Microsoft rolling out two-factor authentication

There have been hints for the past week-plus -- courtesy of Liveside.net -- that Microsoft was poised to roll out two-factor authentication for its Microsoft Accounts. On April 17, Microsoft did just that.

The company is calling this security process "two-step verification." Microsoft is making available two-step verification across all products and services accessible via a Microsoft Account. This includes Windows, Windows Phone, Xbox, Outlook.com, SkyDrive, Office, and more. The rollout will be happening over the "next couple of days," according to the company.

(Microsoft Account is the new name for Microsoft's Live … Read more

Targeted cyberattacks jump 42 percent in 2012, Symantec says

Internet users are seeing less spam but more targeted attacks, according to security software company Symantec.

Looking at last year's security landscape, Symantec's Internet Security Threat Report 2013 found that traditional spam accounted for 69 percent of all e-mail in 2012, down from 75 percent in 2011. Yet, 30 billion spam messages are still sent on a daily basis.

Junk e-mails that hawk sex or dating products and services now account for 55 percent of all spam, taking the top spot away from pharmaceutical spam.

Malware is also part of one out of every 291 e-mail messages, with … Read more

Hacker celeb 'Mudge' joins Google after DARPA

Peiter "Mudge" Zatko, who was hired three years ago to be a project manager at the U.S. Department of Defense's research and development division known as the Defense Advanced Research Projects Agency, has announced via Twitter that he's returning to the private sector with Google.

In his new role at Google, The Security Ledger reports, Zatko will be working in an unspecified role with Motorola Mobility's Advanced Technology and Projects division, reporting to Regina Dugan. Dugan is also new to Google, hired last month away from her position as director of DARPA.

Given what … Read more

McAfee, NIST partner to boost U.S. cyberdefenses

Security firm McAfee is working with the National Institute of Standards and Technology to try to shore up America's defenses against cyberthreats.

McAfee announced today that the company is now part of the the National Cybersecurity Excellence Partnership and will join cybersecurity professionals from both the private and public sector to tackle the escalating problem of computer-based threats.

The partnership is part of the National Cybersecurity Center of Excellence, which is hosted by NIST in collaboration with the state of Maryland and Maryland's Montgomery County.

Launched in February 2012, the center has a particular slant toward sharing technology … Read more

Microsoft pulls security update over software conflicts

A security update issued by Microsoft on Tuesday isn't playing nicely with other software, prompting Microsoft to pull it from its download center.

Dustin Childs, group manager of Microsoft Trustworthy Computing, revealed the problem in a blog post late yesterday:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We've determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the … Read more

Guantanamo legal files mysteriously disappear from PCs

In an institution already cloaked in mystery, puzzling happenings seem to be afoot at Guantanamo Bay prison.

Not only have many legal files suddenly disappeared from the defense team's computers, but also hundreds of thousands their documents have landed on the prosecution's computers, according to Reuters. This debacle has caused several pretrial hearings in the prison's military tribunals to be delayed.

It's not clear how the files vanished or if there was any illegal action behind the disappearance. It could have been a simple computer blip, IT issues, a security breach, hackers, or one of the … Read more

Microsoft fixes two critical flaws for April's Patch Tuesday

Microsoft has released two critical security updates for Windows and Internet Explorer as part of its latest round of Patch Tuesday updates. 

Included in the patches are seven important updates for Office, SharePoint, and Windows Server products, which are hitting the usual update channels today.

The first critical bulletin affects versions of Internet Explorer 6 and above on Windows XP, Windows Vista, and Windows 7. It also affects Internet Explorer 10 on Windows 8 and Windows RT-based tablets.

It addresses two separate flaws, one that allows remote code execution -- such as a malware injection -- if an affected … Read more

Prepare for and respond to a lost or stolen smartphone

How bad is the smartphone-theft epidemic? San Francisco District Attorney George Gascon accuses phone companies of profiting from stolen phones, as Michael Scherer reported last month on Time's Swampland site. Gascon is one of several leading law-enforcement officials calling for carriers to be required to implement technology that permanently deactivates stolen phones. It is simply too easy for thieves to resell smartphones.

One year ago, the major cellphone services announced via the CTIA Wireless Association plans to create a database "designed to prevent GSM smartphones reported as stolen from being activated or provided service." The database was … Read more

Microsoft to add dual-factor sign-on security 'soon': report

Microsoft will toughen up its products' security by adding dual-factor authentication "soon," according to a report today by Liveside.net.

Judging by details in the Microsoft-focused blog, the approach closely mirrors what Google did years ago: authorization requiring both a password (the first factor) and a special six-digit code retrieved from an authenticator app on a person's smartphone (the second factor). The smartphone code changes frequently so it can't be used for long.

Microsoft offered only this comment today: "Security and privacy is a priority for Microsoft, however we have nothing new to share at … Read more