Can My Mobile Provider Track What I Do Online?

//
Can your mobile data service provider keep track of your online browsing history and activities?

Yes.

Whether or not they do is a different and perhaps even more important question. Exactly how much they might track is also at play.

Naturally, the next question is what to do about it.

Read moreCan My Mobile Provider Track What I Do Online?

Recovering an Existing Online Account Password

//
How can I find out my current Gmail password?

Your current password?

You may not be able to.

You may be able to use the account-recovery techniques offered by Google and Gmail to set a new password, but Google will not tell you your current password.

If you’re very lucky, however, you may be able to discover it somewhere else: your browser’s saved passwords.

Read moreRecovering an Existing Online Account Password

Is an Up-to-Date Browser Secure on an Out-of-Date OS?

As support comes to an end for Windows 7, many people are concerned about the security ramifications of continuing to browse the internet with it.

As Windows XP users discovered, many browsers continued to support XP long after its end-of-support date.

Were they secure?

To answer that, we need to dispel a common myth.

Read moreIs an Up-to-Date Browser Secure on an Out-of-Date OS?

How Is it Possible to Change a Password Without Re-encrypting an Encrypted Disk?

//
How is it possible that you can change your Windows password without re-encrypting a hard disk that was encrypted using that password?

I’ll assume you mean BitLocker whole-disk encryption, but the concept applies to many different encryption tools. You can often change the password (or passphrase) without needing to re-encrypt whatever it is you’ve encrypted.

The secret is simply this: your password wasn’t used to encrypt the disk.

Something else was.

Read moreHow Is it Possible to Change a Password Without Re-encrypting an Encrypted Disk?

How Do I Remove Malware?

One question that shows up almost every day in the Ask Leo! inbox is how to remove malware.

Every day.

The scenarios differ, but the problem is the same: a machine has been infected with spyware, a virus, or some other form of malware, and that machine’s owner is having a tough time getting rid of it.

And often there is anti-malware software installed that “should” have taken care of it before it got to this stage.

Hopefully, that’ll never be you. If it is, let’s review the steps I recommend for removing malware and reducing the chances it’ll happen again.

Read moreHow Do I Remove Malware?

How Can I Tell If a Download is Safe?

//
Someone’s pointing me to a downloadable program as solution for a problem I’m having. I’m really hesitant to download and run unknown EXE files. Is there any way I can scan it with some program or otherwise ascertain if it’s clean or riddled with subtle spyware, viruses, or what ever else could be bad?

I was somewhat taken aback by this question. It’s a perfectly good question — it’s one that more people should be asking more often.

No, my reaction was due to the lack of a good answer.

It turns out that it’s fairly difficult to ascertain whether or not something you’ve downloaded is about to play havoc with your system, particularly before you download it.

But it’s getting better.

Read moreHow Can I Tell If a Download is Safe?

The State of Passwords in 2019

Passwords have been in the news a lot lately, mostly due to various breaches at an assortment of online service providers.

I want to briefly touch on four topics:

  • Best practices: what makes a good password
  • Storage strategies: how to securely keep track of it all
  • Two-factor authentication: protection against breaches
  • The possible death of the password as an security identifier

Read moreThe State of Passwords in 2019

Can Everything I Do Online Be Monitored at My Router?

//
A few days ago around the dinner table, my family was talking about how police can monitor everything you do on the web and track you. Because he is registered as the owner of the router, my father says that he can view everything I do as it passes through the router. Is this true? And if so, how can I bypass this?

Yes, it’s true.

But before you focus on it too much, there are two things to keep in mind:

  • First, it’s not really easy for the average consumer.
  • Second, there are easier alternatives to monitoring than your router.

Let me explain what I mean and what you can do to protect yourself — if, indeed, you can protect yourself at all.

Read moreCan Everything I Do Online Be Monitored at My Router?

Is Changing My Password Enough?

I regularly hear from people who’ve had their email or other online account compromised, are able to recover access to it, and change their password, only to have the account stolen again almost immediately.

The problem is simple, but the solution is a bit of work.

First, you have to realize that while someone else has access to your account, they have access to everything related to that account.

As a result, changing your password just isn’t enough. You need to do more.

Read moreIs Changing My Password Enough?

Footnotes & references

1: I think this is probably the biggest reason secret questions are being used less often of late.

How Do I Get Rid of Ask.com?

//
How can I get rid of Ask.com? It’s taken over my computer and has muscled out my two browsers: Firefox and Explorer. Now everything I do has to go through Ask.com. Thanks for your help.

While it might seem that it’s taken over your computer, it’s more than likely it’s taken over something much simpler: your browser.

Read moreHow Do I Get Rid of Ask.com?

What Security Software Do You Recommend?

//
What security software should I use? What anti-virus is the best? How about a firewall? And what about spyware? Should I use one of the all-in-one packages that claim to do everything? Is there anything else I need?

As you might imagine, I get questions like this all the time.

Here’s a short summary of my current recommendations.

Read moreWhat Security Software Do You Recommend?

Do I Need a New Email Address if Mine’s Involved in a Breach?

//

My email address was in one of breaches we keep hearing about. Is that address still safe to use? Should I get a new email address?

There’s no need to get a new address just because your email account was part of a breach — as long as you can still log in to your account.

There are steps you should take, but that’s not one of them.

If you can’t log in to your email account any more, though, you may have no other choice.

Read moreDo I Need a New Email Address if Mine’s Involved in a Breach?

Password Checkup: A Recommended Chrome Browser Extension

Keeping track of passwords is hard enough (though a good password vault helps a lot). But now, it seems, we need to start keeping track of all the various and sundry breaches that have occurred, possibly without knowing whether we’re directly impacted.

Services like Have I Been Pwned? are a great start, particularly with its Pwned Passwords service, which lets you know if your account, or a password you use, is discovered in a breach. You can get notifications when your email address is discovered in a breach, but when it comes to passwords, it’s still a manual process.

That’s where Password Checkup comes in.

Read morePassword Checkup: A Recommended Chrome Browser Extension

Footnotes & references

2: And, yes, I did change my password for ring.com. Smile

3: It is, indeed, an implication, but one that is simple and makes sense as a completely secure approach to doing this.

Why ANY Two-Factor Is Better than No Two-Factor at All

This is an update to an article that originally discussed only SMS two-factor authentication. Since then, two things have happened:

  • An exploit kit was published allowing a phishing attack to hijack a two-factor secured login.
  • Various media declared, “Two-factor has been hacked!”

Unfortunately, these have led some to believe that two-factor authentication is pointless. To quote a reader:  “This makes 2SV quite useless in many cases.”

No. Just … no. That’s a seriously mistaken conclusion.

I’m re-visiting this topic yet again because I want to be very clear: two-factor authentication is not useless. In fact, two-factor authentication — SMS-based or otherwise — is significantly more secure than not using two-factor authentication at all.

Read moreWhy ANY Two-Factor Is Better than No Two-Factor at All

How Can I Tell If My Computer Is Being Hacked?

//
How can I tell if my computer is being hacked?

You can’t.

There are some clues to look for, and I’ll review a few of those, but ultimately, there’s no way for the average computer user to know with any certainty that a hacker is not in the process of weaseling in or that they haven’t done so already.

Perhaps now you’ll understand why I talk so much about prevention.

And I’ll talk about it some more.

Read moreHow Can I Tell If My Computer Is Being Hacked?

Two-factor Might Be Hackable? USE IT ANYWAY!

It hasn’t been that long since I wrote about SMS two-factor being hackable, and why you should use it anyway.

It’s an important enough topic that when I saw another article discussing a potential two-factor exploit — ‘You can’t relax’: Here’s why 2-factor authentication may be hackable — I just have to jump in to reinforce my message.

Use two-factor authentication anyway.

I’ll explain why it’s important, even if two-factor is technically hackable.

Read moreTwo-factor Might Be Hackable? USE IT ANYWAY!

How Do I Get Rid Of “overseer.exe”?

Overseer.exe is apparently installed sometimes by Avast Free Anti-virus (and possibly other packages). The problem, as I discovered myself, is that uninstalling Avast did not remove overseer.exe.

That takes some extra steps.

Read moreHow Do I Get Rid Of “overseer.exe”?

