PossibleThreat Articles

Articles for the experts…

ComputerWorld

ComputerWorld Independent 

Galaxy users, take note: Samsung's probably selling your data

0 Comments , , , ,

Credit to Author: JR Raphael| Date: Wed, 22 Jan 2020 03:00:00 -0800

Relying on Google services, as most of us Android-carrying primates do, comes with a certain tradeoff. It’s no big secret or anything: Google makes its money by selling ads, which are more effective when they’re catered to our interests — the subjects we tend to search about, the things we buy (when Google knows about ’em, at least), and often even the places we go with our location-enabled phones in tow (and/or in toe, for the monkeys among us).

That’s all par for the course, as I frequently say — part of the deal we all accept when we use Google services. That’s what makes it possible for Google to give us top-notch apps for free, and it’s also what opens the door to certain advanced features that wouldn’t be possible without that information’s presence.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Don’t worry about CurveBall just yet — get your Citrix systems patched

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Tue, 21 Jan 2020 08:03:00 -0800

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.” 

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781. 

To read this article in full, please click here

Read more
ComputerWorld Independent 

Kadena launches a hybrid platform to connect public, private blockchains

0 Comments , , , ,

Credit to Author: Lucas Mearian| Date: Thu, 16 Jan 2020 12:10:00 -0800

Brooklyn-based spinoff Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Read more
ComputerWorld Independent 

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Fri, 17 Jan 2020 06:42:00 -0800

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor’s nine-year-old, even the bleeping NSA. It’s a little patch. Why not just install it and be done with it?

To read this article in full, please click here

Read more
ComputerWorld Independent 

Feds may already have found a way to hack into Apple iPhones

0 Comments , , , ,

Credit to Author: Lucas Mearian| Date: Tue, 14 Jan 2020 12:30:00 -0800

After Apple turned down a request by U.S. Attorney General William Barr this week to unlock two iPhones used by a terrorist suspect in a recent deadly shooting, the FBI appears to already have the tools needed to access the smartphones.

Apple turned down a request from U.S. Attorney General William Barr saying it would  not help unlock two iPhones used by the shooter, 21-year-old Mohammed Saeed Alshamrani. He is believed to have acted alone when he shot and killed three service members and wounded several others at the Naval Air Station in Pensacola, Fla. last month.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Kadena launches Chainweb, a hybrid platform to connect public, private blockchains

0 Comments , , , ,

Credit to Author: Lucas Mearian| Date: Thu, 16 Jan 2020 12:10:00 -0800

Brooklyn-based startup Kadena has launched a hybrid blockchain that can scale horizontally, enabling multiple electronic ledgers to talk to each other via smart contracts – and letting users transfer cryptocurrency between the chains.

Hybrid blockchains combine permissioned chains for businesses to transact in the background while connecting to a public blockchain (via an API) for consumers and others to make money transfers or access information about products moving across supply chains.

“Their hybrid blockchain model looks interesting, mainly because it enables interoperability via smart contracts that run on public chains and talk to/with private chains,” said Avivah Litan, a vice president of research at Gartner. “That way, enterprises can keep their private data and transactions limited to the private chain but benefit from the liquidity and cross-chain access available by leveraging smart contracts running on the public chain.”

To read this article in full, please click here

Read more
ComputerWorld Independent 

Windows 7 end of support: Separating the bull from the horns

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 13:20:00 -0800

No, Windows 7 isn’t dead.

No, you don’t need to buy a Win10 computer. 

No, you don’t need to upgrade.

No, you don’t need to install the latest Win7 patches right away.

No, Microsoft isn’t withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren’t disappearing.

No, your Internet Service Provider won’t kick you off your network for using Win7.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 07:26:00 -0800

Get ready for your local news station’s weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. “Remarkable” specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems.

To read this article in full, please click here

Read more