Despite Microsoft’s slightly annoying tactics to push Edge, it is a soid web browser. One feature that sets it apart from Google Chrome is “Super Duper Secure Mode.” We’ll explain what this is and how you can use it.
As new technology emerges, cybersecurity protocols also evolve. However, there are some basic tips you should carry with you everywhere to stay better protected against cyber attacks. Here are some general rules to follow to stay safe in 2022.
This year marked a turning point for malicious attacks on computer systems, fueled by a rise in nation-state attacks and ransomware.
Why it matters: Once a worry mostly for IT leaders, the risk of a cyber intrusion is now a top concern for CEOs and world leaders.
Driving the news:
May’s Colonial Pipeline attack helped drive that message home, as did ransomware attacks on cities and hospitals — emphasizing the very real world impact that cyber attacks can have.
Meanwhile, the current Log4j flaw shows just how vulnerable our digital systems are. It’s a single piece of open source code, but it is used so broadly and the flaw so fundamental that it potentially opens nearly every business and government to attack.
The big picture: Evidence that cybersecurity has become the big issue abounds. Foreign Affairs devotes the current issue to the topic, while J.P. Morgan International Council identified it as the most significant threat facing businesses and government in a report released Thursday.
Between the lines: One can never permanently “win” the battle against malicious attacks, but it is possible to be losing the fight. 2021 definitely felt like a year in which the attackers had the upper hand.
The combination of cryptocurrency and ransomware has proven to be especially tough to fight as it is often in the business interests of a victim to pay up rather than take the risk of data loss or even a business disruption.
The rise in cyberattacks has also made for thorny diplomacy among nation states. With physical attacks, there has been a relatively clear line that acts as a deterrent, even for nations with significant conflicts. But in cyberspace, the division is murkier.
“The domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space,” former deputy director of national intelligence Sue Gordon and former Pentagon chief of staff Eric Rosenbach wrote in a Foreign Affairs piece.
“In trying to analogize the cyberthreat to the world of physical warfare, policymakers missed the far more insidious danger that cyber-operations pose: how they erode the trust people place in markets, governments and even national power,” argues Hoover Institution’s Jacquelyn Schneider, in another Foreign Affairs article. “Cyberattacks prey on these weak points, sowing distrust in information, creating confusion and anxiety, and exacerbating hatred and misinformation.”
What’s next: Leaders are calling for much tighter cooperation between businesses and governments as the key way to fighting back. Also needed, many say, is an international agreement on what is and isn’t permissible, in much the way the Geneva Convention sets limits on traditional warfare.
Yes, but: The U.S. government is still woefully short of workers with needed cybersecurity skills.
In an effort to keep certain at-risk accounts even more secure, Facebook is updating its Protect program and will soon force enrolled users to enable two-factor authentication (2FA). These accounts include politicians, human rights activists, journalists, and other high-profile users.
After a year filled with massive hacks and lord-knows how many exploits, you’d think we would all learn to be a bit—just a bit!—more cyber-savvy as 2021 comes to a close. But if this year’s list of the 200 most popular passwords is any indication, we’re just as dumb as we’ve ever been. Perhaps even dumber.
As much as 38 percent of the Internet’s domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com.
The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.
A lack of entropy
The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs.
We’ve started seeing some almost believable malware, popping up on our Android devices. Remember never to click on ANYTHING that pops up while you’re browsing the web, no matter how much it looks like it came from your operating system or phone vendor.
We got the scary virus warning below clicking on an article on a political website TheHill.com (repeatedly, alternating with another dubious click-hole). It references a “hacking event” with yesterday’s date, and there’s even a 3 minute countdown-to-disaster timer. (HURRY! You better click NOW!) They even throw in the phone model for good measure, and it looks like it could be from Samsung, or a notice of an Android update. Yeah. Could be. But…It isn’t.
Don’t be fooled. Never click on pop ups. When in doubt, just hit BACK.
says everyone can remove the password from their Microsoft account and use starting today. The company rolled out the option to enterprise users earlier this year.
Rather than having to remember a password or using , you’ll be able to use the Microsoft Authenticator app, Windows Hello, a security key or SMS or emailed codes. You’ll be able to sign in to services such as Outlook, OneDrive, Microsoft Family Safety, and even Xbox Series X/S without a password. Microsoft is rolling out the option to everyone over the next few weeks as it gears up for the .
Once you have installed the Authenticator app and linked it to your account, you can switch off your password. Go to your , then Advanced Security Options and Additional Security. From there, you can switch your account to a passwordless one. Then, follow the prompts and approve a notification on the Authenticator app to seal the deal.
You can re-activate your password at any time, but other login methods may be far more convenient and secure. Not only are passwords a cybersecurity minefield, they’re time-consuming to enter and, at best, annoying to deal with.
It’d be welcome to see other services ditch passwords if they can offer users alternative, secure methods of logging in. Until then, turn on two-factor authentication wherever possible, and get a password manager and use unique passwords for all of your accounts.