Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Louis says that cookies or tokens are a violation of privacy. Leo says they're pretty benign, though. The cookie only exists to allow him to keep from logging in to a site every time he visits. It reads the token and knows who he is. He could turn them off or prevent third party cookies. The browser leaks enough information about him to identify him, though. He could surf privately and delete all of his cookies, but even with all that, his ISP knows everything he does online. So if he really wants to be anonymous, he'd have to pretty much give up being online.
At the "Hackers On Planet Earth" (HOPE) Conference in New York this week, forensic scientist and security expert Jonathan Zdziarski identified several holes and back doors currently on the iPhone. There's even a packet sniffer that's running all the time. Apple has yet to respond to it. It's important to understand that whenever you're using a connected device, whether intentionally or unintentionally, it could reveal information to interested parties. In his presentation, Zdziarski revealed some of the data that is constantly leaked out by the iPhone.
Mike is wondering if he should do anything to protect himself while using these public hotspots though. Leo says this is an important question because he's on the same network with other people, so there are risks. Other people could see traffic sent to and from his computer, and could use hacker tools that are widely available to get that data. This is mostly an issue when accessing email, but since he uses gmail, it's encrypted and won't be a problem. If the sites he's on use 'secure http' (https), then he should be ok.
John wants to know if there's a cross platform alternative to TrueCrypt since development of it ended. Leo says that BitLocker is Microsoft's file vault, and Apple's is called FileVault. Both work great, but they aren't cross platform. Leo says that TrueCrypt is still around, but that the writer of it allegedly took to the Internet and said it wasn't safe anymore. It's been audited and so far seems to still be legit. So who knows? Leo doesn't know of any open source options anymore. BitLocker is a good alternative.
Mark noticed that he got an update for Internet Explorer on Windows XP, but didn't think there was supposed to be anymore updates from Microsoft for Windows XP. Leo says that Microsoft did break its word, and they did release an update in May for Internet Explorer. It could simply be that the update didn't get applied, and it's still trying to run the update. It also could be that a hacker is posing as Microsoft to infect his system.
The Supreme Court ruled this week that smartphones cannot be searched by law enforcement without a warrant -- even if you had been arrested for a crime. Law enforcement, until now, has been able to retrieve all data from someone's smartphone as they saw fit. It is now considered improper search and seizure.
Supreme Court rules police cannot search smartphones without warrant (LA Times)…
Peter was looking for video codecs and he got bit by some malware called "Search Donkey." Leo says that even legitimate sites can get bit by malware. And places like CNet will install adware in their installer without really drawing attention to it. Leo says that the only difference between Malware and Adware is that Adware lets the user uninstall and technically gives an opt out on installation (if the user can find it).
Dan has installed LastPass on his computers and his mobile phone. Leo says it's an excellent password vault. But Dan wants to have all devices time out after 15 minutes to lock it down. Leo says that's a good idea. There's a way to do this in the settings. Leo says it may be that the automatic password option has been checked and that's why he can't get it to time out and demand the password to reactivate.
Remy is a psychologist and he keeps a lot of patient data on his phone. How can he lock that down without having to lock down all of his phone? Leo says it's wise to lock it down completely. If it's lost or stolen, he'll really want to make it difficult for someone to get to the data. Password protecting the phone with a passcode isn't that big of a disruption, and it's an extra measure to protect that data he's talking about. It encrypts the entire contents of the phone.