Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Richard is having a major problem with Facebook. Someone hacked into his account and altered all his information. So he's lost complete control of every account he uses. Leo says that's what Two Factor Authentication , with an authenticator app. It can guard against. You can also set up trusted contacts, which can aid in verifying who you are as you are trying to get control back. But since it's too late for that, you can only hope to get ahold of someone at Facebook to get help in getting control of your account back.
The Clop Ransomware Team has attempted to encrypt networks from Universities around the country and threatened to release sensitive data. Colorado University sent out notifications this week that their network had been breached with ransomware, taking personal information and clinical data with a demand of $10 million in bitcoin. Leo says if you were a student at any of those universities, look for a notice advising you of the breach. Companies that have also been hacked include Kroger and Shell Oil.
Ed wants to know if he can use a YubiKey authenticator with his iPhone. Leo says it works great with the iPhone. It's what he uses every day, and he thinks that a hardware key is the best two-factor option. How does it work? Leo says you can get one with a Lightning connector or use the NFC mode and tap it on the phone.
Will it work for Linux? Leo says most flavors of Linux, yes. But there are a few that don't support it, but you can add some code to it to make it work. Here's how.
Scott wants to know if Authy is still the authenticator of choice. Leo says he still recommends it. You should always use authenticators for things like online banking. Your phone makes an excellent authenticator device. Google Authenticator is a great app to create your authentication code. But one problem is that if you get a new phone, you have to start over. But Google is changing that now. Authy allows you to save your authentication codes on their servers. Some may be concerned about that, but Leo knows the developer of Authy, and it's good and secure.
Microsoft says that a recent zero-day flaw has been patched in 92% of servers. But Leo says that doesn't mean that a bad guy hasn't gotten into the system before it was patched. So they could still be compromised.
Known as a "cross-site WebKit vulnerability," a critical security flaw in the iPhone IOS 14.4.2 or iOS 12.4.2 could cause a hacker to get into accounts on websites through it. Apple is patching the flaw and iOS users should update once available.
Ron wants to know what happened to using LastPass on all his devices? Leo says that LastPass decided to limit the free tier to just one computer for free. If you want to add it to multiple devices, there's a paid tier of $3 a month for that. If you still want a free one, Leo recommends BitWarden. OnePassword. And it's pretty easy to export it. Ron's problem though is that his master password stopped working, and now he's locked out of LastPass. So he can't do anything, and he can't get ahold of anyone at LastPass.
Wallace wants to know if he needs a VPN or can authorities still track his activity and movements. Leo says that using a VPN will mask your activity unless your VPN keeps track of that activity. With a warrant, they would have to provide that data. As for movements, your cellphone has a GPS, and with a simple request (called a PIN Registry), the authorities can access your location at any given time for a fee. But that is changing as courts recognize that it is a violation of privacy and should require a warrant.
Dwayne is concerned that he won't know if a website he visits is safe. What if it's been compromised by a hacker? How would you know until it's too late? Leo says that most of us aren't really the target of a hack unless it's a mass attack. And those are a lot easier to defend against. Website attacks are a very common attack, where a hacker will forge the look of a website in an attempt to get you to log into it and steal your login credentials. This happens with bogus bank links. So it's important to be very careful on the links you click on.
Diego got hacked. He was online, and someone gained access to his desktop through remote access. He saw them start open files and folders. So he shut the computer down. He then tried running Malware Bytes and his AVS, but neither found anything. Leo says there has to be a remote access program on his computer. He advises going into add/remove programs and see if there's anything he doesn't recognize. Uninstall anything you don't know why it's there. To be certain, backup your data, format your hard drive, and then reinstall Windows from a known, good source.