Security and Privacy

Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.

Hacking Group Announces Auction of NSA "Cyber Weapons"

Episode 1315

A hacker group called "ShadowBrokers" may have gotten NSA exploits that could be used to target Cisco firewall systems. If these are real, did they hack the NSA to get them? The group is asking for 1 million Bitcoins in an auction for the best "cyber weapons" that the group hasn't released. It raises a lot of questions about the legitimacy of these exploits, how they got them, and how dangerous they are. It seems that they are real, though, because The Intercept released documents on Friday that effectively confirm that the ShadowBrokers preliminary data dump is real.

What should I do after my Apple ID was hacked?

Robert from Clovis, CA

Episode 1315

Robert's Apple ID got hacked and they've been changing all his passwords and email notifications. He contacted Apple and they aren't believing that he is who he says he is yet. Leo says that they are being deliberately slow now to avoid the social engineering snafu. They want him to provide proof through his payment records, but it may be that Robert got socially engineered and lost his password. That's why turning on 2nd factor authentication is important.

Android Has a Bad Exploit: QuadRooter

Episode 1313

A really bad exploit in the Android OS enables the installation of malware called QuadRooter. Google is working to push security updates, and promises to have an update by September. If your manufacturer or wireless provider is slow to push out updates, then you may be vulnerable for quite some time, especially if you have an old phone. If you're looking to get a new phone, make sure you're getting it from a company that's offering monthly updates.

How can I securely transfer large data files?

Rich from Tuscon, AZ

Episode 1312

Rich wants to know how to transfer large files like audio books. Leo says that audio books aren't that big. But Rich still wants to know how he can he securely transfer them to his publisher without them being corrupted or pirated. Leo says that's a common issue. He shouldn't attach it in an email. Rich should send a link to the file that's located on a drive like Google Drive, ShareFile, or DropBox.

Is a VPN safer than just using a secure website?

Bruce from Billings, MT

Episode 1311

Bruce wants to know if his friend's website should be using a VPN for secure web access. Leo says that he can, but the first thing web sites should be doing is running a secure site with https. Amazon uses an extended SSL certificate which has a green bar so that it's even more secure for eCommerce. Using a VPN like HotSpot VPN or Tunnel Bear can give him a secure and ecrypted tunnel to a server.

How can I tell if a USB key I found is safe to use?

Lex from Virginia

Episode 1310

Lex uses Windows Defender, but he came across a thumb drive and wants to check it to see if it's safe to use. Leo says he really can't. If he plugs it in, and it's infected, it will compromise his system. Firmware can be modified on a thumb drive to contain malware as a payload, and it's undetectable. The worse part is not one USB drive manufacturer has done anything to correct the bug. Wired has a story on it.

How can I stop getting spam calls?

John from California

Episode 1309

John got a call from someone this morning and the caller ID was showing it coming from his own number. Leo says it's really easy to spoof caller ID to lure someone to answer the phone. Leo likes to use Google Voice as his main phone number, since it will reject a call if it's not in his contact list. John can put his number on the government's Do Not Call List, but most of these are from out of the country and they aren't subject to that law.

What's a good home security camera?

Episode 1309

Chris from Woodland Hills, CA
Nest cam

Chris has a few security systems with cameras and the alarm monitor (ADT) is obsoleting them. So he'll have to get new cameras for his system. Leo recommends decoupling the camera from the service and do the camera setup himself. The Nest cam works with Wi-Fi and they have their own cloud based storage. The cameras aren't cheap, but they're probably cheaper than ADT. Ring has one that's solar powered called the Stick Up cam.