11184349836_ea2bfb1da8_b

10 ways to keep your credit card and memories safe during the holidays

Every year Cyber Monday sets new sales records. The Monday after the U.S.'s biggest brick-and-mortar shopping day a year opens the online shopping season with a flood of sales and deals that are often better than what you'll find in person, without the crowds. But whether you're shopping for presents or not during the next month, advertisers and online criminals will assume you are. And if they aren't targeting your wallet, they may be after the private photos and videos we all keep on the hard drives of our computers or devices. Right now, you can get our F-Secure SAFE protection on 5 PCs or devices with 200 GB of free secure cloud storage. Until December 6, we're giving away one free license for SAFE on 5 devices along with 200 GB of storage and a SAFE hoodie for free each day on our Facebook page. Read the the rules and enter now. And while you're shopping on any device, stay skeptical. Stay focused. And keep up the same online shopping and storage hygiene you should be practicing all year long: 1. Make sure your system, browser and security software are patched and protected. If it's software, it requires updates. As developers have become better at reminding you to update your software, there's become more to update. So keep up with your operating system updates and make sure you're running updated security software. 2. Do all your shopping in in one browser. No Java. Our Security Advisor Sean Sullivan advises that you do all of your financial transactions in one browser that you only use for shopping and banking. “Too many tabs open, too many things going on – that’s when you’re most prone to click on a malicious link or download something you shouldn’t have," he said. So use Chrome for surfing and Firefox for the serious stuff. Whichever browser you use for your transactions, you should disable Java in it -- and all your browsers if possible. If a certain website you need to use requires Java, enable it in just one browser that you use only for that site. 3. Stick to stores/sites you trust. Bad grammar and poor design have been the warning signs of malicious sites and emails for years. But criminals are always upping their game. Your best bet is to avoid untrustworthy sites in general, just as you likely avoid unprofessional looking stores and people who randomly try to sell you stereo equipment from their van. Avoid shopping via Google. Go directly to sites you trust and search there. 4. Only shop over a secure connection -- VPN and https. If you're shopping via Wi-Fi, make sure you're on a network you trust or secure yourself with a virtual private network like F-Secure Freedome. This will encrypt your data to protect your passwords and other private data. Freedome also protects you from scams and trackers, which may use your data to sell you things that do not fit your budget. To make sure your data is secure as it's being transmitted, don't enter your private data unless you see you're on a secured connection where the url starts with "https". If you're not seeing that, move on to the next store. 5. Use one credit card for all your online shopping -- or use credit card alternatives. Limit your damages. If your data is captured by a crook, chances are your credit card company will catch any irregularities. However, you still may be left without a card during the holiday season. Using only one card for online purchases also makes it simpler to keep focused on how much you're spending. For extra security, Sean recommends that you see if your bank offers virtual credit card numbers that can only be used once. 6. Check your statements. You do this? Right? If you don't check your statements to make sure all the charges are yours, who will? 7. Do not reuse passwords. It's like putting the same lock on your house, car, boat and safe. Your passwords for your crucial accounts are sacred and need to be unique and strong. This isn't easy, which is why we recommend a password manager. You can use our F-Secure KEY on one device for free. 8. Have a secret email account for online shopping. Sites like Amazon allowing you to use your email for a login, which is convenient. It also means anyone who knows your email, knows your login and is halfway to cracking your account. A simple solution is to use a special email account that you with with no one that you use as login for financial accounts. 9. Back up everything. What's on our devices and PCs is worth more than the hardware themselves because they represent the thing we can never get back -- time. During the holiday season, your phone is filled with memories of celebrations and gatherings that will only happen in that exact way once. So make sure all your devices are backed up, all the time. 10. Use a cloud service you can trust. As you know from the series of nude photos of celebrities released this year, the security of your cloud storage matters. The more people you have trying to hack you, the more your content is at risk. Using a service -- like our younited -- that offers two-factor authentication and is designed to protect your privacy. Happy holidays, Sandra [Photo by Mike McCune via Flickr]

Nov 25, 2014
network

What is a supercookie and why is it more important than you think?

Many techie terms in the headlines lately. Supercookies, supertrackers, HTTP headers and X-UIDH. If you just skim the news you will learn that this is some kind of new threat against our privacy. But what is it really? Let’s dig a bit deeper. We will discover that this is an issue of surprisingly big importance. Cookies are already familiar to most of us. These are small pieces of information that a web server can ask our browser to store. They are very useful for identifying users and managing sessions. They are designed with security and privacy in mind, and users can control how these cookies are used. In short, they are essential, they can be a privacy problem but we have tools to manage that threat. What’s said above is good for us ordinary folks, but not so good for advertisers. Users get more and more privacy-aware and execute their ability to opt out from too excessive tracking. The mobile device revolution has also changed the game. More and more of our Internet access is done through apps instead of the browser. This is like using a separate “browser” for all the services we use, and this makes it a lot harder to get an overall picture of our surfing habits. And that’s exactly what advertisers want, advertising is like a lottery with bad odds unless they know who’s watching the ad. A new generation of supercookies (* were developed to fight this trend. It is a piece of information that is inserted in your web traffic by your broadband provider. Its purpose is to identify the user from whom the traffic comes. And to generate revenue for the broadband provider by selling information about who you really are to the advertisers. These supercookies are typically used on mobile broadband connections where the subscription is personal, meaning that all traffic on it comes from a single person. So why are supercookies bad? They are inserted in the traffic without your consent and you have no way to opt out. They are not visible at all on your device so there is no way to control them by using browser settings or special tools. They are designed to support advertisers and generate revenue for the mobile broadband provider. Your need for privacy has not been a design goal. They are not domain-specific like ordinary cookies. They are broadcasted to any site you communicate with. They were designed to remain secret. They are hidden in an obscure part of the header information that very few web administrators need to touch. There are two ways to pay for Internet services, with money or by letting someone profile you for marketing purposes. This system combines both. You are utilized for marketing profit by someone you pay money to. But what can and should I do as an ordinary user? Despite the name, this kind of supercookies are technically totally different from ordinary cookies. The privacy challenges related with ordinary cookies are still there and need to be managed. Supercookies have not replaced them. Whatever you do to manage ordinary cookies, keep doing it. Supercookies are only used by some mobile broadband providers. Verizon and AT&T have been most in the headlines, but at least AT&T seems to be ramping down as a result of the bad press. Some other operators are affected as well. If you use a device with a mobile broadband connection, you can test if your provider inserts them. Go to this page while connected over the device’s own data connection, not WiFi. Check what comes after “Broadcast UID:”. This field should be empty. If not, then your broadband provider uses supercookies. Changing provider is one way to get rid of them. Another way is to use a VPN-service. This will encapsulate all your traffic in an encrypted connection, which is impossible to tamper with. We happen to have a great offering for you, F-secure Freedome. Needless to say, using Freedome on your mobile device is a good idea even if you are not affected by these supercookies. Check the site for more details. Last but not least. Even if you’re unaffected, as most of you probably are, this is a great reminder of how important net neutrality is. It means that any carrier that deliver your network traffic should do that only, and not manipulate it for their own profit. This kind of tampering is one evil trick, throttling to extort money from other businesses is another. We take neutrality and equal handling for granted on many other common resources in our society. The road network, the postal service, delivery of electricity, etc. Internet is already a backbone in society and will grow even more important in the future. Maintaining neutrality and fair rules in this network is of paramount importance for our future society.   Safe surfing, Micke   PS. The bad press has already made AT&T drop the supercookies, which is great. All others involved mobile broadband providers may have done the same by the time you are reading this. But this is still an excellent example of why net neutrality is important and need to be guaranteed by legislation.     (* This article uses the simplified term supercookie for the X-UIDH -based tracker values used by Verizon, AT&T and others in November 2014. Supercookie may in other contexts refer to other types of cookie-like objects. The common factor is that a supercookie is more persistent and harder to get rid of than an ordinary cookie.   Image by Jer Thorp  

Nov 18, 2014
BY 

Latest Posts

11184349836_ea2bfb1da8_b

Every year Cyber Monday sets new sales records. The Monday after the U.S.'s biggest brick-and-mortar shopping day a year opens the online shopping season with a flood of sales and deals that are often better than what you'll find in person, without the crowds. But whether you're shopping for presents or not during the next month, advertisers and online criminals will assume you are. And if they aren't targeting your wallet, they may be after the private photos and videos we all keep on the hard drives of our computers or devices. Right now, you can get our F-Secure SAFE protection on 5 PCs or devices with 200 GB of free secure cloud storage. Until December 6, we're giving away one free license for SAFE on 5 devices along with 200 GB of storage and a SAFE hoodie for free each day on our Facebook page. Read the the rules and enter now. And while you're shopping on any device, stay skeptical. Stay focused. And keep up the same online shopping and storage hygiene you should be practicing all year long: 1. Make sure your system, browser and security software are patched and protected. If it's software, it requires updates. As developers have become better at reminding you to update your software, there's become more to update. So keep up with your operating system updates and make sure you're running updated security software. 2. Do all your shopping in in one browser. No Java. Our Security Advisor Sean Sullivan advises that you do all of your financial transactions in one browser that you only use for shopping and banking. “Too many tabs open, too many things going on – that’s when you’re most prone to click on a malicious link or download something you shouldn’t have," he said. So use Chrome for surfing and Firefox for the serious stuff. Whichever browser you use for your transactions, you should disable Java in it -- and all your browsers if possible. If a certain website you need to use requires Java, enable it in just one browser that you use only for that site. 3. Stick to stores/sites you trust. Bad grammar and poor design have been the warning signs of malicious sites and emails for years. But criminals are always upping their game. Your best bet is to avoid untrustworthy sites in general, just as you likely avoid unprofessional looking stores and people who randomly try to sell you stereo equipment from their van. Avoid shopping via Google. Go directly to sites you trust and search there. 4. Only shop over a secure connection -- VPN and https. If you're shopping via Wi-Fi, make sure you're on a network you trust or secure yourself with a virtual private network like F-Secure Freedome. This will encrypt your data to protect your passwords and other private data. Freedome also protects you from scams and trackers, which may use your data to sell you things that do not fit your budget. To make sure your data is secure as it's being transmitted, don't enter your private data unless you see you're on a secured connection where the url starts with "https". If you're not seeing that, move on to the next store. 5. Use one credit card for all your online shopping -- or use credit card alternatives. Limit your damages. If your data is captured by a crook, chances are your credit card company will catch any irregularities. However, you still may be left without a card during the holiday season. Using only one card for online purchases also makes it simpler to keep focused on how much you're spending. For extra security, Sean recommends that you see if your bank offers virtual credit card numbers that can only be used once. 6. Check your statements. You do this? Right? If you don't check your statements to make sure all the charges are yours, who will? 7. Do not reuse passwords. It's like putting the same lock on your house, car, boat and safe. Your passwords for your crucial accounts are sacred and need to be unique and strong. This isn't easy, which is why we recommend a password manager. You can use our F-Secure KEY on one device for free. 8. Have a secret email account for online shopping. Sites like Amazon allowing you to use your email for a login, which is convenient. It also means anyone who knows your email, knows your login and is halfway to cracking your account. A simple solution is to use a special email account that you with with no one that you use as login for financial accounts. 9. Back up everything. What's on our devices and PCs is worth more than the hardware themselves because they represent the thing we can never get back -- time. During the holiday season, your phone is filled with memories of celebrations and gatherings that will only happen in that exact way once. So make sure all your devices are backed up, all the time. 10. Use a cloud service you can trust. As you know from the series of nude photos of celebrities released this year, the security of your cloud storage matters. The more people you have trying to hack you, the more your content is at risk. Using a service -- like our younited -- that offers two-factor authentication and is designed to protect your privacy. Happy holidays, Sandra [Photo by Mike McCune via Flickr]

