Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Last week, Chinese hackers targeted GreatFire.org in a DDoS attack, and now are attacking GitHub. DDoS stands for "Distributed Denial of Service," and this attack brings down a website by hitting it with lots of bogus requests from thousands or even tens of thousands of computers distributed all over the world. GreatFire.org was spending $30,000 a day in bandwidth trying to keep up with the excess traffic.
The way they are getting this to be a distributed attack is by commandeering users of Baidu, a popular search engine in China.
Anthony wants to know if someone can track his email address to where he lives. Leo says no. It can list the servers it's been through, but not the physical location. If the server was in his house, then maybe. But if he's not running his own mail server, then he's OK. Unless he's broken the law and the authorities can find him through his internet address.
Steve is worried he's being spied upon online. He gets a popup on his 4G data connection that says "network may be monitored by a third party." Leo says that's exactly what Superfish has been doing. Certificates get issued by various browser authorities like Google. If he doesn't like it, then he should try another browser.
Although they promised customers that they would protect private information, Radio Shack has announced that they will be selling off customer information as part of the Fire Sale portion of their Bankruptcy. State governments and even AT&T have announced lawsuits to stop it. AT&T says that the privacy information should remain confidential through the sale and that Radio Shack should only sell to companies in the same business. But the lesson is clear, if you gave Radio Shack your information, they're now considering it an "asset." So much for privacy policies.
Leo had talked to Mark Goodman, the author of a book called "Future Crimes," who is a former LAPD officer that got roped into computer forensics early on. This book is a good look at where we stand right now in global security and what we can do about it. One of the reasons Leo wants to recommend the website, FutureCrimesBook.com, is because there's a really good section of it called "The UPDATE Protocol." This echoes things Leo has said for a long time on the show, and it's all in one place.
Elizabeth got an email from her friend that included suspicious links, and she's wondering if his email account was spoofed. She looked in the header, but didn't see anything. How can she find out if it was spoofed? Leo says the tale is the CCs. They would only be able to put so many addresses in a field, and if they are using multiple fields, then she'll know the person has cracked the account. Yahoo has always had security issues. So the account has been hacked and there's all kinds of ways to do it. First thing to do is change the password, and make it a difficult one.
In the latest "Pwn2Own" hacking competition, a Korean hacker was able to crack secured versions of all the latest browsers. He not only took home a quarter million dollars, but also the laptops that the browsers and operating systems were installed on. Leo says that all these hackers save up exploits all year long in order to Pwn2Own. And a lone security researcher was able to own IE11, Chrome, and Safari, and he took the whole thing. All the browsers were 64 bit too. This was the largest payout in the history of the competition.
Cecil is using LastPass and wonders if he's safe using it even on a public Wi-Fi access point, like a hotel. Leo says absolutely. It encrypts all of his passwords and he'll be safe that way. Not even LastPass knows what his password is.
He should make sure he's also encrypting his email. Google is planning to do that through Android later this year.
Citizenfour is an Academy Award winning documentary on the story of Edward Snowden. He was a contractor for the NSA as a systems administrator working out of Hawaii, and that's how he was able to obtain information. What he did with that information is what became so controversial. He went to Hong Kong, and contacted journalists to give them this information he had collected, but didn't want anything released that would risk the lives of government operatives. Instead, he wanted journalists to tell the world, Americans in particular, what the NSA had been up to.
Ray is concerned with security on his tablet, and is wondering if he should have antivirus for it. Leo says that mobile devices are designed in an era where malware is a serious threat, so these newer operating systems are inherently safer because they tend to be sandboxed. If he still wants some added protection, LookOut is a very good antivirus app. That being said, Leo doesn't use an antivirus program.