Security and Privacy

Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.

Spectre and Meltdown Flaws Continue To Plague Intel

Episode 1457

With the now infamous Spectre and Meltdown processor flaws affecting every intel based computer for the last ten years, Intel pushed out a fast fix to plug the holes. Now they're saying not to use it. It seems that some computers will get stuck in a reboot loop. So the cure is worse than the disease. To date, there's been no evidence that the Spectre and Meltdown flaws have been exploited, so Leo is wondering if the right advice is to do nothing at all. At least until a new fix has been released, or that malware shows up that will take advantage of it.

How strong is the encryption on Microsoft Office documents?

Episode 1456

Mike from Riverside, CA
Microsoft Office

Mike is wondering how good the encryption is in Microsoft Word and Excel documents. Leo says it's actually pretty good and that it's adequate, but not uncrackable. Leo says it's hard to crack stuff on the web when a service can slow the attacker down. But if someone can get a document that's locked and own it, there's nothing to stop them from trying a million passwords a second, and brute-force that document. Having said that, Microsoft has started using strong encryption on documents. The weak link will be the password.

Can I prevent apps from getting my contacts list?

Episode 1456

Brian from Fennimore, WI
Snapchat Contacts

Brian is wondering if he can prevent third-party apps from seeing his contacts list on his phone. Leo says it's very common for apps like Snapchat, Twitter, Facebook, Instagram and more to suggest inviting friends from your contacts list. They have to ask permission to get to this list, though. These apps upload the contacts list to their servers so it can alert you that someone new has joined that app. Leo says that absolutely is a privacy breach.

Should I use Norton AntiVirus?

Episode 1455

Antonio from Chico, CA
Shield

Antonio signed up for Google Docs and he's been offered Norton to protect his files. Leo says he hates antivirus, and Norton is one of the worst. Leo recommends staying with Microsoft's Defender and keep it updated. At the end of the day, it's his behavior online that will be the last line of defense. So, here are a few things he can do to protect himself online:

Can I use DBAN on an SSD?

Episode 1455

Mike from Niagara Falls, Ontario, Canada
SSD

Mike wants to wipe a hybrid SSD using Darik's Boot and Nuke (DBAN). Is that a good idea? Leo says that SSDs are written to differently than spinning drives, and it also uses a technique called "wear leveling," which writes sectors randomly. This makes it difficult to fully and securely wipe a drive to prevent it from being recovered. He can do it to erase a drive, but it won't really remove the data. That's why Leo recommends encryption. Using BitLocker on Windows, or some other technique to secure data with encryption.

Should I install the Spectre bug fix?

Irwin from The Bronx

Episode 1454

Irwin is concerned that the Spectre bug fix will slow down his computer. Leo says it's possible, but it's unlikely to have a noticeable impact on a modern machine. Experts say the bug fix will greatly affect slower, older machines. A newer machine will get the least performance hit. He should just make sure to update his AVS and all of his drivers.

VMware or really heavy applications are where the performance hit will most likely be affected.

What is a reliable Virtual Private Network?

Episode 1453

Manny from Mt. Carmel, CA
Tiny Hardware Firewall

Manny wants to know how he can find a reliable VPN product to keep his surfing private. Leo says that what he's looking for is a strong privacy policy that's very clear what it can and cannot do, particularly with logging access. Leo likes Tunnel Bear since they have it in their privacy policy that they won't log his access and activity. He also uses a hardware firewall like Tiny Hardware Firewall which will do it.

Has my Bitcoin wallet been hacked?

Episode 1453

Mike from Bakersfield, CA
Coinbase

Mike's Coinbase Bitcoin wallet has a corrupted IP address to it and he's worried his wallet has been hacked. Leo says he can't have two IP addresses on an account. Leo says that the ISP may be at fault here and Mike should log into his Coinbase wallet and make a screenshot of the error messages. Then he should contact his ISP and show them the evidence. They need to fix it. Leo also says he should change his Coinbase password just in case. It's possible something nefarious is afoot.

Why can't I download the Meltdown fix for Windows?

Episode 1453

Travis from Oklahoma
Windows Update

Travis is having trouble getting the Windows update that will fix the Meltdown/Spectre exploit. Leo says he should make sure to update his antivirus first, because the fix will break the AVS and crash the machine, forcing a reinstall of the OS. He may also need to do a BIOS update. In fact, the entire machine may need to be updated to prevent the Windows OS update from breaking the machine.

Is using your Facebook login for another website safe?

Episode 1450

Joseph from New Jersey
Facebook

Ivan wants to know what he's giving away when he logs into a site using his Facebook ID. Leo says that's called Single Sign-on, which makes it easier to sign in. Many services, including Google and Twitter also offer it as a convenience. It's a user verification system that doesn't require him to create an account, nor does it give them access to his account. But it gives Facebook, Google, and Twitter access to more information about where he visits. It's safe to use it, but if he's concerned, he can create a dummy account that he'll only use for that purpose.