You may have heard about the latest Wi-Fi vulnerability in the news called “KRACK” or “Key Reinstallation Attack.” This is a security flaw in the WPA2 protocol that could allow a third party to intercept network activity between a router and a device. It does this by taking advantage of a problem with the way the client (your mobile device or computer) authenticates with the access point (the router).
Leo has talked a lot on the Tech Guy show about using two factor authentication wherever possible to ensure the security of your online accounts. Two factor authentication is when you have to enter a code that is sent to you in addition to your normal password. This could be called many things, including “Two-Step Verification” and “Two-Factor Authentication” depending on the site. The early versions of two factor authentication used SMS, and would text the code to your phone, but it turns out this practice is not very secure and many of the major sites are not recommending it anymore.
Avast/Piriform has confirmed that its popular CCleaner app has been infected with malware for the last several months and that users who have used it may have had their computer's compromised. Avast says they believe that they've fixed the problem and that no users have been harmed by the hack. But Leo says he worries about the term "we believe," and this is yet another reason why using these kinds of apps to protect yourself gives you a false sense of security.
Facebook's top security officer says that it's really hard to keep bad guys off their site. Testifying before Congress, he said that buying so-called dark ads is hard to stop. Leo says that's because they're willing to pay for it. Leo adds that Facebook really needs to do eliminate dark ads completely and have every ad be seen in the light of day so we know who's buying the ads. But Facebook doesn't want to do that.
Alvis has a MacBook Pro with a Kensington Lock. But on the new MacBook Pro, there's no way to use the lock to keep a new MacBook secure. Rich says that he can stick a third party hoop onto the laptop. There's also a USB lock that could work. But then again, the USB-C port means he can't do that either.
The chatroom suggests MacLocks.com for ways to lock up his system, and most are third party solutions.
Ray got malware, so he backed up his computer and is wondering what his options are for resetting Windows 10. Leo says there are different levels of reset in the Windows 10 recovery menu. If he selects "Reset This PC," it will wipe out everything including his personal data and applications. If he chooses "Fresh Start," it will install a clean copy of the most recent version of Windows and uninstall any applications that didn't come with Windows, and will preserve his user data. This will probably get rid of most malware.
Securing your online accounts is vitally important. The consequences of being hacked can be great — someone could lock you out of your email account. If that account is used for password recovery for your other accounts, then a hacker could get access to all of those as well. There are a few basic things that you should make sure you do to protect your email account:
1. Provide a secondary email address for recovery.
2. Provide a phone number for password recovery.
3. Turn on 2 Factor Authentication.
Crystal's daughter has gotten into gaming with Minecraft and she's at the point where she wants to do mods. She doesn't understand it, though. Leo says that some mods run on servers online, while some go on the computer (called Clients). A good option is Gary's Mod. Some of the mods she's interested in probably aren't able to work on her computer, though. Mods also tend to work on PCs. The version of Minecraft on Mac runs on Java. There's also an iPad version, but she wouldn't be able to merge them. The risk with a mod, though, is that it's third party.
Using Facebook on a public computer, or even on a friend's computer, can be risky. Facebook stores a cookie in the browser that enables the user to get into the site without actually logging in. This would make it possible for someone else to easily gain access to your account. Instead of avoiding Facebook entirely, there is a way you can still use it and prevent someone else from being able to get in — by using a one-time password.