Like It Or Not... You Can't Disable Windows 10 Automatic Updates

windows-10-automatic-update

Windows 10 is all set to launch on July 29 and will also be available on USB drives for purchase in retail channels.

So, if you are planning to install Windows 10 Home, one thing you must keep in your mind – You wish or not, the software updates for Microsoft’s new operating system will be mandatory.

Microsoft is planning to make a significant change to its software update policy by "removing the option to DISABLE software updates in Windows 10 Home".

This clearly indicates that all users of Windows operating system must agree to allow Microsoft to install software updates automatically.

In Windows 8.1, users get four options for Windows Update's behavior, which include:
  • Download and Install Windows Updates Automatically
  • Download Windows Updates automatically but Choose when to Install them
  • Check for Updates but Choose when to Download and Install them
  • Never check for, Download, or Install Updates
From a Security point of view, the last option, i.e. never to download or install updates, is not at all recommended by either the company or the security experts. However, the option is still there if Windows users really need it.

In Windows 10, the options for Windows Update are cut to only two, which include:
  • Check, Download, Install, and Reboot automatically
  • Check, Download, Install automatically and then choose to Reboot
Here is the EULA to which you agree to when you accept the terms of the licensing agreement:
"Updates. The software periodically checks for system and app updates, and downloads and installs them for you. You may obtain updates only from Microsoft or authorized sources, and Microsoft may need to update your system to provide you with those updates. By accepting this agreement, you agree to receive these types of automatic updates without any additional notice."
If this happens with the launch of Windows 10, it would be a notable change in any version of Windows OS as Microsoft has talked about Windows 10's Windows-as-a-Service approach that will receive continuous updates.

Every software program needs frequent updates, but the ability of Windows users to permanently delay Windows software updates has made it difficult for Microsoft to keep its OS platform secure and up-to-date. And the only motive behind this change is to maintain the security of its users safe.

0 comments:

Hacker Earns 1.25 Million Free Frequent Flyer Miles On United Airlines


Hacker Earns 1.25 Million Free Frequent Flyer Miles On United AirlinesWhat if you get 1 Million Frequent Flyer Miles for Free? Yes, 1 Million Air Miles…

…I think that would be enough for several first-class trips to Europe or up to 20 round-trips in the United States.

Two Computer Hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding multiple security vulnerabilities in the Airline's website.

Back in May this year, Chicago-based 'United Airlines' launched a bug bounty program and invited security researchers and bug hunters to find and report security vulnerabilities in its websites, software, apps and web portals.

Jordan Wiens, a security researcher from Florida and one of two bounty winners, tweeted last week that he earned United Airlines' top reward of 1 Million Miles for finding a flaw that could have allowed a hacker to seize control of one of the airline's websites.

Wiens is not allowed to disclose the technical details regarding the vulnerabilities, but in an emailInterview with The Hacker News, Jordan Wiens told that he earned total 1,250,000 Million Frequent Flyer Miles under United Airlines' Bug bounty program.
  • One Million Miles for reporting a serious Remote Code Execution (RCE) vulnerability in the United Airlines website.
  • Another 250,000 Frequent Flyer Miles for finding few more vulnerabilities in its website, including an information leakage bug.
Wiens has also confirmed The Hacker News that the flaws he reported to the Airlines were remotely exploitable.
The question here is -- "Could any of these bugs let an attacker to steal users’ data or has any ability to directly impact the flight system?"
To which, Wiens replied, "Unfortunately I have no idea what I could have done with it because I didn't actually exercise the flaw and find out what restrictions might have been enabled server-side."
United spokesman Luke Punzenberger said, "We're confident that our systems are secure," and they have patched all the backdoors into their systems before hackers could find and exploit them.

In the Tech World, supporting and running a bug bounty program is a significant step forward for online security, and such initiatives will definitely cost the airlines less than hiring high-profile consultants.

0 comments:

NSA Releases Open Source Network Security Tool for Linux

NSA-network-security-tool
The United States National Security Agency (NSA) has released a network security tool for 
Government and the private sectors to help secure their networks against cyber attacks.

Dubbed Systems Integrity Management Platform (SIMP), the tool is now publicly available on the popular source code sharing website GitHub.

According to an official release from NSA, SIMP makes it easier for government organizations and the private sector to "fortify their networks against cyber threats."

SIMP aims at providing a reasonable combination of security compliance and operational flexibility, keeping networked systems compliant with security standards and requirements. It is considered to be a critical part of a layered, "defence-in-depth" approach to information security.
"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization," says the NSA.
Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01.

Is the NSA’s SIMP tool Backdoored?


The question here is not how much security NSA's tool offers, but the question is -- Shall we trust NSA tool?

Until now, the entire world is aware of the NSA’s Global surveillance practices. The internal data exposed by former contractor Edward Snowden shown the extent of surveillance and bulk data collection by NSA, which range from US citizens to leaders of allied governments.

Several US government officials, including the NSA Director Mike Rogers, outgoing US Attorney General Eric Holder, and the FBI director James Comey, have all suggested that major tech companies such as Apple and Google should provide law enforcement agencies special access to their users’ encrypted data, demanding secret backdoors.

Knowing this, one must think twice before adopting NSA’s latest SIMP tool. However, the security of a Linux is a massive subject and tools are used to provide additional security on a Linux computer. So, it is always important to choose a right tool.

After all, Your system’s greatest security lies in only your han

0 comments: