Cyber Security Today: Laptop encryption advice, insecure mobile apps and guilty pleas

Advice on protecting encrypted laptops, insecure mobile apps found and guilty pleas from a hacker

Welcome to Cyber Security Today. It’s Friday September 14th. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Encrypting your laptop’s hard drive is a good decision to protect the device against theft, particularly if you have to leave the laptop for a few minutes. Some versions of Windows come with encryption software called Bitlocker, while Mac laptops have FileVault. There are third party software solutions as well. But security researchers at F-Secure say depending on what you do if you leave your laptop unattended, Windows and Mac laptops are still vulnerable because data may not be flushed out of memory chips. That makes encrypted devices vulnerable to what is called a cold boot attack. So your first protection is never let your laptop out of your sight. If you do have to leave it, don’t put the laptop into sleep mode. Either shut it down or put it into hibernate mode. If you use Bitlocker, turn on the feature requiring you to enter a Bitlocker PIN number when you power up or restore your computer. Apple also recommends users set a firmware password in addition to a regular login password.

This week Microsoft released its monthly Patch Tuesday fixes. If you haven’t got security updates automatically turned on, now’s the time to manually get those patches. One reason is Microsoft has fixed a bug in the Edge browser that allows web site addresses to be spoofed, sending you to a phony Web page. The same vulnerability exists for Apple’s Safari browser. However, it apparently won’t be patched until iOS 12 is released. The bug doesn’t affect the Chrome or Firefox browsers.

There’s more evidence mobile software developers aren’t doing a good enough job in making their applications secure. A scan by the American Consumer Institute Center for Citizen Research of 330 of the top apps in the Google Play store found 32 per cent of them had vulnerabilities, some of them serious. Among the ones that had problems were apps from Trip Advisor, Wells Fargo and the Bank of America. Many apps are regularly updated, so when the center re-tested the apps several weeks later, many had been patched. Still, some hadn’t including Vivid Seats, used to buy and sell event tickets. The lesson is clear: In the rush to get mobile apps out the door many companies are sloppy.

Finally, in the legal world, Peter Yuryevich Levashov, a 38-year-old Russian citizen accused of operating the Kelihos botnet, pleaded guilty Wednesday in the U.S. to computer crime, fraud, conspiracy and identity theft charges. Earlier this year he was arrested in Spain and extradited to the U.S. According to Security Week, his sentencing has been scheduled for a year from now, and he will remain in custody until then. It’s uncommon for sentencing to be put off that long. Maybe it’s a sign Levashov is working with police to dismantle other cybercrime operations.

And a Romanian court ruled that hacker Marcel Lazar Lehel, known as Guccifer will be extradited to the U.S. to serve a four-year and four-month jail sentence after he finishes his seven-year sentence in Romania. He broke into 100 email accounts, including those of former Secretary of State Colin Powell and at least one member of the Bush family. He pleaded guilty in 2016.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast