Bob has lost his hotmail password and he can't get any support to help him recover it. Leo says that it may be that the password was hacked and the account taken over. There's a two factor authentication, where if the password is changed, you have to input a code sent to your cellphone in order change the password. But in this case, it's likely they guessed your secret questions with a brute force attack and hacked your account. Secret Questions are a vulnerability because people actually answer the questions. Leo advises to change the password aNd then enable 2nd factor authentication.
Dan has installed LastPass on his computers and his mobile phone. Leo says it's an excellent password vault. But Dan wants to have all devices time out after 15 minutes to lock it down. Leo says that's a good idea. There's a way to do this in the settings. Leo says it may be that the automatic password option has been checked and that's why he can't get it to time out and demand the password to reactivate.
With the news that eBay's servers were breached and passwords were stolen, Leo says users should not only change their passwords, but also should use a password manager or password vault like RoboForm, 1Password, LastPass, etc. They can generate long and random passwords that include punctuation and variety that makes brute force attacks pretty much useless. Then all you need to do is remember one password.
eBay announced a massive data breach and Leo advises users reset their passwords. What's interesting is that the news broke on Wednesday, and eBay has known about it for three weeks. It makes Leo wonder just how bad the breach was. eBay says it was a leak of encrypted passwords. Regardless of how bad, Leo says it's best to change your password. And if you use that password elsewhere, time to stop doing that and use a password manager like LastPass.
OpenSSL is a widely used protocol for providing secure internet traffic. The "Heartbleed" bug takes advantage of a hole in OpenSSL to peer into the memory of SSL servers. It can allow a hacker to ping 64K of random memory repeatedly, thereby allowing them to glean usernames and passwords, and even fake a server certificate.
Marie got the FBI Virus Scam popup that has locked up her computer. Leo says it's highly customizable by the hacker who sends it out and in Marie's case, it demands she call to address the issue. So Leo thinks that it may be an offshoot of the cyrpto locker virus. Or just a malicious website. Regardless, her system has been compromised. The only real way to handle it is to backup her data, wipe the drive and reinstall Windows from a known, good source. She can also run the system restore discs, then update the OS completely.
Dave wants to know the best way to protect himself when banking online. Leo says that it's obvious that banking personally is far more secure than banking online. But coupling the convenience of online banking with very limited liability, it's hard not to take advantage of it.
Leo recommends using two factor authentication to protect his password because it requires an authentication code sent to his phone. He should make sure he is using "https://" when connecting to his bank's site. His bank should be using that automatically.