Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Tom has a friend who gave a technician remote access after calling a number in a popup ad for his Echo. Leo says he fell victim to a scam and there's a good chance that his computer is infected with malware, a key logger, remote access trojans, the works. At this point, the only safe thing to do is backup the data, format the hard drive, and reinstall Windows from a known, safe source, then update. Only then can he be sure his computer is safe.
Amazon's "Rekognition" face recognition software, which is being rented to police, has identified members of congress as felons. When the ACLU ran the software, designed to match people to a database of mugshots, it identified a total of 28 congressional members as felons. Amazon claims that the software was used incorrectly, and should have been set to a 99% confidence level instead of the 80% that was used.
Read more at arstechnica.com.
Bob has all his passwords inputted in a spreadsheet. Is that secure? Leo says if it works for him, that's one step better than just using the same password over and over. But if someone gets ahold of that file, they have the keys to his kingdom. That's why using LastPass, which generates complicated and secure passwords is a good idea. Bob agrees, but he doesn't know how to use it to change his passwords. Leo says if he goes to LastPass's help desk, they describe step by step how to do it.
Paul is concerned about internet of things and security. He wants to know if Plume would be a good, secure mesh router that can protect his network from the outside hacking his IoT. Leo says that Plume requires a yearly subscription to keep it up to date. Leo says it's somewhat justified because it can keep his network more secure. He's paying for security on his network, but his IoT devices may not be getting updated, so they're not secure. And his internet is only as secure as his weakest device.
John's friend got bit by the popup that said she had a virus and then when she called "Microsoft support" they wanted $300 to fix it. Leo says it's a phishing scam. And once you give someone access to your computer, not only will they not fix anything, but they make the infection even worse by installing other malware. The only way forward now is to backup the data, format the hard drive, and then reinstall Windows.
Robert is concerned with password security. How secure is his Windows login? Does it have to be really crazy difficult? Leo says that it's safe enough for his own use. Networks are protected by the router, which has a separate password. The more unique, the better. But his Windows password is fine unless someone gets physical access to the computer. Leo prefers to use a password manager, though. It's secure everywhere. What about a browser password vault? Leo says that all browsers now use encryption, so they're safe. But he should have 2 factor authentication setup just in case.
Researchers have figured out that if you connect your iPhone to a computer, you can keep doing a brute force password attack to unlock it and that it should take about a day to open it. Leo says that this is with a four digit passcode, and a six digit passcode is a lot harder to crack.
The Supreme Court has also ruled that law enforcement cannot get cell phone location data without a warrant. The decision said that day to day movement data on a mobile device provides an intimate look at someone's activities, even to the point of violating privacy without a warrant.
Al's antivirus software is up for renewal. Does he really have to pay for another year? Leo says no. Windows has its own antivirus called Windows Defender, and it's free. It does a really good job. There's also a possibility that third party antivirus software could make him more vulnerable to hackers, not less. Al will need to download their standalone uninstaller to get rid of that third party app. Then enable Windows Defender and keep it up to date. But he should remember, no antivirus can protect him from himself.
Mark wants to combine his work's LastPass account with his personal one. Leo says that his personal stuff can be attached, but it won't be visible at work. Leo recommends keeping the accounts separate. That way, if he leaves the job, his employer doesn't have access to his data.
(Disclaimer: LastPass is a sponsor)