Footnotes & references

4: Yep, it happens to me too.

What Should I Do About the Latest Breach?

As I write this, there’s been a breach (referred to as the “Collection #1 breach“) that apparently contains something like three-quarters of a billion email addresses and plain-text passwords.  It’s newsworthy because it’s huge and contains passwords for anyone to see.

It’s also quite frustrating, for reasons I’ll outline in a moment.

Naturally, the question I’m getting most is simply this: what should you and I do?

The same thing we do every breach, my friend; the same thing we do every breach.

Read moreWhat Should I Do About the Latest Breach?

Footnotes & references

5: Per the initial announcement, there are 772,904,991 email addresses, but 1,160,253,228 unique combinations of email addresses and passwords, in a total of 2,692,818,238 records.

12 Steps to Keep from Getting Your Account Hacked

//
My account has been hacked into several times. If I’m able to recover it, it just gets hacked again. Sometimes I can’t recover it, and I have to start all over with a new account. What can I do to stop this all from happening?

I don’t get this question a lot. But I really, really wish I did. What I get instead, repeatedly, is “I’ve been hacked, please recover my account/password for me!” (Which, for the record, I cannot do, no matter how often, or how nicely, or not so nicely, I’m asked.)

The only salvation is in prevention, and this applies to email, social media, and pretty much any password-protected account you might have.

What can you do to make sure your account doesn’t get hacked in the first place?

Read more12 Steps to Keep from Getting Your Account Hacked

Footnotes & references

6: I often hear from folks who are concerned that providing a phone number is really just another way to track you. I don’t buy into that conspiracy theory. Providing a phone number is all about being able to prove you are the rightful account owner should you ever lose access to the account.

Crank Your Password Strength Up to 11!

In a world where we measure things (like speaker volume) from 0 to 10, it’s time crank your password strength up to 11. Take whatever you think a strong password might be — and make it stronger.

Unfortunately, too many people still have their password strength firmly planted at zero.

Read moreCrank Your Password Strength Up to 11!

Footnotes & references

7: Which I did not have to look up — it’s that memorable.

How Do I Gain Access to My Deceased Relative’s Computer?

//
My {relative} passed away recently. I desperately need to gain access to the contents of their computer so I can recover {important financial documents}, {one-of-a-kind pictures}, {his or her last thoughts}, etc. The machine has a login password that he never shared with anyone. Can I get in? If so, how?

As you can see, this is a composite question based on a scenario I hear from time to time.

A relative or acquaintance has passed away and left behind a password-protected PC containing files that are important for any number of possible reasons.

You may be able to get in. On the other hand, particularly if your late relative was security conscious, you may not.

Read moreHow Do I Gain Access to My Deceased Relative’s Computer?

Footnotes & references

8: Yes: had the BitLocker key been saved somewhere else, the drive could potentially be accessed. There are many different things the original computer owner could have done to make this easier, but for the sake of this article, I’m assuming none of them happened.

How Do I Keep My Kids Safe from Internet Garbage?

If you’ve been on the internet for any length of time, you probably feel like its main purpose is to distribute pornography, drug ads, and questionable financial solicitations. If you’ve got kids, you’re probably also worried about pedophiles, cyber-stalkers, bullies, and other nefarious net inhabitants.

While things aren’t nearly as bad as the press might make it out to be, it is bad enough.

What’s a responsible parent to do?

Read moreHow Do I Keep My Kids Safe from Internet Garbage?

Footnotes & references

9: Seriously. Over the years I’ve been taken to task for using “OMG”, as well as saying something “sucked”, because those terms were respectively considered blasphemous and pornographic in origin — at least to the complainers.

10: Many libraries choose not to filter internet access, and others are
prevented from doing so.

How Can an Employer Recover Information I’ve Erased?

//
I just saw this article where a company did a forensic investigation of one of their employee’s computers. How do they find searches and network activity if one clears their cookies and uses CCleaner?

There’s so much more to your computer, as well as your activity history, than just cookies and whatever tools like CCleaner can clean.

So much more.

I’ll review a few of the more obvious ways employers can recover or collect information about your activity. Realize, though, it’s not with the intent that you be able to hide what you’re doing, but to illustrate the futility of even trying.

