Security and Privacy

Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.

Why doesn't my password vault input the right password?

Episoide 1473

David from Florida
LastPass

David uses a bunch of different browsers and everyone wants to save his passwords. It seems easier, but he says that it fills in the wrong password often. Leo says that's probably because David has multiple password managers and they are fighting. It's like antivirus software. It's best to have just one. Relying on the browser saving passwords isn't safe because that's not their main business and many have security flaws. David should use one password manager like LastPass, and it will input the right password.

How can I email files securely?

Episode 1471

Fred from Fort Worth, TX
Email

Leo says that Fred is right to be concerned about the security of sending emails because the contents of the messages can be read along the way. If the email is going from one Gmail address to another, however, it would be secure. Ultimately, though, Leo doesn't recommend sending attachments at all. Opening attachments is how most people end up getting infected, and it doesn't just affect that person either. It will spread to all of that person's contacts, affecting their family, business, and the internet as a whole.

How does 2-factor authentication work?

Episode 1472

Taylor from Cincinnati, OH
LastPass

Taylor is talking about using LastPass and its 2-factor authentication. How does that work? Leo says that 2-factor can be a biometric thing, like his thumbprint, or it can be an authenticator which will text him a code to his phone that he would input into the prompt. It's secret and only good for about 30 seconds before he would have to input a new code. It's a great way to protect online data.

How can I protect my email account in Outlook?

Episode 1472

Nathan from Canada
Email

Nathan gets a lot of "sketchy emails," and he wants to know how he can avoid that. Leo says he really can't avoid it, but most email programs can render any malware written into an HTML formatted email neutral. If he's using his mobile device, there's really no exploits that can hijack the phone. It's possible, but not at all likely. Malware emails are more dangerous in a browser rather than an email client. He can turn off HTML in the settings if that worries him, though.

Are encryption services really secure?

Episode 1467

Gary from Cheektowaga, NY
Encryption

Gary is an attorney and has heard of a business product called LockBin that promises to encrypt his data. Is it legit? Leo says that there are limits of privacy with an encryption service. If the service can give him his password, then it has access to all his data and it's not really reliable. If they can't give him the password because only he knows it, then he's in good shape. The downside, though, is that if he forgets it, he's out of luck.

How can I get my Windows computer to update?

Episode 1458

Rene from Corona, CA
Blue screen of death

Rene is having trouble updating Windows. It stalls out at 80%. He then reboots and it goes back to before he tried updating. Then he gets a blue screen and he can't restore or update. Leo says that not an unusual problem. If you think about it, with millions of computers, there's going to be a certain percentage that will experience issues like this, and updating while a computer is running is nontrivial. It could be something is blocking it, like a third-party antivirus app. It could also just be a bad download. Or this could be the Intel Spectre/Meltdown fix that is causing problems.

Why isn't Malwarebytes working for me?

Episode 1458

Don from Culver City, CA
Malwarebytes

Don is having issues with Malwarebytes. Leo says that if he's experiencing issues with Malwarebytes, there's a good chance that he's been infected. The first thing a malware creator will do is disable online security software and prevent access to those sites in the browser. That's one of the reasons why Leo doesn't like third party antivirus apps. Leo recommends using Microsoft Security Essentials/Windows Defender.

Is there an Android app that could simplify the process of logging onto public Wi-Fi?

Episode 1457

Gary from Rancho Cucamonga, CA
LastPass on mobile

Leo says there's a new feature in Android Oreo 8.1 — it will let you know how fast a Wi-Fi access point is before joining it. Leo says any password vault should enter his password into the web portal when he signs in. Leo prefers using password vaults to any mechanism offered by the browser or phone itself. Password vaults will remember all of his passwords, and on Android, it will actually fill in the password automatically.

Jackpotting Attack Hits US ATMs

Episode 1458

ATM

There's a new attack that has been affecting ATMs around the world, and it's called "Jackpotting." It causes ATMs to dispense all of its cash. Hackers are using endoscopes to gain access to the interior of an ATM in order to connect to it and hack into the ATM's Windows XP operating system. Then, the once the malware is installed, a remote command is given to spew out 40 bills every 23 seconds.

Read more at krebsonsecurity.com.