News update–2016-08-08

I have the nastiest habit of finding tidbits, then writing a little blurb about them, and never ever posting them. You see, the idea is to make it a regular feature of the site, I mean, we can’t all read every bit of news, right?

These are still pretty good, although they were from early July.

Federal Government releases their strategies to recruit new CyberSecurity talent (Link to FedScoop)

“The government has hired 3,000 people for cyber security jobs in the first half of the current fiscal year”, and plan on hiring 3,500 more before year end.

There’s even a Scholarship for Service (SFS) program called CyberCorps offering scholarships, and stipends, funded through the National Science Foundation.

After graduation you have to work for a Government Agency, or if approved, a State, Local, Tribal or Territorial Government, or a Federally Funded Research and Development Center, in a position related to cybersecurity. You have to work for them for a period equal to the length of the scholarship, with each academic year equaling one calendar year.

Intel is planning on selling “Intel Security” (formerly McAfee). (Link to Knowbe4.com)

Evidently Brian Krzanich, Intel’s CEO, thinks that antivirus is crap. He’s not the first to say so, with so many new variants of malware popping up, AV companies are having a hell of a time keeping their signatures up to date.

Court Rules that Microsoft can’t be forced to turn over emails stored abroad. (Link to The Guardian)

Will companies move emails all around the world? Does this set the stage for a neutral country to set up some sort of data service?

Flaw in Windows allows attackers to gather Usernames and Passwords

Zach Whittaker points out a scary flaw in Windows that allows malicious URLs to gather usernames and passwords of Microsoft accounts. The title of the Article is “Microsoft won’t fix Windows flaw that lets hackers steal your username and password

Evidently the flaw was discovered in 1997, and relies on Internet Explorer and Edge allowing users to access network shares. When attempting to access a share, those browsers silently sends the username and hashed password.

Of course, since Windows 8 began allowing users to sign in using their Microsoft accounts, the username and password which is sent is the user’s live account info.

How can the danger from this be reduced?

  1. Don’t follow bad URLs in emails. – Yes, this is always going to be hard to follow especially if you’re responsible for a large user base.
  2. Use strong passwords. – Please tell me that this is how you handle passwords these days.

Microsoft said that they are “aware of this information gathering technique” and that “if needed, we’ll take additional steps”.