Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Ron wants to know what happened to using LastPass on all his devices? Leo says that LastPass decided to limit the free tier to just one computer for free. If you want to add it to multiple devices, there's a paid tier of $3 a month for that. If you still want a free one, Leo recommends BitWarden. OnePassword. And it's pretty easy to export it. Ron's problem though is that his master password stopped working, and now he's locked out of LastPass. So he can't do anything, and he can't get ahold of anyone at LastPass.
Wallace wants to know if he needs a VPN or can authorities still track his activity and movements. Leo says that using a VPN will mask your activity unless your VPN keeps track of that activity. With a warrant, they would have to provide that data. As for movements, your cellphone has a GPS, and with a simple request (called a PIN Registry), the authorities can access your location at any given time for a fee. But that is changing as courts recognize that it is a violation of privacy and should require a warrant.
Dwayne is concerned that he won't know if a website he visits is safe. What if it's been compromised by a hacker? How would you know until it's too late? Leo says that most of us aren't really the target of a hack unless it's a mass attack. And those are a lot easier to defend against. Website attacks are a very common attack, where a hacker will forge the look of a website in an attempt to get you to log into it and steal your login credentials. This happens with bogus bank links. So it's important to be very careful on the links you click on.
Diego got hacked. He was online, and someone gained access to his desktop through remote access. He saw them start open files and folders. So he shut the computer down. He then tried running Malware Bytes and his AVS, but neither found anything. Leo says there has to be a remote access program on his computer. He advises going into add/remove programs and see if there's anything he doesn't recognize. Uninstall anything you don't know why it's there. To be certain, backup your data, format your hard drive, and then reinstall Windows from a known, good source.
Giving police in the UK too much surveillance power online, the so-called Snooper's Charter passed by British Parliament will enable law enforcement to surveil everyone's online activity. The new power will give police free rein to perform fishing expeditions looking for evidence-based on what apps people use, what sites they visit, and more.
Julie's mom uses Windows 7, but she wants to know if it's secure to do her online banking. Leo says that Windows 7 is at the end of life, which means Microsoft isn't fixing any bugs or exploits anymore. So if you go online, you run the risk of being hacked or infected. However, if you only use it for one thing, like online banking, it may be secure. That means no surfing to other sites, no emails, just going to the bank. If that isn't practical, Julie's mom can always upgrade to Windows 10 (it's still free). Download the Windows 10 Media Creation Tool and upgrade.
In an unprecedented move by a Chinese National Hacking Group, called Hafnium, hundreds of thousands of Exchange servers have been compromised, with over 30,000 accounts hacked this week. Leo says it's worse than that Russian Solar Winds attack. The hack takes advantage of a quartette of "zero-day exploits" that take advantage of bugs in Microsoft's Exchange email servers. Microsoft has put out an emergency update to plug the holes, and users are advised to install the fix immediately.
Alan uses iDrive for his cloud backup, and he's recently started getting a "password mismatch" error. Leo has had similar issues, and he thinks it's either security software or ad blockers that is causing that kind of issue. Sites are trying to find out more about you, and the blockers on our system and browsers are fighting against that. That prompts the page developers to try and bypass it. Leo suggests turning off wifi on your mobile device and see if you can do it. If so, you know there's something in the network router that's blocking it.
Heather calls in to talk about a client who got bit by a browser hijack. Leo says the first thing to do is get him off Windows, where he's most vulnerable. If that's not an option, get him to run as a standard or limited user and not an administrator. The browser hijack and malware can't install themselves as a standard user.
Why does her client keep getting hit over and over? Leo says it's because of his behavior. They keep repeating the same behavior that causes them to get hit. The key is to change the user behavior. That's the only way it will stop.
Richard is getting notified by Google that several websites he's visited have been hacked and he should change his password. Leo says Google has been doing that to advise users that their passwords are showing up on the dark web. Leo says that using a password manager like LastPass to generate all passwords would be a good option. They will also go through user passwords and let them know what ones need to be changed. So all he will need to know is the master password. That's what Leo uses.