One of the ways computers can get infected online is through malicious websites or phishing scams. This happens when a scammer links a user to a website that looks exactly like a familiar site like Microsoft or Google, but is actually the scammer's site. Users will often input their username and password on the malicious site, and the scammer will then have control of their account.
After Home Depot was hacked and had to admit that over 50 million credit card numbers were stolen, they also had to report that an equal amount of email addresses were lifted. That means users are going to be subjected to potential phishing scams and it's important that they pay close attention to any email sent by their banks or Home Depot.
Mary's Yahoo email account was hacked, and in the process, all her contacts in her address book got deleted. Is there any way to retrieve it? Leo says that Mary probably had her account hacked through her "secret" questions which can be guessed using a brute force attack. Once hacked, her account was used as a spam account. But it may be that her account wasn't hacked at all, and her email address was spoofed instead. That means they just can pose as Mary by using the "reply to" field.
At the "Hackers On Planet Earth" (HOPE) Conference in New York this week, forensic scientist and security expert Jonathan Zdziarski identified several holes and back doors currently on the iPhone. There's even a packet sniffer that's running all the time. Apple has yet to respond to it. It's important to understand that whenever you're using a connected device, whether intentionally or unintentionally, it could reveal information to interested parties. In his presentation, Zdziarski revealed some of the data that is constantly leaked out by the iPhone.
eBay announced a massive data breach and Leo advises users reset their passwords. What's interesting is that the news broke on Wednesday, and eBay has known about it for three weeks. It makes Leo wonder just how bad the breach was. eBay says it was a leak of encrypted passwords. Regardless of how bad, Leo says it's best to change your password. And if you use that password elsewhere, time to stop doing that and use a password manager like LastPass.
Target says that between Black Friday and December 15th, point of sale registers were hacked company wide and over 40 million credit and debit cards were seized. Target hasn't really said much on what customers should do. Leo says that the safest thing to do is assume your card had been grabbed and notify your bank. You could spend the next year checking your statements, but Leo says to simply get a new card and close the other account. Leo also says that there was no breach in Target stores in Canada because they require both a chip in your credit card and a PIN.
The latest NSA revelation comes from more documents leaked by Edward Snowden. It shows that the NSA has 50,000 computer networks in a 'sleeper cell' that can be turned on at any time. Leo points out that as impressive as this sounds, a 50,000 computer bot net is relatively small compared to what spammers and hackers have for commercial purposes.
Adobe's Creative Cloud has been hacked, exposing millions of accounts to hackers. Although the passwords were encrypted by Adobe, the hints were not, allowing hackers to deduce what passwords were. Most were set to "123456," or "password." Adobe has required users to change their password immediately, but the damage may have already been done since credit cards are linked to the accounts. Leo advises everyone to make passwords very difficult to deduce or to crack via brute force attack.
Microsoft, Apple, Twitter, Facebook and a host of others have fallen victim to the Java exploit that was discovered by the Department of Homeland Security (actually, Leo says it was CERT - Computer Emergency Response Team ) last month. Leo says that it appears to be an Eastern European team that is attacking big American companies to find industrial secrets.