Google will review web apps that want access to its users’ data

In response to recent attacks where hackers abused Google’s OAuth services to gain access to Gmail accounts, the company will review new web applications that request Google users’ data.

To better enforce its policy regarding access to user data through its APIs (application programming interfaces), which states that apps should not mislead users when presenting themselves and their intentions, Google is making changes to the third-party app publishing process, its risk assessment systems and the consent page it displays to users.

Google is an identity provider, which means other web apps can use Google as the authentication mechanism for users accessing the app. Apps use the OAuth protocol to do this. These apps can also use Google’s APIs to send users requests for information stored in Google’s services.

To read this article in full or to leave a comment, please click here

PCWorld News

Old Windows PCs can stop WannaCry ransomware with new Microsoft patch

Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8—all of them operating systems for which it no longer provides mainstream support.

Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.

The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.

To read this article in full or to leave a comment, please click here

PCWorld News

Microsoft fixes 55 flaws, 3 of them exploited by Russian cyberspies

Microsoft released security patches Tuesday for 55 vulnerabilities across the company’s products, including for three flaws that are already exploited in targeted attacks by cyberespionage groups.

Fifteen of the vulnerabilities fixed in Microsoft’s patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company’s anti-malware products.

System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system.

To read this article in full or to leave a comment, please click here

Computerworld

We’ve gotten our first look at an Echo with a built-in screen, and it’s straight out of 2005

PCWorld News

Patch to fix Intel-based PCs with enterprise bug rolls out next week

Next week, PC vendors will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack.   

Intel on Friday released a new notice urging clients to take steps to secure their systems.

The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.

In addition, vendors including Fujitsu, HP, and Lenovo have released lists showing which products are affected and when the patches will roll out. 

To read this article in full or to leave a comment, please click here

PCWorld News