Read moreHow Can an Employer Recover Information I’ve Erased?

Footnotes & references

11: Sadly, there are no absolutes. For example, there’s a very small chance that data overwritten on magnetic material could still be recovered through extensive (and expensive) forensic analysis.

12: Remember, I’m not a lawyer, and none of this is legal advice. If you need legal advice, get an attorney.

Use BitLocker to Bypass Potential Self-Encrypting Drive Vulnerabilities

Whole-disk encryption is a form of data security that encrypts all the data on a hard disk, irrespective of what that data might be.

Encryption and decryption happen at a low level, making it transparent to normal usage. As long as you’re able to log in to your Windows machine, you’ll have access to everything on it as if it were unencrypted. Turn the machine off, and the data is inaccessible and securely encrypted until you sign in again.

Low-level encryption and decryption can happen either by the hard disk itself, as data is read from or written to the drive (hardware encryption) or by Windows (software encryption).

The problem? Some drives using hardware-based encryption have been discovered to have vulnerabilities that could allow encrypted data to be exposed.

Read moreUse BitLocker to Bypass Potential Self-Encrypting Drive Vulnerabilities

Footnotes & references

13: That being said, this too can change. Whatever whole-disk encryption solution you might use, check with its provider to ensure that the vulnerabilities don’t impact it.

What Happens When I Die?

Making technology both convenient and secure is a problem we deal with daily. We make trade-offs and use techniques that we hope strike an appropriate balance.

A more difficult dilemma that we rarely think about, however, is death. If something were to happen to you, would the people you leave behind be able to access the information they need? What happens to your encrypted data, online accounts, social media, online finances, pictures, and digital-whatever-else if for some reason you’re not around or able to access it?

I hear regularly from people frantically trying to access important, sentimental, or critical data that a recently deceased or incapacitated friend or family member has locked up tightly.

It’s not particularly pleasant to think about, but with all the security measures we put into place to keep bad people out, it’s worth having a plan for letting the good people in.

Read moreWhat Happens When I Die?

Footnotes & references

14: If, like me, you use two-factor authentication, make certain that your friend is likely to have access to your second factor, and/or provide a few of the one-time passwords that should be set up to access your account should your second factor ever be lost. Most two-factor solutions provide this ability.

How Can I Use a Password Manager for My Security Questions?

//
How do password managers handle random security questions?  I’ve never seen this mentioned in any of the articles that I have read.  Am I still going to have to maintain a readily available list of security question answers?

Not surprisingly, password managers are all about passwords. More specifically, they’re about automatically saving and entering your username and password when you need to log in. When it comes to security questions, often also referred to as “secret questions” — well, that’s just not their job.

But that doesn’t mean they can’t help.

Read moreHow Can I Use a Password Manager for My Security Questions?

Footnotes & references

15: Taken to an extreme, it’s quite possible to specify that your mother’s maiden name (or other security answer) is something like “K5rhts87w4McPVwFqK2A”.

Don’t Lose Your Phone: Here’s What Can Happen (and How to Prepare)

Mobile phones are amazing devices. They’re much more than just having your email or social media at your fingertips; they’re truly portable general-purpose computers that also happen to be able to make phone calls.

We do a lot with our phones. Because they’re always with us, they’re one of our primary means of content consumption — everything from social media to news to maps to ebooks and more — as well as our primary means of communication (though ironically, rarely by actually using the telephone) and one of our primary content-creation devices as well, in the form of photos and videos.

As tiny computers, we’ve come to rely on them to store data, act as security keys, wallets, fitness trackers, automotive trackers, and dozens of things I can’t even think of right now.

Given everything we use our phones for, to say that we shouldn’t lose them is stating the obvious. And yet lose them we do. I’m going to review some of the things you need to be aware of when (not if) you lose your phone, and some of the ways you can mitigate the damage when it happens.

Read moreDon’t Lose Your Phone: Here’s What Can Happen (and How to Prepare)

BoxCryptor: Secure Your Data in the Cloud

One of the hidden issues in online storage is privacy. Almost all online storage providers have the ability to examine your data or hand it over to law enforcement even if the provider has encrypted your data.

