Posted on

Windows 10 October 2018 Update is back, this time without deleting your data

This message, shown during Windows upgrades, is going to be salt in the wound.

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound.

Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The update was withdrawn shortly after its initial release due to the discovery of a bug causing data loss.

New Windows 10 feature updates use a staggered, ramping rollout, and this (re)release is no different. Initially, it'll be offered only to two groups of people: those who manually tell their system to check for updates (and that have no known blocking issues due to, for example, incompatible anti-virus software), and those who use the media-creation tool to download the installer. If all goes well, Microsoft will offer the update to an ever-wider range of Windows 10 users over the coming weeks.

For the sake of support windows, Microsoft is treating last month's release as if it never happened; this release will receive 30 months of support and updates, with the clock starting today. The same is true for related products; Windows Server 2019 and Windows Server, version 1809, are both effectively released today.

Read 8 remaining paragraphs | Comments

Posted on

User Ignorance of Cloud Services Poses a Data Leak Challenge

Cloud-based online services are useful tools for many enterprises, allowing them to coordinate their teams, share information and enable discussions within groups. However, companies should be sharply aware of how they manage their privacy settings for these services before discussing business critical matters or uploading sensitive data. 
 
It seems that many Japanese organizations have learned this the hard way. A Japanese newspaper found more than 6,000 cases where public and private organizations exposed internal communications by using the default Google Groups privacy settings. Keeping the default settings allowed for public access to discussion threads rather than making them only accessible to pre-approved members. The newspaper found that hospitals and schools posted records on their patients and students and at least one political party exposed a list of its supporters. In fact, the newspaper itself admitted that its journalists made the same mistake, potentially revealing draft news reports and interview transcripts to the world. 
 
The Japanese government was also involved in this and admitted that officials accidently posted internal memos publicly simply because they used the wrong privacy settings for Google Groups online discussions. This included details on planned negotiations on an international mercury trade treaty along with discussions about this between Swiss and Norwegian environmental ministries. The Japanese environmental ministry’s spokesperson said that while the internal documents were not confidential, it has since taken corrective steps to protect its data. 
 
There have been cases in the past where, even if the cloud service provider has set its default settings to private, users seemingly inadvertently set them to public and exposed data. As a result, more than 12 thousand data buckets were uncovered and almost 2 thousand were visible to the public. The buckets included 126 billion files which included data from social networks, sales records, video game source code and unencrypted database backups. 
 
These cases show how easily sensitive data can be exposed simply by human error as opposed to  malicious attack. The fact that this error was so widespread is worrying and suggests that many simply assumed that their communications were private, rather than checking to see for themselves. Before using any communications tool, always check the privacy settings to ensure that everything is protected.