Nathan wants to know if there's any recourse if a company isn't protecting his passwords. Leo says in Europe they have the GDPR, but in the US the only real protection is through HIPPA in the medical field. Leo recommends talking to Brian Krebbs at Krebbs on Security and asking him how he should write a letter to warn them of their liability.
security and privacy
Tom uses DashLane for his password vault, and wants to know if their new VPN service slows him down. Leo says it can. He's essentially running a computer remotely, and it works with an encrypted tunnel. So, it can cause some latency as it works its way in and out of the tunnel. Not all VPNs are alike either. Some are faster than others, so he should check with DashLane to see how many servers they run. He also wants to be sure they don't log his use. Tom also doesn't like that he doesn't have the option to opt-out after they raised his monthly fee.
Brian travels a lot and would like to have a travel router to protect him from an open and unsecured internet. Leo says he uses one when he travels and it not only works as a firewall, but it also turns into a wireless hotspot for multiple devices. He uses one from TinyHardwareFirewall.com.
Don is worried that his network may be compromised because he uses a shared internet network in his office building. Leo says there may be a weak link with a point of entry that's a result of the building, but it should be locked down pretty well. Leo recommends getting an IT consultant to help run his internet access. Employees may actually be a bigger risk if they fall victim to phishing scams. An IT consultant can help train the employees to be on the lookout for scams.
Cotton has a 2013 MacBook Pro, and recently had to buy a battery from MacSales.com because it began to swell. He also replaced the SSD. He had to remove the battery with acetone because it was glued in. But after installing it, the laptop was dead. Leo says to head over to iFixIt.com and check out their instructions on replacing the battery in his laptop. He may have missed a step. But it's also very possible that Cotton may have shorted out something like a fuse.
John is worried about security on his new Windows laptop. Leo says to follow the archonym "UPDATE":
Patrick hears Leo talk about Lastpass a lot, but he wants to know if Apple's password vault is secure. Leo says that Apple uses Keychain and it's very secure. It only works on Apple devices, though. And with iOS12, Keychain does autofill.
(Disclaimer: Lastpass is a sponsor)
Dale is worried that his older iPad isn't safe to use anymore since he's stuck at iOS 11. Leo says not to worry. The iPad is secure no matter the age. It's sandboxed and as long as Apple continues security updates, which it will, it's more secure than a desktop.
Researchers have figured out that if you connect your iPhone to a computer, you can keep doing a brute force password attack to unlock it and that it should take about a day to open it. Leo says that this is with a four digit passcode, and a six digit passcode is a lot harder to crack.
The Supreme Court has also ruled that law enforcement cannot get cell phone location data without a warrant. The decision said that day to day movement data on a mobile device provides an intimate look at someone's activities, even to the point of violating privacy without a warrant.
Ron has messed up his Outlook. Now he can't see any images in the body of the email, and it won't download any graphics. Leo says that's a good thing! Outlook disables downloading jpgs by default because they can be hacked to include malware. That's called HTML email and it's a bad idea. So he'd have to opt-in to enable it, but Leo wouldn't. Plain text emails are always best. But if he really wants to, he can go into the Trust Center and change the settings.