Microsoft Surface Pro 3: Firmware update available
Surface Pen Settings driver update (v3.0.64.0) enables new functionality and features for the Surface app found in the Windows Store. You can install this update from Windows updates on your Surface.
Microsoft Patch Tuesday: Fourteen Security patches
Microsoft issued 14 security bulletins for March 2015, five of which are rated as critical. Among them is the security fix for FREAK (also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2015-0204) is the latest flaw to be found in SSL/TLS, and could allow unauthorized parties – such as malicious hackers or intelligence agencies – to spy upon your secure internet communications.
Source: Microsoft
Personal Mobile Devices with access to corporate networks should be secured
Your employees phone and or tablet more than likely has access to their corporate email account. In many cases they have access to corporate documents in the cloud or via VPN.
The simple act of enabling a password or PIN number on a phone can save you a tremendous amount of hassle. This is the simplest front line of defense. While people don’t deliberately forget their phone in a public restroom, gym, or restaurant, we all know it happens. So, make sure you have the appropriate device lock in place, either a pin code, or screen pattern lock. If you have a pattern lock (this is where you join the dots to unlock your phone) make sure you wipe the screen to avoid leaving smudges that can reveal your pattern. (We actually recommend not using a pattern lock for this reason).
On iOs (Varies slightly by version) Click on Settings, General and Passcode Lock (you may have to scroll down a bit). This will bring you to the Passcode Lock menu, although if you already have a PIN or password set, you’ll have to input it first.
Turn Passcode On is the first and most tempting option here, but don’t click on it yet. First, you have to make a decision: Do you want a four-digit PIN, or a more complex alphanumeric password? If four digits suit you fine, ensure that Simple Password is turned on. If not, leave it off.
Although a PIN has fewer characters than a password, it’s generally just as hard for a casual thief to guess.
While a four-digit PIN has only 10,000 possible combinations, a long alphanumeric password of 10 or more digits that includes upper- and lowercase letters, numbers and punctuation marks will have trillions.
Android can be a bit more complex as there are an almost endless variety of devices with vendor specific “skins” and security settings. Generally however you will find a setting called Lock Screen under settings.
Important to note with Android; there are many lock screen replacements available and many include their own lock methods. There are programs that run and many can be circumvented more easily than the operating systems locks and their locks should be avoided.
Chrome 41 Released: 51 security fixes
Chrome 41 was released to channel for Windows, Mac and Linux on Tuesday, including 51 security fixes, many deemed high in severity.
Source: Chrome blog
Microsoft Office 2016 Preview for Mac available
Mac users have always been running a version or so behind. With the recent release of Office 2016 Preview for Windows the rumors were that a version for Mac was being developed and Office 2016 would finally bring the two platforms in sync.
Today Microsoft has released the Office 2016 Preview for Mac. Office 2016 for Mac includes new versions of Word, Excel, PowerPoint, Outlook and OneNote. While we have not had a chance to test these applications, this like the Windows preview should not be used in a production environment.
Source: Microsoft
FREAK fix for Apple devices due within a week for iOs and OSX
Apple has mentioned to multiple sources today that patches for their operating systems are in the works and should be released in under a week, possibly as early as Monday the 9th.
FREAK SSL flaw; Apple and Google prepare patches
Researchers have disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered.
A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites. A list of know affected domains is below.
Office 365: Microsoft extending deleted item retention time
Microsoft has announced that they are extending the period in which it retains deleted emails in Office 365. Currently if you moved an email to the Deleted folder, it will permanently after 30 days. This has now been extended to indefinitely by default and can be set by the Office 365 Administrator. Office 365 Administrators can also create custom retention policies for email if they want the information to truly delete.
Source: Microsoft
capitalregionit 