Hopefully, most of us will never have to deal with the law-enforcement scenario, but even the realization that a rogue employee at an online data storage provider could peek into what we keep online can cause concern. For some, it’s enough concern to avoid using cloud storage at all.

The solution is simple: encrypt the data yourself.

Unfortunately, implementing that “simple” solution isn’t always that simple or transparent, and can add a layer of complexity to online storage some find intimidating.

BoxCryptor is a nicely unobtrusive encryption solution that is free for personal use.

Read moreBoxCryptor: Secure Your Data in the Cloud

Footnotes & references

16: The over-hyped marketing term “cloud” is nothing more than a replacement for “online”. “Cloud storage” is nothing more than storage provided by online services.

17: Depending on the laws in your locality, of course.

18: And, of course, anyone you choose to share the password with.

19: Based on the original TrueCrypt project.

How Can I Send a Document to Someone Securely?

//
I recently had to send some very private identification papers over email. Now normally I wouldn’t do this and I would use snail mail instead but this was very urgent and I thought I would take a chance. As far as I know, no ill has come of it but I was wondering what ways are there to send emails securely across all platforms and also be sure that the right person on the other end gets it?

I’m occasionally faced with this same dilemma. Either for expediency or convenience, I want to email something I wouldn’t want to fall into the hands of anyone else.

While there are many approaches, there’s really only one pragmatic approach.

Read moreHow Can I Send a Document to Someone Securely?

Footnotes & references

20: PGP or mime, for the curious.

What Can a Website I Visit Tell About Me?

//
When I visit a web site that collects visitor statistics, I understand they can see my IP which will tell them my ISP, that I have a  Mac, the area where I may live, what browser I use, if I’m new to the site, or if I click information on the site. But can the site collect the following information:

  • My computer name (the name I assigned to my computer)?
  • Profile information???
  • My browsing history (any/all sites I’ve visited and when) or can they just tell the number of items in my history?
  • Email addresses associated with my computer?

I’ve reviewed similar questions but I’m not sure I truly understand what information a web server can collect from my connection/browser.

This turns into a fairly complex answer pretty quickly. It’s both more and less than you might think.

I’ll start by covering what every website sees.

Read moreWhat Can a Website I Visit Tell About Me?

Can My ISP See What I’m Doing If I Use a Virtual Machine (VM)?

//
In your article Can Everything I Do Online Be Monitored at My Router? you state that “your ISP can see everything you do”. Is that still true if I run a virtual machine to hide what I’m doing?

Yes, it’s still true: a VM doesn’t get you any additional privacy from your ISP.

I do need to clarify exactly what “everything you do” means. I’ll also revisit what you need to do to avoid ISP monitoring. Hint: a VM isn’t the solution, but might be a convenient part.

Read moreCan My ISP See What I’m Doing If I Use a Virtual Machine (VM)?

Footnotes & references

21: Performance is amazingly good. On my machine (a four-year-old 12-core Mac Pro) I’ve successfully run Windows 98, XP, Vista, 7, 8, and 10, all at the same time, for fun. While not ideal, the fact that this was even possible is pretty impressive.

In addition, askleo.com itself is a virtual machine. Virtual hosting providers use exceptionally high-end servers with multiple cores and lots of disk space and RAM to host multiple instances of various servers for various customers. That the askleo.com server is on such a virtual host is completely transparent to it: it thinks it’s on a dedicated server.

22: Even this isn’t absolute. While your ISP can’t decrypt the data, they might be able to compare characteristics of your download against known downloads of specific files. As a grossly oversimplified example, if they download a specific movie and you download the same movie, the encrypted data might look identical, so they would “know” what you’ve downloaded.

How Do I Know if My Machine is Free of Malware?

//
How do I find out or know that my computer is free of keyloggers? Would Windows Defender or MalwareBytes find them if there are any, or do you have a referenced article on the topic where I can read about it? Understand that this is the biggest security concern I have about my computer nowadays.

How do you know your computer is free of keyloggers? You don’t.

It’s not the answer most people want to hear, but it’s the true bottom line.

There are a few reasons for it, which I’ll discuss, as well as what you and I need to do in the face of this rather grim reality.

