There's a botnet called "Reaper" that has been growing at an alarming rate. It's a network of compromised devices, mostly routers, that is likely in the millions. We don't know who is doing this, or who's controlling it, and we can't stop them from doing it. It's sophisticated enough that it could be a nation and not just an individual. We still have no idea what it could be used for, either.
Carlos wants to know about biometric behavioral passwords. Leo says that the idea has been around for awhile. Google uses gate analysis to know if you're the one holding the phone. It could be the future.
Karen has a Samsung Phone and Tablet and she is getting a popup in her phone that will allow her apps access to her phone data. Leo says that Android works by requiring permission to do things as she needs them. So when she's opening an app to do something, the app is requesting access in order to do what she wants it to do. That kind of behavior is OK, but if it's out of nowhere, then she's right to be suspicious.
Tom wants to know where he can find a YubiKey, and whether or not it's accessible for the blind. Leo says they are accessible, and he can get it at yubico.com. This is a little USB device that plugs into a USB port, and the computer sees it as a keyboard. The YubiKey will light up, and then press the button on the key. Just make sure the cursor is in the correct field that it will need to fill, and it will fill in the password. This doesn't work for an iPhone, however, because it doesn't have a USB port.
You may have heard about the latest Wi-Fi vulnerability in the news called “KRACK” or “Key Reinstallation Attack.” This is a security flaw in the WPA2 protocol that could allow a third party to intercept network activity between a router and a device. It does this by taking advantage of a problem with the way the client (your mobile device or computer) authenticates with the access point (the router).
Avast/Piriform has confirmed that its popular CCleaner app has been infected with malware for the last several months and that users who have used it may have had their computer's compromised. Avast says they believe that they've fixed the problem and that no users have been harmed by the hack. But Leo says he worries about the term "we believe," and this is yet another reason why using these kinds of apps to protect yourself gives you a false sense of security.
Facebook's top security officer says that it's really hard to keep bad guys off their site. Testifying before Congress, he said that buying so-called dark ads is hard to stop. Leo says that's because they're willing to pay for it. Leo adds that Facebook really needs to do eliminate dark ads completely and have every ad be seen in the light of day so we know who's buying the ads. But Facebook doesn't want to do that.
Alvis has a MacBook Pro with a Kensington Lock. But on the new MacBook Pro, there's no way to use the lock to keep a new MacBook secure. Rich says that he can stick a third party hoop onto the laptop. There's also a USB lock that could work. But then again, the USB-C port means he can't do that either.
The chatroom suggests MacLocks.com for ways to lock up his system, and most are third party solutions.
Ray got malware, so he backed up his computer and is wondering what his options are for resetting Windows 10. Leo says there are different levels of reset in the Windows 10 recovery menu. If he selects "Reset This PC," it will wipe out everything including his personal data and applications. If he chooses "Fresh Start," it will install a clean copy of the most recent version of Windows and uninstall any applications that didn't come with Windows, and will preserve his user data. This will probably get rid of most malware.
Securing your online accounts is vitally important. The consequences of being hacked can be great — someone could lock you out of your email account. If that account is used for password recovery for your other accounts, then a hacker could get access to all of those as well. There are a few basic things that you should make sure you do to protect your email account:
1. Provide a secondary email address for recovery.
2. Provide a phone number for password recovery.
3. Turn on 2 Factor Authentication.