Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
A year ago, a hacking group called the Shadow Brokers claimed it had a treasure trove of NSA hacking tools that they would sell to the highest bidder. They asked for $7 million in Bitcoin, but didn't get any bids. They've now released the catalog of documents, which means it's a very busy day for security researchers. While these documents are old, they're still very interesting.
Hackers have been stealing people's information, filing their returns, and getting the refund. Last year, the IRS noticed that the FAFSA online system could get enough personal information that it could be used by hackers. In October, the IRS sent a memo to the Department of Education saying that the system could be abused. But because up to 15 million people used the system out of convenience, they kept it online. In February, the IRS noticed a pattern of fraudulent activity, and shut it down last month.
We're familiar with DDoS attacks, which are "Distributed Denial of Service" attacks, but there's a new form of attack that's been happening online lately. It's called PDoS, or "Permanent Denial of Service," which actually bricks the device, destroying it permanently. The rationale is that if these devices weren't bricked, someone else would use it for a DDoS attack.
Lisa went to a website and she got a pop up notification that her computer was infected and to call an 800 number to Microsoft. Leo says not to ever call them -- just exit the popup and move on. It's not infected and those popups are designed to insnare users. It's called a phishing scam. Lisa did it anyway, though, and gave them control of a computer. Leo says that's bad news because she doesn't really know what the hacker's done. He can install viruses on her or turn it into a bot, a keystroke logger, and use remote access to turn on her camera.
Brian has tried several password vaults and he finds them all inconvenient. His frustration is that using his mobile device doesn't always work so well. He ended up on LastPass. Is that a good choice? Leo says yes. It's the one he uses. 1Password is another one, and it has the advantage of being able to save the vault somewhere else.
Jeff wants to do some spring cleaning by getting rid of some old computers, but is concerned about privacy and the data on the hard drives. Leo says that the easiest thing to do is to simply remove the hard drives. He could also use something like Darik's Boot and Nuke (DBAN) to completely wipe the drive. It erases everything by writing zeros across the drive, and then erases it again. If he does that several times, he'll be safe from everyone save the NSA. Solid State Drives, however, can be easier to get data off of.
It may not be an April Fool's Joke, but it sounds like one. Verizon, AT&T, and Comcast have moved to assure customers that while Congress has officially passed a law stripping privacy protections from internet users, their data will not be sold and they won't be spying on customers. This begs the question — why did they need the law passed in the first place?
The Senate has voted to overturn an FCC regulation that was designed to protect customer privacy. The regulation that was put out in October of last year said that internet service providers would have to ask for customer permission before selling personal data, such as browsing history, current location, and more.
Read more at WashingtonPost.com
Mark wants to know if password vaults are safe and what the best one is to get. Leo says yes, they are best because they generate impossible to remember passwords and keep track of them, so Mark would only have to remember the one password to open his vault. Leo uses LastPass. There's also 1Password. It's a valuable tool that everyone should use.
Mike is worried about the Turkish Crime Family's iCloud hack. If he changes his password, couldn't they just hack it again to get them? Leo says that Apple has said it hasn't been hacked, and even if it had been, the hackers would have to "rehack" the system to get them. If Mike has turned on two factor authentication, they can't use his password anyway.
It's annoying to use two-factor, but it's the best last line of defense to prevent his account from being compromised. Also, he can use his TouchID on a new MacBook Pro and his iOS devices to insure verification.