Stories by Gregg Keizer

Microsoft extends Windows 8.1 Update migration deadline for business

By Gregg Keizer | 17 April, 2014 20:49

Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.

Microsoft slashes Windows XP custom support prices just days before axing public patches

By Gregg Keizer | 17 April, 2014 00:08

Just days before Microsoft retired Windows XP from public support, the company drastically reduced the price of custom support agreements that give large companies and government agencies another year of XP patches, experts reported today.

Microsoft drags customers 'kicking and screaming' into its world of faster updates

By Gregg Keizer | 11 April, 2014 06:35

Microsoft's demand that Windows 8.1 users install this week's major update was another signal that the company is serious about forcing customers to adopt its faster release strategy, experts said today.

Apple patches Safari's Pwn2Own vulnerability, two-dozen other critical bugs

By Gregg Keizer | 02 April, 2014 22:13

Apple on Tuesday patched the security vulnerability in Safari that was successfully exploited at last month's Pwn2Own hacking contest, where a team cracked the browser to win $65,000.

Newest bug bounty touts $10K rewards, appeals for help in finding Flash flaws

By Gregg Keizer | 23 March, 2014 18:39

A new entry in the cash-for-bugs business, the Internet Bug Bounty, recently paid out its first $10,000 rewards.

Researchers pocket record $400K at Pwn2Own hacking contest's first day

By Gregg Keizer | 13 March, 2014 11:55

Researchers cracked Microsoft's Internet Explorer 11, Mozilla's Firefox and Adobe's Flash and Reader at the Pwn2Own hacking contest, earning $400,000 in prizes, a one-day record for the challenge.

Perspective: Microsoft risks security reputation ruin by retiring XP

By Gregg Keizer | 10 March, 2014 13:47

A decade ago, Microsoft kicked off SDL, or Security Development Lifecycle, a now-widely-adopted process designed to bake security into software, and began building what has become an unmatched reputation in how a vendor writes more secure code, keeps customers informed about security issues, and backs that up with regular patches.

Defining how a no-holds-barred Russia-Ukraine cyberwar would play out

By Gregg Keizer | 06 March, 2014 20:06

With some opening shots in a cyber component to the war of nerves in the Ukraine already fired, security analysts today offered a look at how a full-fledged cyberwar in the region would unfold.

Microsoft reaches RTM milestone for Windows 8.1 update

By Gregg Keizer | 05 March, 2014 15:30

Microsoft has reached a critical milestone for its next update to Windows 8, which is slated to ship early next month, according to reports.

Bug bounty operator presses vendors to pick up patching pace

By Gregg Keizer | 28 February, 2014 13:24

Citing the need to prod software vendors to patch vulnerabilities even faster, Hewlett-Packard's bug bounty program said it was shortening its patch-or-go-public policy to 120 days.

Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks

By Gregg Keizer | 26 February, 2014 14:06

Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system.

Apple patches critical 'gotofail' bug with Mavericks update

By Gregg Keizer | 25 February, 2014 21:05

Apple today updated OX Mavericks, plugging the embarrassing security hole the Cupertino, Calif. company left wide open in the operating system's implementation of basic Internet encryption.

German security firm offers unauthorized patch for critical encryption bug in OS X Mavericks

By Gregg Keizer | 24 February, 2014 22:35

A German security company has released an unauthorized patch for Apple's OS X Mavericks that it claimed closes the hole the Cupertino, Calif. giant left wide open in the operating system's implementation of basic Internet encryption.

Researcher claims two hacker gangs exploiting unpatched IE bug

By Gregg Keizer | 19 February, 2014 11:40

Two different hacker groups are exploiting the same still-unpatched vulnerability in Internet Explorer (IE) with almost-identical attack code, a security researcher said Tuesday.

Mozilla's top exec defends in-Firefox ads, revenue search

By Gregg Keizer | 16 February, 2014 12:34

The chairwoman of Mozilla Foundation, the non-profit that funds the development of Firefox, is defending the decision to pursue in-browser ads, saying that it's important to generate revenue.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Security and Compliance Solutions

Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.