Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
A hacker group called "ShadowBrokers" may have gotten NSA exploits that could be used to target Cisco firewall systems. If these are real, did they hack the NSA to get them? The group is asking for 1 million Bitcoins in an auction for the best "cyber weapons" that the group hasn't released. It raises a lot of questions about the legitimacy of these exploits, how they got them, and how dangerous they are. It seems that they are real, though, because The Intercept released documents on Friday that effectively confirm that the ShadowBrokers preliminary data dump is real.
Robert's Apple ID got hacked and they've been changing all his passwords and email notifications. He contacted Apple and they aren't believing that he is who he says he is yet. Leo says that they are being deliberately slow now to avoid the social engineering snafu. They want him to provide proof through his payment records, but it may be that Robert got socially engineered and lost his password. That's why turning on 2nd factor authentication is important.
Tom wants to make sure his wireless router is secure. Leo says the only thing Tom really needs to do is turn on WPA2 encryption. It's in the router setup, which can usually be accessed at 192.168.1.1. He should turn on WPA2 and give it a password that isn't obvious. Once that's turned on, all the traffic is encrypted.
A really bad exploit in the Android OS enables the installation of malware called QuadRooter. Google is working to push security updates, and promises to have an update by September. If your manufacturer or wireless provider is slow to push out updates, then you may be vulnerable for quite some time, especially if you have an old phone. If you're looking to get a new phone, make sure you're getting it from a company that's offering monthly updates.
Rich wants to know how to transfer large files like audio books. Leo says that audio books aren't that big. But Rich still wants to know how he can he securely transfer them to his publisher without them being corrupted or pirated. Leo says that's a common issue. He shouldn't attach it in an email. Rich should send a link to the file that's located on a drive like Google Drive, ShareFile, or DropBox.
Bruce wants to know if his friend's website should be using a VPN for secure web access. Leo says that he can, but the first thing web sites should be doing is running a secure site with https. Amazon uses an extended SSL certificate which has a green bar so that it's even more secure for eCommerce. Using a VPN like HotSpot VPN or Tunnel Bear can give him a secure and ecrypted tunnel to a server.
Lex uses Windows Defender, but he came across a thumb drive and wants to check it to see if it's safe to use. Leo says he really can't. If he plugs it in, and it's infected, it will compromise his system. Firmware can be modified on a thumb drive to contain malware as a payload, and it's undetectable. The worse part is not one USB drive manufacturer has done anything to correct the bug. Wired has a story on it.
John got a call from someone this morning and the caller ID was showing it coming from his own number. Leo says it's really easy to spoof caller ID to lure someone to answer the phone. Leo likes to use Google Voice as his main phone number, since it will reject a call if it's not in his contact list. John can put his number on the government's Do Not Call List, but most of these are from out of the country and they aren't subject to that law.
Joe wants to know if Microsoft's antivirus can really do the job. Leo says it can, but he really doesn't need it if he's careful. He'll want to be sure he's updated everything -- OS, browser, Flash, etc. Microsoft Defender is a good thing to run, but nothing can completely protect him from his own online behavior.
Chris has a few security systems with cameras and the alarm monitor (ADT) is obsoleting them. So he'll have to get new cameras for his system. Leo recommends decoupling the camera from the service and do the camera setup himself. The Nest cam works with Wi-Fi and they have their own cloud based storage. The cameras aren't cheap, but they're probably cheaper than ADT. Ring has one that's solar powered called the Stick Up cam.