Security and Privacy

Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.

How can I securely wipe a computer hard drive?

Hard drive

Episode 1490

Julie from Valencia, CA

Julie recently lost her job after 25 years, and now she has to return the laptop she used. She needs to wipe it first, though. Leo says that laptop is company property and everything on it belongs to them, even if she has personal things saved on it. There is no way they can prevent her from doing it, but Leo advises talking to an attorney before she does.

Is my DNA safe with testing companies?

DNA

Episode 1490

Steven from San Antonio, TX

Steven wants to know if doing DNA analysis is safe and secure. How does he make sure that information is protected? Leo says that's a good question, and people do have the right to have their information protected. 23andMe, for instance, has a privacy policy that users must agree to, and they are very committed to keeping it secure.

(Disclaimer: 23andMe is a sponsor)

What's the best 2-factor authentication app?

Authy

Episode 1490

Tom from St. Louis, MO

Tom heard that Authy is better than Google Authenticator. Is that true? Leo says that any authenticator will be better than no authenticator at all, especially when keeping password vaults protected. Most services offer 2 factor authentication now, but the danger there is that some SIMs can be duplicated or even hijacked with some creative social engineering. In fact, the authenticator can be re-routed. Authy sends a secret number and combines it with a time of day (hashing) that changes after 30 seconds.

Twitter Error Results in Passwords Being Stored in Plain Text

Twitter login

Episode 1486

Twitter sent an email to its 330 million users recommending that they change their passwords. This is because of an error that caused user passwords to be stored unencrypted and in plain text. While this was a big flaw, Twitter is being praised for disclosing the information immediately so users can take action to protect their accounts.

Read more at Reuters.com.

What do I do when I get a popup to update Flash?

Adobe Flash

Episode 1486

Bill from Rainbow City, AL

Bill has had a problem with a popup saying he needs to update his Flash. Leo says that's a phishing scam designed to get him to install Malware. Luckily, Windows Defender usually sees it and removes it because it's an old tactic. But if it didn't, it may be really difficult to get rid of the malware. Usually, the best thing to do is backup his data, format the hard drive, and then reinstall and update Windows. Never accept gifts from strangers. He shouldn't download from someone he doesn't know. He should always go directly to the source if he thinks he needs to update something.

How can I encrypt and anonymize my web use?

Anonymous

Episode 1485

Jim from Indianapolis, IN

Jim called in to talk about how the Department of Homeland Security is monitoring not only the free press, but also bloggers, podcasters, and vloggers. Jim wonders if he should use a VPN as a hedge against that. Leo says that while anonymizing his content is a natural reaction, and while a VPN could be a useful tool, but it's not a privacy tool. In fact, encrypting his traffic shines a light on him more than just being a part of the "background noise." Also, a VPN only encrypts the traffic along the way.

Signatures Will No Longer Be Required on Credit Cards

https://pixabay.com/en/credit-card-signature-credit-card-1211408/

Episode 1479

Now that pin numbers have been associated with credit cards via the chip, the major credit card companies have announced that effective today, they will no longer require a signature when using a credit card. Leo says that's not only not surprising, but merchants rarely check anyway. But those who do, can still require it for their own records.

Credit card signatures are ending in the US on April 13th

Has my iMac been compromised?

Apple iMac

Episode 1478

Adam from Pasadena, CA

Adam bought an iMac from a private seller. It still had Apple Care and he had it transferred to his name. He's worried that there was a keylogger on it and his credit card was compromised. Leo says that unless he wiped the computer himself, he won't know if it's compromised or not. Leo says that it's probably not the Mac, but just in case, Adam should wipe the drive himself. It's really easy to wipe an iMac drive and reinstall the OS. It could be that Adam's iCloud account has been compromised.

Is it safe to use Amazon's Alexa?

Amazon Echo

Episode 1478

Julie from Santa Clarita, CA

Julie wants to get an Echo, but her husband is worried about privacy and eavesdropping. Are they safe? Leo says it's about as safe as a smartphone. Anything that has a microphone that's connected or broadcasts with a radio can be listened to quite easily. Alexa is always listening, that's true, but it's only listening for the wake word "Alexa," and then whatever follows that for up to 2 minutes. It won't widen the scope until the magic word is uttered. Then it sends the request to the home office for an answer. Can it incidentally record?

How can I reset my Windows 10 password?

PCunlocker

Episode 1476

Steve from Radondo Beach, CA

Steve forgot the password on his all-in-one Windows 10 machine. Leo says that can be a serious problem in Windows 10. But since Steve used his Microsoft account to log in, he can change the Microsoft password and he should be able to make it work. Microsoft also has a utility called MSDaRT, which has a feature called Locksmith Wizard that will reset his Windows 10 password. Third party utilities include PC Unlocker.