Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
With the now infamous Spectre and Meltdown processor flaws affecting every intel based computer for the last ten years, Intel pushed out a fast fix to plug the holes. Now they're saying not to use it. It seems that some computers will get stuck in a reboot loop. So the cure is worse than the disease. To date, there's been no evidence that the Spectre and Meltdown flaws have been exploited, so Leo is wondering if the right advice is to do nothing at all. At least until a new fix has been released, or that malware shows up that will take advantage of it.
Mike is wondering how good the encryption is in Microsoft Word and Excel documents. Leo says it's actually pretty good and that it's adequate, but not uncrackable. Leo says it's hard to crack stuff on the web when a service can slow the attacker down. But if someone can get a document that's locked and own it, there's nothing to stop them from trying a million passwords a second, and brute-force that document. Having said that, Microsoft has started using strong encryption on documents. The weak link will be the password.
Brian is wondering if he can prevent third-party apps from seeing his contacts list on his phone. Leo says it's very common for apps like Snapchat, Twitter, Facebook, Instagram and more to suggest inviting friends from your contacts list. They have to ask permission to get to this list, though. These apps upload the contacts list to their servers so it can alert you that someone new has joined that app. Leo says that absolutely is a privacy breach.
Antonio signed up for Google Docs and he's been offered Norton to protect his files. Leo says he hates antivirus, and Norton is one of the worst. Leo recommends staying with Microsoft's Defender and keep it updated. At the end of the day, it's his behavior online that will be the last line of defense. So, here are a few things he can do to protect himself online:
Mike wants to wipe a hybrid SSD using Darik's Boot and Nuke (DBAN). Is that a good idea? Leo says that SSDs are written to differently than spinning drives, and it also uses a technique called "wear leveling," which writes sectors randomly. This makes it difficult to fully and securely wipe a drive to prevent it from being recovered. He can do it to erase a drive, but it won't really remove the data. That's why Leo recommends encryption. Using BitLocker on Windows, or some other technique to secure data with encryption.
Irwin is concerned that the Spectre bug fix will slow down his computer. Leo says it's possible, but it's unlikely to have a noticeable impact on a modern machine. Experts say the bug fix will greatly affect slower, older machines. A newer machine will get the least performance hit. He should just make sure to update his AVS and all of his drivers.
VMware or really heavy applications are where the performance hit will most likely be affected.
Mike's Coinbase Bitcoin wallet has a corrupted IP address to it and he's worried his wallet has been hacked. Leo says he can't have two IP addresses on an account. Leo says that the ISP may be at fault here and Mike should log into his Coinbase wallet and make a screenshot of the error messages. Then he should contact his ISP and show them the evidence. They need to fix it. Leo also says he should change his Coinbase password just in case. It's possible something nefarious is afoot.
Travis is having trouble getting the Windows update that will fix the Meltdown/Spectre exploit. Leo says he should make sure to update his antivirus first, because the fix will break the AVS and crash the machine, forcing a reinstall of the OS. He may also need to do a BIOS update. In fact, the entire machine may need to be updated to prevent the Windows OS update from breaking the machine.
Ivan wants to know what he's giving away when he logs into a site using his Facebook ID. Leo says that's called Single Sign-on, which makes it easier to sign in. Many services, including Google and Twitter also offer it as a convenience. It's a user verification system that doesn't require him to create an account, nor does it give them access to his account. But it gives Facebook, Google, and Twitter access to more information about where he visits. It's safe to use it, but if he's concerned, he can create a dummy account that he'll only use for that purpose.