Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Charles got a new Eero mesh router all set up (Eero is a sponsor of the TWiT Network), but now he gets a warning that his router can be seen online. Leo says that the best thing a router can do is be invisible by not responding to any online queries. It's called Stealth Mode. That's what GRC's Shields Up will test. Most routers have PING turn on by default. But you can turn it off in the security settings. Also, turn off universal plug n play and file sharing.
Craig is looking for a password manager and wants to sign up with LastPass (A sponsor of the TWiT Network and Studio). But is there anything special he has to do? Leo says that a password manager will not only store all your passwords, but it will also generate them for you. All you need to remember is the master password. Other options are One Password, Dash Lane and Bit Warden. Once you get LastPass all setup, you want to turn on 2 Factor Authentication so that if someone tries to break into or have your password, there is a second way to authenticate that will protect you.
Tom wants to know how a VPN can be secure or even fast if it has to cross ISPs. Leo says that is a good question. Leo says that a good VPN will have little latency, but the larger question is, who is running your VPN? That's who you're trusting with your privacy and security.
Ding got a notification recently about a Zelle transaction and wants to know if his bank account has been hacked. Leo says that unless they have your bank information, they can't. Signing up with an email account won't really do anything. But if one suspects something has happened, it may have been a keystroke logger or someone that stole information, but it's unlikely. If he is running Windows 10, then he should run Windows Defender, updating it regularly. There's no need for a third party AntiVirus. And he may want to change the bank account, demanding 2-factor authentication.
This week, Senators sent a letter to Facebook telling them to respect user privacy, especially when they request not being tracked. Turns out, even if users opt-out of being tracked, Facebook has been doing it anyway. Leo says that while he chooses to opt-out of having his online activity tracked, he understands that Facebook is a free service and they do have to pay the bills with targeted ads. But shouldn't they respect when someone doesn't want to be included?
Dave has a Windows 10 PC running Windows Defender as his antivirus. Is that a good idea? Leo says yes. Defender does everything you need it to do, as long as you keep it updated. But AVS software can also give you a false sense of security. The last line of defense is your online behavior. That means avoiding clicking on links or opening attachments.
This is creepy. A hacker managed to hack into a ring camera placed in the bedroom of an 8-year-old girl, and then pretended he was Santa Claus talking to her. RING said it wasn't a breach in Ring's security, but was due to the parent not using a unique user name and password. She used the same one as for other things, making it really easy to breach. Leo says that hackers can read a unique signature for internet enabled cameras and then can use that login to brute force it open. Leo says to stop reusing the same password. That's a recipe for calamity.
Brett is worried he's been hacked. He used UNRAID to create his own Network Attached Storage. But he recently got a message that he had 114 login attempts on his network. Leo says that it is very common. Any server that is online and attached to the internet will be attacked. Mostly by a bot that is programmed to look for servers online. Make sure you have security features that only allow logins from approved regions, IP addresses, or from your work. There should also be a feature that will lock out an IP address that keeps trying to log in.
Looking at Internet of Things phenomenon, the Portland FBI issued a blog post talking about how connecting your computer to the same network as your internet-enabled refrigerator could pose a security risk. They advise changing the device password settings from the default, make them as long as possible and unique. Leo says that it's not practical to have a separate connection for your IoT devices. But regularly updating your devices and giving them a good password is a good idea.
Joesph is getting popups. Leo suspects that there's adware installed on his computer, and you can go through add/remove programs to uninstall whatever you don't recognize. Look for browser extensions, as well. You can also run the Windows Malicious Software Removal Tool and Windows Defender to get rid of any malware.