security

Is the government monitoring my LastPass activity?

LastPass (a TWiT Sponsor)

Episode 1744

Mario from Lancaster, CA

Mario works at a government agency that has stiff security. He uses LastPass (a sponsor of the TWiT network) on his devices and wants to know if the government can see his data or his passwords? Leo says it's possible. They may have key loggers or screen readers that can see your activity and certainly monitor your online activity. He wouldn't be surprised if they have custom certificates that allow them to snoop, even if you're using encrypted security. But LastPass probably keeps Mario's activity safe. 

Has my Facebook account been hacked?

Facebook

Episode 1740

Rick from Palm Springs, CA

Rick posted a few pictures on Facebook, and he sees one picture with a caption he didn't add to it. How did that happen? It also seems to come from a group he isn't a member of, rather than from himself. Leo says that Facebook makes a group of your account automatically so you can share images. So that's probably the group he's seeing. You can also add filters or frames that can be added. It's possible it was added by accident. Check the picture and see what the privacy settings are. If it's public, you may want to change it to friends only.

Wipe Your Drive and Reinstall if Your Windows PC has Been Infected With Malware

If you've been infected with malware, wipe your drive and start over. Reinstall Windows. If it's a rogue employee of a company you were calling, contact the company and let them know. Any general-purpose operating system is vulnerable to these kinds of malware attacks. If you positively need to use Windows at home, you sort of should become a guru of PC security to protect yourself. Windows shouldn't be your default OS pick anymore.

Windows 7 Is Still Fine To Use Offline

If you still insist on using your Windows 7 computer and are scared of using it thanks to Microsoft's lack of continued support, it is still okay to use it offline. If you don't take it on the internet, you significantly lower your risks to catch anything harmful for the PC. Plus, most of your permanent applications will still work as long as there is electricity to power the computer! However, you should still be sure to back up important files onto an external hard drive, as staying offline means no access to cloud backup services.

Can I revoke remote access from our company IT technician?

ConnectWise

Episode 1730

Lori from Alicia Viejo, CA

Caller allowed a third party that handles support for her company, to install ConnectWise on her private computer. Is that safe? Leo says that if your company has farmed out IT support to a third-party, it's unlikely that third-party is going to lose that business by compromising your personal data. But her devices are all connected. Can she revoke it? Leo says that you can uninstall ConnectWise and remove that access. 

Do I have malware?

Windows Defender

Episode 1730

Karen from Tri-Cities, WA

After getting a phishing scam email, Karen ran a malware scan with Windows Defender and it found a "severe threat" called a Trojan-Downloader. Windows Defender blocked it, but is she still compromised? Leo says that everyone gets those, and it's not a side effect of a virus on your system. So if Defender found one and blocked it, you're safe from it.

Is online banking through a browser secure?

Online Banking

Episode 1730

John from Gridley, CA

John is worried that his identity will be stolen, along with his money, if he does online banking through his browser. Leo says that browsers are equally secure, as long as they keep getting patched on a regular basis. The issue isn't the browser, it's the system itself. The weak link in the chain is you. If you get an email that seems to be from your bank and you click on the links inside, it's likely a fake and your login has been stolen due to a phishing attack. That's the kind of thing that can happen. Banks will never email you. Keep that in mind.

Is Windows Remote Desktop safe to use?

GoToMyPC

Episode 1724

Sundeep from Orlando, FL

Sundeep wants to know if GoToMyPC is better than Microsoft's own native remote desktop. Leo says that if you have Windows Pro, remote desktop is free. But Windows remote desktop has a number of significant flaws that represent a serious security issue for users. One magazine even said that "it's time to disconnect Remote Desktop from the internet. You also don't want to use it "bare" on the internet. You need to use a VPN or proxy server. So Leo advises not using Remote Desktop. Use a third-party service like GoToMyPC.

"Vishing" is the latest online scam to steal your company login information

VISHING

Episode 1721

Much like phishing and spear-phishing, VISHING is the latest online scam designed to steal your logins. Only VISHING uses voicemail to do it, according to the FBI and the Cyber Security Agency (CISA). They are targeted attacks on employees of corporations using voicemail to get users working at home to call back and then use social engineering to steal VPN credentials. Check out Brian Krebs' article here.