did a good job of setting you up for the days events with a decent Keynote speaker. The lunch speakers were not as polished, but did have good things to say.
I enjoyed going around to the vendors , even if their swag was not class A stuff. (some had excellent stuff while others had none – the full gamut)
I have to say again that the highlight of the conference, for me, was the very non-technical, and only slightly security related talk by Christie Struckman of the Gartner Group, session 4 on the first day. I would encourage anyone in a leadership position to check it out. I have asked for her slides and will try to make a pdf of them available if she is amenable to that. My takeaway on that talk was: There are leaders and there are Bosses. The leaders help their teams think about solutions and then make decisions, the bosses make decisions and tell their teams to carry them out. I think the quote she used at the beginning was excellent:
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal. If those do not apply to you, this conference may have limited application as well.
I did enjoy putting some faces to people I had only corresponded with. I also wanted to hear as much as possible about ransomware (these presentations turned out to be only okay), and cryptography (not a gripping presentation – it was a presentation of thesis work and ongoing research – but nonetheless very interesting). They did a good job of setting you up for the days events with a decent Keynote speaker. The lunch speakers were not as polished, but did have good things to say.
I enjoyed going around to the vendors , even if their swag was not class A stuff. (some had excellent stuff while others had none – the full gamut)
I have to say again that the highlight of the conference, for me, was the very non-technical, and only slightly security related talk by Christie Struckman of the Gartner Group, session 4 on the first day. I would encourage anyone in a leadership position to check it out. I have asked for her slides and will try to make a pdf of them available if she is amenable to that. My takeaway on that talk was: There are leaders and there are Bosses. The leaders help their teams think about solutions and then make decisions, the bosses make decisions and tell their teams to carry them out. I think the quote she used at the beginning was excellent:
"Microsoft has done the right thing by making the patch available even for older, unsupported systems. But it shouldn't proactively push out the patches, as there are usually some business reasons why companies are still running old and unpatched systems," he said.
"By forcefully pushing a patch, it could do just as much harm, causing systems and applications to become unreliable."
http://www.techrepublic.com/article/why-patching-windows-xp-forever-wont-stop-the-next-wannacrypt/
"By forcefully pushing a patch, it could do just as much harm, causing systems and applications to become unreliable."
http://www.techrepublic.com/article/why-patching-windows-xp-forever-wont-stop-the-next-wannacrypt/
The global technology community is grateful for Marcus Hutchins and his team of tech professionals for their genius download of the malware domain and sinkhole use to stop the international Ransomware attack. The media is calling him an accidental hero, but we will continue to refer to him as an expert! However, as stated by Hutchins, this sinkhole is only a fix to one sample of the WannaCry attack. To protect yourself from further attacks, please patch your systems as soon as possible. More on the specifics of both the fix and the WannaCry Ransomware attack found in this link.
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
Threat Trends for MSPs to Watch
See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.
Security Patches - To Patch or Not to Patch? - That is the question!
https://www.experts-exchange.com/articles/29615/Security-Patches-To-Patch-or-Not-to-Patch-That-is-the-question.html
https://www.experts-exchange.com/articles/29615/Security-Patches-To-Patch-or-Not-to-Patch-That-is-the-question.html
btan updated his Ransomware article with points about the recent WCry ransomware. See FAQ #7, #9 and #10.
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html
Organizations in 99 countries are being targeted and hacked by “WannaCry” ransomware, which takes advantage of a Microsoft vulnerability. If you haven’t already, install the official patch (MS17-010) to close the affected SMB Server vulnerability.
https://www.nytimes.com/2017/05/12/world/europe/international-cyberattack-ransomware.html
https://www.nytimes.com/2017/05/12/world/europe/international-cyberattack-ransomware.html
A 700% increase in malware (yes, you read that right) is not cool for us Apple Geeks, "The McAfee report said there were 460,000 malware instances affecting the Mac OS in the fourth quarter of 2016, an over 700% jump from the previous year during the same quarter."
Active today
Great Scott!
Alright, that was an 80's interjection but I still used it right through the 90's (I'm a geek, so give me a break). ;)
I do remember the Zip Drive (one is lurking somewhere in my attic).
Touching upon your story, that's pretty awesome! Finding Mac malware back then would have been like finding a golden Easter egg containing Willy Wonka's golden ticket (I know it was a candy bar and not an Easter egg, lol), or the ever elusive star on the Native American's bow and arrow on the Tootsie Pop wrapping. Remember when you could turn those in for another Tootsie Pop?
During your travels did you happen to run into an old TRS-80? Besides the Apple II, I loved/hated that old monchrome beast.
All of this said, you make a good point in that malware for Macs has always been around (albeit in smaller numbers).
Now I have Huey Lewis & The News stuck in my head. Thanks Brian! Lol. Hip to be Square!
Alright, that was an 80's interjection but I still used it right through the 90's (I'm a geek, so give me a break). ;)
I do remember the Zip Drive (one is lurking somewhere in my attic).
Touching upon your story, that's pretty awesome! Finding Mac malware back then would have been like finding a golden Easter egg containing Willy Wonka's golden ticket (I know it was a candy bar and not an Easter egg, lol), or the ever elusive star on the Native American's bow and arrow on the Tootsie Pop wrapping. Remember when you could turn those in for another Tootsie Pop?
During your travels did you happen to run into an old TRS-80? Besides the Apple II, I loved/hated that old monchrome beast.
All of this said, you make a good point in that malware for Macs has always been around (albeit in smaller numbers).
Now I have Huey Lewis & The News stuck in my head. Thanks Brian! Lol. Hip to be Square!
Very soon your Mac will recognize your face.
Biometrics isn't perfect, but it's better than other forms of authentication. Enjoy the read everybody.
Biometrics isn't perfect, but it's better than other forms of authentication. Enjoy the read everybody.
OS Security
21K
Solutions
55
Articles & Videos
23K
Contributors
Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.
Top Experts In
OS Security
-
1
masnrock9,132 points
-
2
McKnife6,587 points -
3
btan6,020 points -
4
Shaun Vermaak5,980 points -
5
David Johnson, CD, MVP3,160 points -
6
irweazelwallis2,800 points -
7
Vitor Montalvão2,600 points -
8
Natty Greg2,300 points -
9
arnold2,200 points
-
10
oBdA2,000 points
-
11
ktaczala2,000 points -
12
Mike T2,000 points
-
13
Jackie Man1,924 points -
14
John Hurst1,472 points -
15
Allan Nisbet1,000 points -
16
Wayne88800 points -
17
ChopOMatic680 points -
18
Seth Simmons600 points -
19
dbrunton500 points -
20
Satish Auti500 points -
21
compdigit44500 points
-
22
Thomas Zucker-Scharff500 points -
23
Ramin500 points -
24
Jawahar Eswaramoorthy500 points -
25
Gerwin Jansen, EE MVE332 points