Jim ran GRC Shields Up scanner on his router and he discovered that port 443 was open, not stealth. Is he vulnerable? Leo says you have to have port 443 to run on the internet, but it should be in "stealth mode." You'll also want to find out what's using it. NetStat will help you determine that. Wireshark will also do that. His fan is also running a lot. Leo says that may mean your computer is getting hotter. Probably needs to have the dust cleaned out of it.
security and privacy
Hackers somehow got ahold of a malware exploit that was developed by the NSA and used it to attack the city of Baltimore. The malware, a ransomeware exploit known as Eternal Blue, was taken home by an NSA contractor, and Leo says that Kaspersky antivirus quarantined the malware and then sent it to the home office in Russia.
Marie wants to know an alternative to Gmail. Leo stopped using Gmail because of their invasive ads, but the other side of the coin is that Gmail has the best spam filters of all. Leo moved to FastMail, so Marie can use Gmail to initially filter her emails, and then forward the rest to FastMail. Then she can run the secondary SPAM Sieve there.
Facebook had another security issue hit this week, as the social media company admitted that millions of Instagram passwords were stored in a plain text file that could be easily accessed from anyone on the network. But they swear that it wasn't accessed or maliciously maligned. Since they initially stated thousands, then admitted millions of accounts were at risk and that it has happened many times now, Leo says that Facebook's priorities are out of whack. They don't really care about protecting user data.
Dolores wants to know if it's safe to scan images of documents and send them to her attorney. Rich says it depends on the app itself. Take proper precautions and use a reliable/reputable app. Rich uses Google Drive to scan apps on an Android phone. On the iPhone, scan the document with Apple's NOTES app, or with Scannable.
Once she's scanned them, then she wants to be sure she can send them securely.
Leo says that while 2018 was the year Ransomware, 2019 is even worse. Arizona Beverages got hit by ransomware last week. The attack shut down sales operations for days, scuttled their networks, and servers. The network was hacked and encrypted, targeted by hackers with a ransom note posted to their website. Leo says that Arizona struggled with trying to rebuild their operations for five days. Most of their servers hadn't been given security patches in years and their backups didn't work.
Nathan wants to know if there's any recourse if a company isn't protecting his passwords. Leo says in Europe they have the GDPR, but in the US the only real protection is through HIPPA in the medical field. Leo recommends talking to Brian Krebbs at Krebbs on Security and asking him how he should write a letter to warn them of their liability.
Tom uses DashLane for his password vault, and wants to know if their new VPN service slows him down. Leo says it can. He's essentially running a computer remotely, and it works with an encrypted tunnel. So, it can cause some latency as it works its way in and out of the tunnel. Not all VPNs are alike either. Some are faster than others, so he should check with DashLane to see how many servers they run. He also wants to be sure they don't log his use. Tom also doesn't like that he doesn't have the option to opt-out after they raised his monthly fee.
Brian travels a lot and would like to have a travel router to protect him from an open and unsecured internet. Leo says he uses one when he travels and it not only works as a firewall, but it also turns into a wireless hotspot for multiple devices. He uses one from TinyHardwareFirewall.com.
Don is worried that his network may be compromised because he uses a shared internet network in his office building. Leo says there may be a weak link with a point of entry that's a result of the building, but it should be locked down pretty well. Leo recommends getting an IT consultant to help run his internet access. Employees may actually be a bigger risk if they fall victim to phishing scams. An IT consultant can help train the employees to be on the lookout for scams.