Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Mike's Coinbase Bitcoin wallet has a corrupted IP address to it and he's worried his wallet has been hacked. Leo says he can't have two IP addresses on an account. Leo says that the ISP may be at fault here and Mike should log into his Coinbase wallet and make a screenshot of the error messages. Then he should contact his ISP and show them the evidence. They need to fix it. Leo also says he should change his Coinbase password just in case. It's possible something nefarious is afoot.
Travis is having trouble getting the Windows update that will fix the Meltdown/Spectre exploit. Leo says he should make sure to update his antivirus first, because the fix will break the AVS and crash the machine, forcing a reinstall of the OS. He may also need to do a BIOS update. In fact, the entire machine may need to be updated to prevent the Windows OS update from breaking the machine.
Ivan wants to know what he's giving away when he logs into a site using his Facebook ID. Leo says that's called Single Sign-on, which makes it easier to sign in. Many services, including Google and Twitter also offer it as a convenience. It's a user verification system that doesn't require him to create an account, nor does it give them access to his account. But it gives Facebook, Google, and Twitter access to more information about where he visits. It's safe to use it, but if he's concerned, he can create a dummy account that he'll only use for that purpose.
Jeff is getting strange random key strokes appearing in his browser bar. Leo says to try a different browser. Windows comes with both Edge and Internet Explorer. If it happens in both browsers, it could be a failing keyboard. Jeff should unplug his keyboard and try a new one. If he still has the issue, then it's a Windows problem, which could be malware or a browser hijack. He could try resetting his browser first. If that solves the problem, then he's fine. If not, then it may be that he'll need to reinstall Windows from a known good source.
Alan wants to know if an antivirus utility is any good anymore for malware. How about on a mobile device? Leo says that all too often, an antivirus leaves people more vulnerable because most malware is a zero day exploit. Antivirus can't stop users from themselves, either. All antivirus utilities have to hook themselves into the OS at a very low level and the virus can actually use that as a door to more exploits. So at the end of the day, an antivirus really is only of limited benefit.
2018 brought about the news that every processor built in the last ten years have a flaw in them that could give hackers access to sensitive data. Initially believed to affect just Intel processors, the latest is that this affects every single processor made, regardless of platform.
The flaws utilizes a technique called "processor speculation," which enables the processor to speculate what the user will do next in order to accelerate performance. But the feature also gives hackers access to sensitive L2 cache data like passwords. It's especially true for networks.
The latest exploit "Spectre" affects every single chip made in the last ten years. At first, security researchers thought that the exploit only affected Intel processors, but it turns out this hack also effects ARM, AMD, and any other processor that uses speculative prediction. The white hat hackers who found the flaw discovered that you can use it to access valuable data including passwords and other information. Leo says that Microsoft has already pushed out a fix, and Apple's High Sierra has patched the vulnerability with a recent fix. Apple has also patched the iPhone and iPad.
According to a recent study funded by Google, 15% of users have reported that their email or social media account was taken over due to phishing scams. Leo says that over 25 million users were bit by an email phishing scam, while about 35,000 were victim to keystroke loggers. Leo says that this is the season for scams and that users may get emails from the "IRS" or even phone calls demanding personal information. It's always a scam and users shouldn't fall for it.