Read moreHow Do I Know if My Machine is Free of Malware?

How to Best Back Up Your Encrypted Data

I talk about encryption a lot. I talk about backing up even more.

Encryption is a critical component of keeping data safe and secure and out of the hands of those who shouldn’t see it.

Backing up, of course, is our safety net for when things go wrong. A recent backup can save you from almost anything.

Unfortunately, I’d wager that most people are backing up their encrypted data improperly. The result is that they’re not as protected by that backup as they might think they are.

Read moreHow to Best Back Up Your Encrypted Data

VeraCrypt: Free Open Source Industrial Strength Encryption

Encryption comes up frequently in many of my answers. People are concerned about privacy as well as identity and data theft, particularly on computers or portable devices where they don’t always have total physical control of the media.

The concern is that someone might gain access to sensitive data.

Encryption is the answer.

Even if your device falls into the wrong hands, proper encryption renders that access useless.

VeraCrypt makes encryption not only easy, but nearly un-crackable.

Read moreVeraCrypt: Free Open Source Industrial Strength Encryption

Footnotes & references

23: When the option “Preserve modification timestamp of file containers” is not checked in VeraCrypt’s options. This is actually a security/plausible deniability setting that, in essence, “hides” changes occurring within the container from external detection. Unfortunately, it breaks the ability to back up VeraCrypt containers or sync them to cloud storage providers reliably.

How to Tell if Your Email, Computer, or Facebook Has Been Hacked

//
How do I tell if my email, my computer, or my Facebook has been hacked?

Well, it depends.

I’ll look at several approaches, but I need to be honest: you may not always be able to tell — at least not right away.

Read moreHow to Tell if Your Email, Computer, or Facebook Has Been Hacked

How Could My Bank Account Have Been Hacked if I Have Good Security?

//

My bank account was just hacked. The hacker opened a new account, transferred money from my line of credit into that account, then transferred the money out to his outside account. So, it appears he somehow got my client card number and my password.

My laptop is about five years old, running Windows 7, which I update every week. I have BitDefender for virus scans, which I do a full system scan every week. My password was 15 characters long, with a mix of numbers and upper and lowercase letters. When I am not at home, I use a VPN service while on the internet. I have changed my bank passwords to 22 characters long and installed Malwarebytes Premium for real time virus protection.

So, I have two questions: how could a hacker possibly do this with the precautions I have? and how can I protect myself further from this point?

You do have good security in place — above average, I’d say. That makes this situation a little more difficult to diagnose, as well as a tad more frustrating.

While I certainly can’t tell you exactly what happened, I can speculate on some possibilities. I also have a few ideas on how I’d protect myself if I were in your shoes.

Read moreHow Could My Bank Account Have Been Hacked if I Have Good Security?

Footnotes & references

24: Don’t laugh. It’s happened, usually with some kind of legacy compatibility as an excuse.

25: Happens to me about once a year.

How Do I Choose a Good Password?

We frequently hear of major websites suffering data breaches that expose millions of user accounts and passwords to hackers.

This type of theft makes the concept of “good passwords” all that much more important to understand.

Read moreHow Do I Choose a Good Password?

Footnotes & references

26: How many words are there in the English language? – Oxford Dictionaries

27: Cracking time calculations are from Password Haystacks at GRC.com.

28: Technically, this is actually not true: it is possible that two inputs will generate the same hash. However, it is statistically so extremely unlikely that it is simply a non-issue. And as stated in the hashing algorithm requirements, there’s no way to know how to pick an input value that would give you a specific hash value.

29: Trust me, you do not want to dream up your own hash. You really want to leave the math involved to trained professionals. Homebrew hashes are typically cracked within seconds.

References

Password Haystacks – GRC.com has a great look at the password-length issue, including a calculator to play with.

Download Your Facebook and Google Data

There’s been a tremendous amount of discussion relating to the amount of data kept, shared, sold — and occasionally leaked — by large service providers like Facebook and Google.

Regardless of how you feel about it, it highlights something I believe is important to realize: these services collect a lot of data. We may never know just how much is being collected or with whom it is being shared.

