On Sunday's Tech Guy show, Jason Snell of SixColors.com was filling in for Leo Laporte and shared a tip about managing your Apple ID. Not many people are aware that Apple has a page for doing this at appleid.apple.com. You can change the email addresses and phone numbers associated with your account, add/change your trusted phone number for two factor authentication, change your Apple ID password, change payment and shipping info, and more.
Mike is worried that Google has all of his banking information. Leo says it's not to worry about. They don't have it. If anything, his browser has that information and that's much more dangerous. It may be a good idea to reset his browser to get rid of all that. Then turn on second factor authentication to make sure that any attempt to change his password or access his account will be stopped. Mike shouldn't worry about Google, though. They're quite secure, and Chrome is a secure browser.
A year ago, a hacking group called the Shadow Brokers claimed it had a treasure trove of NSA hacking tools that they would sell to the highest bidder. They asked for $7 million in Bitcoin, but didn't get any bids. They've now released the catalog of documents, which means it's a very busy day for security researchers. While these documents are old, they're still very interesting.
We're familiar with DDoS attacks, which are "Distributed Denial of Service" attacks, but there's a new form of attack that's been happening online lately. It's called PDoS, or "Permanent Denial of Service," which actually bricks the device, destroying it permanently. The rationale is that if these devices weren't bricked, someone else would use it for a DDoS attack.
George bought a laptop from someone online and there's a problem with it, and he can't set it up. He bought it on eBay. Leo says it's likely that George doesn't have much recourse here. He simply can't trust that the laptop is safe.
Leo recommends immediately wiping the hard drive and reinstalling Windows. He can't even trust the recovery partition, either. Chances are, reinstalling from the recovery partition will be fine, but he'll never really know for sure. He should completely wipe the drive. eBay should protect him though, and Leo would advise returning it.
The Turkish Crime Family is threatening to release hundreds of millions of iCloud account names and passwords if Apple doesn't pay them a ransom of millions of dollars. To prove it, they gave ZDNet 54 samples to confirm it. Apple, however, says they have never been hacked. But Leo says it's important for iCloud users to change their passwords just in case. While you're at it, if you haven't turned on two factor authentication, it would be a good idea to do that as well.
Scott is worried about Vault 7 and the CIA's hacking. He's heard from Edward Snowden's tweets that the CIA has left a huge vulnerability in our mobile devices. Leo says that was the problem with the Feds wanting to crack Apple's iOS since once cracked, it's available to anyone. But the reality is, the hack is 3 years old and Apple has worked to close those vulnerabilities. So it's likely that unless Scott's phone hasn't been updated for three years, he's safe.
Stan is having problems opening XLS files due to an error message from the "Trust Center." It'll open the file, but he can't write back to it or save it to his hard drive. Leo says that is Microsoft's security center for excel spreadsheets because it's possible for bad actors to embed commands into an Excel file. There is a workaround for this. Stan can enable all content in the Excel Trust Center settings. But that can be risky if he's unsure of the content in the file he's opening. If he's sure about it, then he'll be OK.
Google's Security Checkup is a great way to verify the security of your account. This is great if you suspect unusual activity on your account, but it's also a good idea to do periodically as a preventative measure.