Security and Privacy

Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.

Can I be anonymous online?

Episode 1104

Louis from Hollywood, CA
Guy Fawkes Mask

Louis says that cookies or tokens are a violation of privacy. Leo says they're pretty benign, though. The cookie only exists to allow him to keep from logging in to a site every time he visits. It reads the token and knows who he is. He could turn them off or prevent third party cookies. The browser leaks enough information about him to identify him, though. He could surf privately and delete all of his cookies, but even with all that, his ISP knows everything he does online. So if he really wants to be anonymous, he'd have to pretty much give up being online.

Forensic Scientist Finds Security Holes in iPhone

Episode 1102

iPhone 5S

At the "Hackers On Planet Earth" (HOPE) Conference in New York this week, forensic scientist and security expert Jonathan Zdziarski identified several holes and back doors currently on the iPhone. There's even a packet sniffer that's running all the time. Apple has yet to respond to it. It's important to understand that whenever you're using a connected device, whether intentionally or unintentionally, it could reveal information to interested parties. In his presentation, Zdziarski revealed some of the data that is constantly leaked out by the iPhone.

How can I protect myself when using public Wi-Fi hotspots?

Episode 1101

Mike from Glendale, CA
Wi-Fi

Mike is wondering if he should do anything to protect himself while using these public hotspots though. Leo says this is an important question because he's on the same network with other people, so there are risks. Other people could see traffic sent to and from his computer, and could use hacker tools that are widely available to get that data. This is mostly an issue when accessing email, but since he uses gmail, it's encrypted and won't be a problem. If the sites he's on use 'secure http' (https), then he should be ok.

Is there an alternative to TrueCrypt?

John from New Jersey

Episode 1100

John wants to know if there's a cross platform alternative to TrueCrypt since development of it ended. Leo says that BitLocker is Microsoft's file vault, and Apple's is called FileVault. Both work great, but they aren't cross platform. Leo says that TrueCrypt is still around, but that the writer of it allegedly took to the Internet and said it wasn't safe anymore. It's been audited and so far seems to still be legit. So who knows? Leo doesn't know of any open source options anymore. BitLocker is a good alternative.

Is Microsoft still updating XP or am I getting a virus?

Mark from Los Angeles, CA

Episode 1100

Mark noticed that he got an update for Internet Explorer on Windows XP, but didn't think there was supposed to be anymore updates from Microsoft for Windows XP. Leo says that Microsoft did break its word, and they did release an update in May for Internet Explorer. It could simply be that the update didn't get applied, and it's still trying to run the update. It also could be that a hacker is posing as Microsoft to infect his system.

Supreme Court Rules Smartphones Cannot Be Searched Without Warrant

Episode 1096

Police car

The Supreme Court ruled this week that smartphones cannot be searched by law enforcement without a warrant -- even if you had been arrested for a crime. Law enforcement, until now, has been able to retrieve all data from someone's smartphone as they saw fit. It is now considered improper search and seizure.

Supreme Court rules police cannot search smartphones without warrant (LA Times)…
http://www.latimes.com/nation/nationnow/la-na-nn-supreme-court-search-20...

How can I uninstall Search Donkey?

Peter from Tustin, CA

Episode 1095

Peter was looking for video codecs and he got bit by some malware called "Search Donkey." Leo says that even legitimate sites can get bit by malware. And places like CNet will install adware in their installer without really drawing attention to it. Leo says that the only difference between Malware and Adware is that Adware lets the user uninstall and technically gives an opt out on installation (if the user can find it).

How can I get my computer to time out and request my lastpass password to wake up?

Dan from Upland, CA

Episode 1091

Dan has installed LastPass on his computers and his mobile phone. Leo says it's an excellent password vault. But Dan wants to have all devices time out after 15 minutes to lock it down. Leo says that's a good idea. There's a way to do this in the settings. Leo says it may be that the automatic password option has been checked and that's why he can't get it to time out and demand the password to reactivate.

How can I encrypt only part of my phone?

Remy from Los Angeles, CA

Episode 1090

Remy is a psychologist and he keeps a lot of patient data on his phone. How can he lock that down without having to lock down all of his phone? Leo says it's wise to lock it down completely. If it's lost or stolen, he'll really want to make it difficult for someone to get to the data. Password protecting the phone with a passcode isn't that big of a disruption, and it's an extra measure to protect that data he's talking about. It encrypts the entire contents of the phone.