security

Do Not Download/Open Email Attachments

Do not open email attachments, as they are one of the most common causes of innocent computer users getting infected with malicious malware. Email attachments are "the kiss of death." Ask the sender to place the attachment in Dropbox, etc. or other safer alternatives. Furthermore, Mac and Windows 10 users can open PDF files by themselves, so no need to download and install additional software like Adobe Reader. There are too many vulnerabilities these days regarding email attachments and outdated Adobe software.

Is the Yubikey Safe for Authenticating Online?

Yubikey 

Episode 1603

Don from Omaha, NB

Don wants to use a Yubikey to keep his computer safe online. Leo says that the Yubikey is serious two-factor authentication that enables users to generate a code to offer an extra level of security. It's a physical USB device that spits out a code with a one time password. Leo uses it for his email, Twitter, and a host of other sites online. He wishes his bank would support it. He keeps it on his keychain, using a Type C connector. But he can get a Type A adapter as well.

There's even an open source version called SOLOKEYS, which Leo says is every bit as good.

Is my computer vulnerable to attack?

Wireshark

Episode 1601

Jim from Wisconsin

Jim ran GRC Shields Up scanner on his router and he discovered that port 443 was open, not stealth. Is he vulnerable? Leo says you have to have port 443 to run on the internet, but it should be in "stealth mode." You'll also want to find out what's using it. NetStat will help you determine that. Wireshark will also do that. His fan is also running a lot. Leo says that may mean your computer is getting hotter. Probably needs to have the dust cleaned out of it.

Is a Chromebook secure?

HP Chromebook x2 - 12-f015nr

Episode 1596

Veronica from Irvine, CA

Veronica wants to know if her Chromebook works on a home network. Leo says if you have internet access, you will. Are they secure? Leo says absolutely. The thing is, a Chromebook uses ChromeOS, which uses a browser-based interface. This makes it far more secure. And if it does get infected you can simply use the "power wash" feature to start over. But it stores all your data in the cloud, which is far more secure than a hard drive on your laptop.

Why do I have to log into YouTube to watch a video?

YouTube

Episode 1596

Mike from Santa Anna, CA

Mike watches YouTube off his laptop and he keeps getting popups requiring him to log into his Google account to watch videos. What gives? Leo says that Google is starting to get restrictive on some content, and it may be that you have to log into YouTube in order to view sensitive or explicit videos. That doesn't mean anything other than topics that aren't advertiser-friendly. Leo also says it enables Google to collect data on you, so they can monetize it. Get ready, that's the future.

Is public wifi at a hospital safe?

Netgear AC1200 Dual Band WiFi Router

Episode 1589

Gordon from Long Island, California

Gordon is in the hospital, and wants to know if their public wifi is safe or should he use a VPN? Leo says that if it's using a wide-open network, then anyone can log in. It's a shared, public network. There are some risks, but your banking is safe because it's encrypted. The one thing to worry about is a "man in the middle" attack. Hospitals with public wifis could give the hospital the ability to watch what you do. That's when a VPN can come in handy. It will encrypt all traffic, by burrowing an encrypted tunnel to the internet. 

Use Reputable Apps to Scan Sensitive Documents

If you are scanning important, sensitive documents with your cell phone and sending those files over the internet, make sure to use an app from a reputable, reliable company. Do not use apps from relatively unknown developers, where images could potentially be intercepted. On Android phones, use Google Drive's scan option. On iPhone, open the Notes app and hit the + sign, then tap the "Scan Documents" option. Evernote Scannable is also a legitimate high-quality (free) scanning app.

Examine the Layout of a URL to Check its Legitimacy

When you want to find out if you should stay away from typing in a suspicious and possibly fake web address, check the URL's TLD (top-level domain) which should imply whether the site is legitimate or not. For example, if a web address reads Google(dot)com/blahblah then it is a legitimate Google page. However, bad guys can spoof Google and create an address like Google(dot)badguy(dot)com which may easily deceive many victims at first glance. Always be cautious of deceptive URLs and links that can infiltrate your device if clicked.