However, both Facebook and Google allow you to download data they’ve collected relating to your account. It’s unlikely to be everything, but even so, it’s a heck of a lot. It’s worth understanding what they have.

Read moreDownload Your Facebook and Google Data

Footnotes & references

30: These instructions assume the desktop/web interface to Facebook. While these options may be available on a mobile device, the interface is clearer on a PC, and, pragmatically, you’ll need a PC to examine results.

31: Probably mostly full of Corgi pictures. 🙂

I’ve Lost All My Passwords, What Do I Do?

//
Do you have a general technique for creating new passwords for every single site that needs them? Yes, I did the unthinkable, I lost my LastPass account and have to start over. This is a reminder of the old saying, “When you have dug yourself into a deep hole, stop digging.” Unfortunately, I was stupid enough to keep digging. I hope you can spare some advice for someone who seems to get more stupid with age. There may be others on your list that have the same problem.

The technique is simple.

The problem is that the technique is time-consuming and ponderous.

Let’s review that technique, and what you can do to avoid this situation in the future.

Read moreI’ve Lost All My Passwords, What Do I Do?

Footnotes & references

32: There may be a couple of recovery techniques, but you need to set them up beforehand. Most people don’t.

How Should I Encrypt the Data on My Laptop?

//

My wife needs to encrypt patient files on her laptop.

She has been encrypting individual files, but I wonder if you recommend a program that will encrypt folders. e.g. her Documents folder?

Is there a way to encrypt a hard drive or partition?

Encrypting individual files is perhaps the least efficient way of protecting data. There’s also a serious potential for data leakage, as you must securely delete the unencrypted files after encrypting them. Most people don’t do that.

There are three basic approaches to securing data on a laptop. Which is most appropriate for you or your wife depends a little on how conscientious you are and a little on how geeky you are. Of course, all methods depend on how religious you are about backing up.

Read moreHow Should I Encrypt the Data on My Laptop?

Footnotes & references

33: A Mac, but this functionality is available for PCs in the form of BitLocker.

Is Online Banking Safe?

//
I would think that no PC would be immune from malicious threats if they landed on some corrupt site that then installed malware or key-capture software. Is there any reasonable way to continue to safely do online banking?

Sure.

Avoid getting infected.

I know, that sounds trite and flippant, and I don’t mean to be so. Ultimately, though, all the advice boils down to exactly that: do what it takes to stay safe on the internet.

I regularly bank online. In fact, I’ve done so for years without incident. I much prefer it over the alternatives.

Read moreIs Online Banking Safe?

How Do Websites Store Passwords Securely?

//
In reading your excellent article, “How Can a Hacker Try All Possible Passwords If Systems Block the Login Attempts?” I still don’t understand. Even if a hacker has stolen the user database of logins and hashes, how can they duplicate the method of hash creation used by any particular website? I would think different websites would use different hash creation formulas.

You would think.

That’s what makes it so frustrating when these attacks end up being successful.

The problem is that security is often an afterthought. In fact, it’s often not thought of in any deep sense until after a successful attack.

The good news is, there’s something simple you can do about it.

Read moreHow Do Websites Store Passwords Securely?

Footnotes & references

34: This is an over-simplification. A properly secure password storage mechanism would use a different hashing function, for a variety of reasons, as well as a unique, random number as a salt. I found a good, more detailed rundown at Salted Password Hashing – Doing it Right.

How Did I Get Advertising About the Contents of an Email?

//

A few minutes ago I scanned a page on generators from a Harbor Freight catalog and sent it to my son using Gmail. A few minutes later I got an email from Harbor Freight — in Yahoo, via Thunderbird  — with this subject line: “You Can Rely on These Predator Generators on Sale Now.”

How does this happen? How does Harbor Freight know that I’m thinking about generators? Seems like there’s something on my computer monitoring my outgoing emails and alerting sellers to send me an ad on the item.

Or is it my son’s computer that’s doing it?

Either way, it’s creepy and something I’d like to stop.

I understand it feels creepy, but many aspects of what you describe represent the “cost” of free services like Gmail and Yahoo! Mail: advertising.

There’s not enough information for me to say exactly what happened, but I’ll describe some possibilities. There’s also one aspect of it I can’t explain at all.