Nov 25, 2014
network

Many techie terms in the headlines lately. Supercookies, supertrackers, HTTP headers and X-UIDH. If you just skim the news you will learn that this is some kind of new threat against our privacy. But what is it really? Let’s dig a bit deeper. We will discover that this is an issue of surprisingly big importance. Cookies are already familiar to most of us. These are small pieces of information that a web server can ask our browser to store. They are very useful for identifying users and managing sessions. They are designed with security and privacy in mind, and users can control how these cookies are used. In short, they are essential, they can be a privacy problem but we have tools to manage that threat. What’s said above is good for us ordinary folks, but not so good for advertisers. Users get more and more privacy-aware and execute their ability to opt out from too excessive tracking. The mobile device revolution has also changed the game. More and more of our Internet access is done through apps instead of the browser. This is like using a separate “browser” for all the services we use, and this makes it a lot harder to get an overall picture of our surfing habits. And that’s exactly what advertisers want, advertising is like a lottery with bad odds unless they know who’s watching the ad. A new generation of supercookies (* were developed to fight this trend. It is a piece of information that is inserted in your web traffic by your broadband provider. Its purpose is to identify the user from whom the traffic comes. And to generate revenue for the broadband provider by selling information about who you really are to the advertisers. These supercookies are typically used on mobile broadband connections where the subscription is personal, meaning that all traffic on it comes from a single person. So why are supercookies bad? They are inserted in the traffic without your consent and you have no way to opt out. They are not visible at all on your device so there is no way to control them by using browser settings or special tools. They are designed to support advertisers and generate revenue for the mobile broadband provider. Your need for privacy has not been a design goal. They are not domain-specific like ordinary cookies. They are broadcasted to any site you communicate with. They were designed to remain secret. They are hidden in an obscure part of the header information that very few web administrators need to touch. There are two ways to pay for Internet services, with money or by letting someone profile you for marketing purposes. This system combines both. You are utilized for marketing profit by someone you pay money to. But what can and should I do as an ordinary user? Despite the name, this kind of supercookies are technically totally different from ordinary cookies. The privacy challenges related with ordinary cookies are still there and need to be managed. Supercookies have not replaced them. Whatever you do to manage ordinary cookies, keep doing it. Supercookies are only used by some mobile broadband providers. Verizon and AT&T have been most in the headlines, but at least AT&T seems to be ramping down as a result of the bad press. Some other operators are affected as well. If you use a device with a mobile broadband connection, you can test if your provider inserts them. Go to this page while connected over the device’s own data connection, not WiFi. Check what comes after “Broadcast UID:”. This field should be empty. If not, then your broadband provider uses supercookies. Changing provider is one way to get rid of them. Another way is to use a VPN-service. This will encapsulate all your traffic in an encrypted connection, which is impossible to tamper with. We happen to have a great offering for you, F-secure Freedome. Needless to say, using Freedome on your mobile device is a good idea even if you are not affected by these supercookies. Check the site for more details. Last but not least. Even if you’re unaffected, as most of you probably are, this is a great reminder of how important net neutrality is. It means that any carrier that deliver your network traffic should do that only, and not manipulate it for their own profit. This kind of tampering is one evil trick, throttling to extort money from other businesses is another. We take neutrality and equal handling for granted on many other common resources in our society. The road network, the postal service, delivery of electricity, etc. Internet is already a backbone in society and will grow even more important in the future. Maintaining neutrality and fair rules in this network is of paramount importance for our future society.   Safe surfing, Micke   PS. The bad press has already made AT&T drop the supercookies, which is great. All others involved mobile broadband providers may have done the same by the time you are reading this. But this is still an excellent example of why net neutrality is important and need to be guaranteed by legislation.     (* This article uses the simplified term supercookie for the X-UIDH -based tracker values used by Verizon, AT&T and others in November 2014. Supercookie may in other contexts refer to other types of cookie-like objects. The common factor is that a supercookie is more persistent and harder to get rid of than an ordinary cookie.   Image by Jer Thorp  

Nov 18, 2014
IMG_3395

It's like a press conference anyone can join from anywhere. And even if you don't have a question, you can upvote the ones you don't like and downvote the ones you do. President Obama did one. Snoop Dogg/Snoop Lion did one. An astronaut did one from outer space. And our Mikko Hypponen will sit down for his second Reddit AMA on December 2 at 9 AM ET. If you have something you've wanted to ask him about online security, great. If not, here are five resources that document some of Mikko's more than two decades in the security industry to prod you or prepare you. 1. Check out this 2004 profile of his work from Vanity Fair. 2. Watch his 3 talks that have been featured on TED.com. [protected-iframe id="7579bbf790267cc081ac7d92d951262c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="fdf818f4afa2f7dcb179c5516c44918c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="54be2fe9bce28ae991becbe3d4291e56-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] 3. Check out his first AMA, which took place just after his first talk at TEDglobal was published. 4. Take a trip to Pakistan with Mikko to meet the creators of the first PC virus. [protected-iframe id="8c0605f62076aa901ed165dbd3f4fcd7-10874323-9129869" info="//www.youtube-nocookie.com/v/lnedOWfPKT0?version=3&hl=en_US&rel=0" width="640" height="360"] 5. To get a sense of what he's been thinking about recently, watch his most recent talk at Black Hat "Governments as Malware Creators". [protected-iframe id="54b24406f022e81b15ad6dadf2adfc93-10874323-9129869" info="//www.youtube-nocookie.com/v/txknsq5Z5-8?hl=en_US&version=3&rel=0" width="640" height="360"] BONUS: Make sure you follow him on Twitter to get a constant stream of insight about online security, privacy and classic arcade games. Cheers, Sandra

