security and privacy

Why is Online Security So Bad?

Security

Episode 1648

Jeff from Marshall, IL

Jeff is concerned with the current state of online security. So many companies are taking security for granted. They send software passwords in an email and other foolish acts online. Leo says that the CTO should know better. But Leo also admits that security is hard, and there's no such thing as perfect, bulletproof software when it comes to security. Inevitably, the software will get flaws, as they get updated. But a lot of the software has dumb mistakes that slip through due to arbitrary deadlines.

Why Can't I Update Windows?

Microsoft

Episode 1622

Bruce from San Diego, California

Bruce can't get the latest Windows Update 1903 on his HP laptop. Microsoft says that this BIOS is too out of date and as such, it'll fail and roll back. Is there a way to block it so it won't keep doing it? The problem is, that Microsoft has stopped supporting 1803, which is where Bruce is stuck, and as such, he won't get security updates starting at the end of the year. That's a real concern. He tried putting it on a metered connection and that does stop it, but he's worried about security. He still wants the security updates.

Faceapp Causing Concern to Privacy Advocates and Congress

FaceApp

Episode 1611

The mobile app called FaceApp is causing concern with privacy advocates, and even members of Congress because people are concerned that their photos are being uploaded to servers in Russia. But the developer, who worked for Microsoft when he got the idea, assures that all photos are uploaded to Amazon cloud servers. The bigger concern is that the terms of service grant FaceApp the ownership of your likeness forever. Leo says, though, that it's just legal-speak that's written in the broadest possible terms.

Is my computer vulnerable to attack?

Wireshark

Episode 1601

Jim from Wisconsin

Jim ran GRC Shields Up scanner on his router and he discovered that port 443 was open, not stealth. Is he vulnerable? Leo says you have to have port 443 to run on the internet, but it should be in "stealth mode." You'll also want to find out what's using it. NetStat will help you determine that. Wireshark will also do that. His fan is also running a lot. Leo says that may mean your computer is getting hotter. Probably needs to have the dust cleaned out of it.

Another Security Issue Hits Facebook

Facebook Security

Episode 1584

Facebook had another security issue hit this week, as the social media company admitted that millions of Instagram passwords were stored in a plain text file that could be easily accessed from anyone on the network.  But they swear that it wasn't accessed or maliciously maligned. Since they initially stated thousands, then admitted millions of accounts were at risk and that it has happened many times now, Leo says that Facebook's priorities are out of whack. They don't really care about protecting user data.

Is it Safe to Send Documents Scanned by my Phone?

Google Drive

Episode 1583

Dolores from Lancaster, CA

Dolores wants to know if it's safe to scan images of documents and send them to her attorney. Rich says it depends on the app itself.  Take proper precautions and use a reliable/reputable app. Rich uses Google Drive to scan apps on an Android phone. On the iPhone, scan the document with Apple's NOTES app, or with Scannable.

Once she's scanned them, then she wants to be sure she can send them securely.

2019 - Ransomware is everywhere

Arizona

Episode 1580

Leo says that while 2018 was the year Ransomware, 2019 is even worse. Arizona Beverages got hit by ransomware last week. The attack shut down sales operations for days, scuttled their networks, and servers. The network was hacked and encrypted, targeted by hackers with a ransom note posted to their website.  Leo says that Arizona struggled with trying to rebuild their operations for five days. Most of their servers hadn't been given security patches in years and their backups didn't work.

How can I Make Sure my Passwords are Kept Secure?

Krebbs

Episode 1572

Nathan from Spearfish, South Dakota

Nathan wants to know if there's any recourse if a company isn't protecting his passwords. Leo says in Europe they have the GDPR, but in the US the only real protection is through HIPPA in the medical field. Leo recommends talking to Brian Krebbs at Krebbs on Security and asking him how he should write a letter to warn them of their liability.