Read moreHow Did I Get Advertising About the Contents of an Email?

Can Video Chat Be Intercepted and Recorded?

//
Hi, Leo. I had a private video chat with my girlfriend. I’m afraid that it could be recorded by someone and released on, say, a porn site. We used personal laptops only. When I got a doubt, I scanned both systems with an anti-virus tool and they’re clean. So, there’s not really a virus, but I’m still afraid that someone will record it for monitoring and all.

It’s impossible to prove that it can’t be (or wasn’t) recorded: you can’t prove a negative. And ultimately, if this is something that really concerns you, then don’t do that!

But I don’t think there’s going to be a problem here. In practical terms, with one exception that most people don’t think about, it’s highly unlikely.

Read moreCan Video Chat Be Intercepted and Recorded?

What Is “Privilege Escalation” on a CPU?

It’s a term you hear frequently of late, usually in the context of newly-discovered vulnerabilities in operating system software: “privilege escalation”. Recently we’ve even heard it in the context of a newly-discovered hardware issue.

On the surface, the term seems fairly simple, but as we know by now, when it comes to computers, it’s rare that anything is truly simple.

In this article, I’m going to look at one type of privilege: the privilege model used by your operating system to allow software to do useful things while simultaneously restricting what it can do, so as to keep you safe.

Read moreWhat Is “Privilege Escalation” on a CPU?

Footnotes & references

35: For this discussion, drivers are best considered part of the operating system.

36: I’m using the term “user-mode” here explicitly as part of this kernel/user distinction. It’s actually unrelated to whatever user you happen to be logged as.

37: As I write this, the details haven’t been released, so it’s impossible to say how much control the user-mode code would have over choosing what it might want to peek at.

What Do I Need to Do About Spectre and Meltdown?

Two newly discovered vulnerabilities have been getting a lot of press recently. Much of it has been quite sensationalist, due to the nature of the underlying issues.

The flaws are in hardware design — specifically the CPU — and not just one CPU, but apparently a wide variety of CPUs — meaning that just about any computer or device using the most popular CPUs of the last couple of decades is probably vulnerable to the issue.

So, to answer everyone’s first question: yes, your computer or mobile device is likely affected.

The next question is, what to do about it?

Step one: don’t panic.

Read moreWhat Do I Need to Do About Spectre and Meltdown?

Can My Computer Be Hacked If It’s Turned Off?

//
In general, can a PC with no remote software be hacked if it is powered off? The power supply and the internet cable are still connected to the PC. In my discussions with others, 50% say yes, 50% say no. An internet search was also divided in response with no agreement.

It’s a very unlikely scenario that could allow a turned-off computer to be hacked. I’ll describe it and show you how to prevent it.

Read moreCan My Computer Be Hacked If It’s Turned Off?

My Ex Set Up My Computer and Is Now Spying on Me. What Can I Do?

//
I was dating a guy who installed Linux on my computer and is also the administrator on my computer. He can completely monitor my computer from his home. We are no longer dating but he is still screwing around with my computer. What can I do? He also knows my passwords.

I normally avoid these types of relationship-related tech questions, because they’re more about relationships than about technology. And I’m certainly no therapist.

However, I get this type of question often enough that I’m going to use it as an example of the technological implications when good relationships go bad.

Short answer: you’re in trouble until you take some drastic action.

Read moreMy Ex Set Up My Computer and Is Now Spying on Me. What Can I Do?

Footnotes & references

38: And probably the passwords to other accounts that he created or had access to while setting up your machine.

What Do I Do if I’m Being Harassed, Bullied, or Stalked Online?

Normally, this is where I’d quote the original question.

This topic appears in so many different guises and in so many different ways that quoting a single question would represent only a very small slice of a much larger issue.

Call it what you will, cyber-bullying, or online harassment, is a frighteningly common occurrence. Those most at risk appear to be children and individuals who’ve been in abusive domestic relationships.

The questions I get most often are:

  • Isn’t it illegal?
  • How do I find out who’s responsible?
  • How do I make them stop?
  • How can I get back at them?

I’ll tackle each one of those and a couple more.

Read moreWhat Do I Do if I’m Being Harassed, Bullied, or Stalked Online?