Nov 14, 2014
Facebook_Headquarters_Entrance_Sign_Menlo_Park

Social media is here to stay and it definitively changes our way to communicate. One new trend is the ability to communicate instantly without writing or saying anything. Good examples are Facebook’s Like-button and the indicators for what you are doing or feeling. Facebook’s Like-button is no doubt the most popular and important feature in this category. You really can’t be a Facebook user without getting in touch with it. But the big question is what you really mean by clicking Like? It sounds simple, but may be more complex than you think. You do not only express support for the post you like, it is also a social gesture towards the poster. You show that you have read the post and want to stay in touch. Another interesting question is how to deal with good posts about bad things. We see them almost daily. Someone is writing an excellent post about something that is very wrong. You really dislike the topic of the post even if you think it’s good that someone brings it up. You agree about something you dislike. Should you click Like? Does a like target the post or the topic of a post? There’s no generic rule for this and we all act differently. More activity, likes and comments, boost a post and makes it more visible. So it would make sense to like the post as we want to spread awareness about the problem. But it still feels wrong to like something that makes you feel sick. So that’s the poll question for today. How do you act when you see a good post about something bad? Do you click Like? [polldaddy poll=8445608]   Safe surfing, Micke  

Nov 13, 2014
F-Secure employee wins Inventor of the Year

We wouldn't be F-Secure without the talented and passionate researchers in our Labs. And today we'd like you to meet one whose inquisitive nature has driven him to become an inventor - and a prolific one at that. In his 14-year career with F-Secure, Jarno Niemelä has racked up an impressive 20 patents to his name and has filed 100 patent applications in total. His achievements recently won the title of "Salaried Inventor of 2014" from a group of Finnish inventors' organizations. I sat down to chat with Jarno about where he gets his ideas, and his advice for others. What area do your inventions focus on? I mostly focus on methods to help detect malware on a system, or methods of preventing malware from entering the system in the first place. How do your ideas come about? Inventions mostly happen in the evening when I'm not at work, and not even trying to think about it. I'll be working on some problem at work, and usually a day or two later, when I'm doing something totally unrelated on my own time, it hits me. I understand the problem and come up with a solution. The gym is a really good place for inventions. What motivates you to keep on inventing new solutions?   Inventions just happen, pretty much. Whenever I'm able to define a problem, I'm usually always able to come up with a solution. I am lucky to be researching in areas with problems that others have not yet solved. I'll be honest, I don't really like patents that much personally. The fact is though, that companies without patents would pretty much be at the mercy of the competitors. So in my view, patents are basically company self defense. Patents keep things in balance. Were you curious about things growing up? I've always kind of been inventive. You cannot learn to become an inventor, it's either something that's in your nature or it's not. And then you need to hone the talent and learn how to work within the patent framework. Another thing that is very important is good basic education and knowledge about the field. I owe a lot to Metropolia University of Applied Sciences where I studied for my engineering degree. Do you have any advice for people who have this inventive nature and are interested in filing patents? It all starts from defining and understanding the problem. Without a thorough understanding of the problem, you can't come up with a solution. Also, when it comes to patents, it's important to know what has previously been done in your area, and be clear in exactly how your invention is different from those. Otherwise your patent can be easily rejected by the patent examiner. And finally, patents are a long process so you need patience. It can take three to five years to get a patent approved. So this is not for hasty people. What is that rock you're holding? It's my trophy, a piece of Finnish bedrock! Inventors are the bedrock of new products. Do you have any certain goals for your inventions? Before I retire I would like to have at least 50 patents to my name. - Well, he's off to a great start. Congratulations, Jarno! Follow Jarno on Twitter  

Nov 12, 2014
Free public wi-fi Coffee Shop

The EFF has put together a handy guide on choosing the right VPN -- virtual private network -- that explains in simple terms why you'd want to use this type of software.   "It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network—benefiting from the functionality, security, and management policies of the private network," the guide explains. It goes on to clarify the three reasons people typically encrypt their data. Most people already using a VPN do so for the two reasons: They connect to a corporate network remotely or are attempting avoid Internet censorship in countries like China and Iran. But even if you're not using a VPN for business or digital freedom, there is a simple reason why you'd want to use a VPN. "You can also use a commercial VPN to encrypt your data as it travels over a public network, such as the Wi-Fi in an Internet café or a hotel," the EFF writes. I put together this flow chart that explains whether you're a candidate for this third reason to use a VPN: “A good number of open wi-fi providers take the time to tell you in their T&C that there are inherent risks with wireless communications and suggest using a VPN,” F-Secure Security Advisor Sean Sullivan said after we conducted a public Wi-Fi experiment. “So if you don’t take it from me, take it from them.” And even if you aren't on a public network, you may want a VPN to protect you from ubiquitous tracking elements like a perma-cookie. You can try our super simple Freedome VPN solution -- which also includes tracking protection and the ability to set up virtual locations -- free. [Image via Trevor Cummings | Flickr]

Nov 10, 2014