A year ago, a hacking group called the Shadow Brokers claimed it had a treasure trove of NSA hacking tools that they would sell to the highest bidder. They asked for $7 million in Bitcoin, but didn't get any bids. They've now released the catalog of documents, which means it's a very busy day for security researchers. While these documents are old, they're still very interesting.
We're familiar with DDoS attacks, which are "Distributed Denial of Service" attacks, but there's a new form of attack that's been happening online lately. It's called PDoS, or "Permanent Denial of Service," which actually bricks the device, destroying it permanently. The rationale is that if these devices weren't bricked, someone else would use it for a DDoS attack.
George bought a laptop from someone online and there's a problem with it, and he can't set it up. He bought it on eBay. Leo says it's likely that George doesn't have much recourse here. He simply can't trust that the laptop is safe.
Leo recommends immediately wiping the hard drive and reinstalling Windows. He can't even trust the recovery partition, either. Chances are, reinstalling from the recovery partition will be fine, but he'll never really know for sure. He should completely wipe the drive. eBay should protect him though, and Leo would advise returning it.
The Turkish Crime Family is threatening to release hundreds of millions of iCloud account names and passwords if Apple doesn't pay them a ransom of millions of dollars. To prove it, they gave ZDNet 54 samples to confirm it. Apple, however, says they have never been hacked. But Leo says it's important for iCloud users to change their passwords just in case. While you're at it, if you haven't turned on two factor authentication, it would be a good idea to do that as well.
Scott is worried about Vault 7 and the CIA's hacking. He's heard from Edward Snowden's tweets that the CIA has left a huge vulnerability in our mobile devices. Leo says that was the problem with the Feds wanting to crack Apple's iOS since once cracked, it's available to anyone. But the reality is, the hack is 3 years old and Apple has worked to close those vulnerabilities. So it's likely that unless Scott's phone hasn't been updated for three years, he's safe.
Stan is having problems opening XLS files due to an error message from the "Trust Center." It'll open the file, but he can't write back to it or save it to his hard drive. Leo says that is Microsoft's security center for excel spreadsheets because it's possible for bad actors to embed commands into an Excel file. There is a workaround for this. Stan can enable all content in the Excel Trust Center settings. But that can be risky if he's unsure of the content in the file he's opening. If he's sure about it, then he'll be OK.
Google's Security Checkup is a great way to verify the security of your account. This is great if you suspect unusual activity on your account, but it's also a good idea to do periodically as a preventative measure.
Every time Charles tries to open Gmail on his Google Nexus, it wants him to sign in. He's suspicious that someone may have hacked his account. Leo says that there's a lot of reasons to be advised of that, but it's always wise to run Google's Security Checkup just to be safe. It'll tell him what devices are connected to his account and also input a second factor authentication warning.
David tethers his computer through his mobile device, but he's wondering if it's secure. Leo says it's probably more secure because cell phones are encrypted now. Using the Wi-Fi through his phone is a different matter, if he's at a public hotspot. At that point, his traffic is out in the clear and easily grabbed. If he's going to use a hotspot, Leo advises using the Tiny Hardware Firewall and a VPN. The Tiny Hardware Firewall is like a router that then connects to his phone.