exploits

New Vulnerabilities Discovered on Operating Systems

Episode 1133

Root Pipe and Wire Lurker are two new vulnerabilities hitting computers. Root Pipe is hitting OS X but Leo says it can only be activated by someone sitting at your computer, so it shouldn't really be a huge cause of concern. Meanwhile, the Nigerian scam has been reported to have caused over $12 Billion in loses last year.

Meanwhile, a new report says that consumers are reaching "breach fatigue" over all the security breaches that have happened of late.

Did my Mac get hacked?

Episode 1113

Kathleen from Yucca Valley, CA

Kathy thinks her Mac got hacked. She gave a support line remote access to her Mac and she's worried she got hacked. Leo says that if she didn't give them her credit card, chances are she's OK. But if she wants to be sure, she can download Little Snitch. It'll observe her computer activity and let her know if it does phone home or let someone remotely access it again. She should also turn on her software firewall.

'Heartbleed' Flaw in OpenSSL Exposes Passwords on Many Popular Websites

Episode 1074

OpenSSL is a widely used protocol for providing secure internet traffic. The "Heartbleed" bug takes advantage of a hole in OpenSSL to peer into the memory of SSL servers. It can allow a hacker to ping 64K of random memory repeatedly, thereby allowing them to glean usernames and passwords, and even fake a server certificate.

How can I keep using Windows XP safely after April 8?

Episode 1067

Mark from Indio, CA

Mark hears that XP will stop being supported. Leo says yes, on April 8th Microsoft will release it's last security update. So what would be his options after that? He's on a budget and can't buy a new computer. Leo says that Linux is a good option, and it's often more secure. Leo says that Mark could also just continue to use XP if he takes steps and knows what he's doing.

Here's what Mark can do:

Analysis of Windows Updates Shows Removing Admin Rights Could Solve Most Issues

Episode 1061

An analysis of all the patches that Microsoft released in 2013 shows that nearly 100% of all exploits and vulnerabilities could be removed if administrator rights were revoked, and users ran as a limited user.

Admin rights key to mitigating vulnerabilities, study shows (ZDNet)…
http://www.zdnet.com/admin-rights-key-to-mitigating-vulnerabilities-study-shows-7000026428/

Apple Puts Out an Emergency Update to iOS to Cover Security Issues

Episode 1059

There's a flaw in iOS and OS X that allows a "man in the middle" to intercept your credit card information. Apple just put out an emergency update to iOS to patch this. The update is OS version 7.0.6 and users should install it immediately to all iPhones and iPads. Hopefully, the OS X patch will be coming soon as well.

How can I protect my computer after Microsoft ends Windows XP support?

Episode 1057

Dan from Huntington Beach, CA

Dan uses Windows XP and is worried about security once Microsoft ends support for it on April 8th. Leo says that there will only be two more security patch Tuesdays between now and April 8th and once that's done, XP will no longer be supported. Leo says that once that happens, all XP users should pull their XP computers off the Internet completely. There are bad guys who collect flaws and exploits and take advantage of holes in the system. One such nasty thing is Cryptolocker.

Rare Exploit Reported on the Mac

Episode 1009

There's a report that someone sitting at your Mac can fiddle with the clock in OS X and gain access to your system. Leo says that having physical access to a computer can create a lot of security issues. It's something to be concerned about if you're going to lunch and leaving your computer open, but 99.99% of the time, this is much ado about nothing. Just create a screen saver password that's really good, and you're golden. Even better, turn on full disc encryption (called "file vault" on the Mac) and everything is safe until you log in.

Microsoft Joins the List of Hacked Tech Companies

Episode 955

Microsoft, Apple, Twitter, Facebook and a host of others have fallen victim to the Java exploit that was discovered by the Department of Homeland Security (actually, Leo says it was CERT - Computer Emergency Response Team ) last month. Leo says that it appears to be an Eastern European team that is attacking big American companies to find industrial secrets.

Steve Gibson and the UPnP Bug

Episode 952

Steve Gibson joins Leo to talk about the UPnP bug. It's one of the most nefarious exploits out there and the media isn't talking about it because it's just too "geeky." Security groups scanned over 4.3 Billion routers connected online, looking for a vulnerability. There are hackers probing as well. It's stunning that over 81 million are vulnerable due to a bug in the router software that will give hackers access to their personal networks. Steve advises turning off UPnP in the router settings.