Charlie

I really miss Benjamin Franklin!

January 7th was a sad day. The Charlie Hebdo shooting in Paris was both an attack on free speech and fuel for more aggression against Muslims. And controversially also fuel for even more attacks against free speech. The western society’s relation to free speech is very complicated nowadays. Officially it is still valued as a fundamental right. But it is also seen as a threat, even if politicians are very keen to masquerade free speech reductions as necessary security improvements. British PM Cameron’s recent debacle is an excellent example. In his opinion, there must not be any form of communication that the authorities can’t listen in to, which would mean restrictions on encryption. Non-digital metaphors are usually a good way to explain things like this. This is as smart as banning helmets because they make it harder to recognize criminals riding motorcycles. French president Francois Hollande wanted to join the party and proposed a law making internet providers responsible for users' content in their services. The idea was to make companies like Facebook and Twitter monitor all communication and call Paris as soon as someone talks terrorism. This goes even further than Cameron as it actually would force companies to do the police’s work. But should the phone company also be held responsible if it turns out that a terrorist has been allowed to place calls? And maybe even send mail delivered by the postal service? Hollande did of course not include those as they would help people understand how crazy the idea is. Anything can be misused for criminal purposes. But trying to make providers of things responsible is just madness and hurts the whole society and economy. The important point here is naturally that freedom of speech is a much broader concept than what Charlie Hebdo utilizes. The caricatures express our freedom to communicate publicly without censorship. But there is also another dimension of free speech. Everybody has the right to choose whom they communicate with and whom a message is intended for. This is not just about secrecy and privacy, it is really about being free to exchange opinions without worrying about them being used against you later by some third party. This dimension of free speech would of course not exist in Cameron’s ideal society. So no Cameron and Hollande, you are definitively not Charlie! It’s sad that the great “Je Suis Charlie” -movement has become a symbol for both freedom of speech and hypocrisy. Didn’t you really see anything wrong in first marching in support of Charlie Hebdo in Paris, and then immediately attack freedom of speech yourself? It takes courage to be a leader and balance between security and freedom. Today we really need leaders like Benjamin Franklin, who had guts and said things like “Freedom of speech is a principal pillar of a free government; when this support is taken away, the constitution of a free society is dissolved, and tyranny is erected on its ruins.” and “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”   Safe surfing, Micke   Image by Markus Winkler @ Flickr under CC BY-SA 2.0 via Wikimedia Commons Benjamin Franklin quotes from wikiquote.org

BY 
F-Secure shares tips to protect your data on Data Privacy Day

It’s Data Privacy Day, and Companies Know More About You Than Ever

Nowadays companies know more about you than ever. But do you know what they’re doing with all your data? Today's Data Privacy Day, and at F-Secure we usually talk a lot about defending your personal data from online criminals: the likes of hackers, scammers and WiFi snoops. But today we'd like to talk a little about how your privacy can be invaded completely legally - by private businesses who collect your data, and how you can protect yourself. We give companies unprecedented access to our personal info and shopping habits. We give knowingly, such as when we fill out a website form. We also give in ways we may not be aware of, in the case of online advertisers who track our clicks around the web and gain insight into our interests and preferences. These advertisers are building up detailed, extensive profiles about us so they can target us with online ads we'll be more likely to click on. The apps we install garner even more of our information. Not to mention what we give to social networks and our email providers. The result: a mass of digital data is spread around about each of us that's super difficult to control. An Adroit Digital study found that 58% of respondents aren't comfortable with the amount of information they have to give to get special offers or services from retailers, and 82% are uncomfortable with the amount of information online advertisers have about them. And according to a survey by SAS, more than 69% of respondents agree that recent news events have increased their concerns about their data in the hands of businesses. News events like all-too-common data breaches, no doubt. But there's also a skepticism of what businesses and organizations may do with the data they are entrusted with. Last week, for example, Americans were shocked to learn that their government’s healthcare website had been quietly funneling consumers’ personal details along to advertising and analytics companies. At F-Secure, we've always been extremely conscious about the responsibility we have to respect the privacy of our customers' data and content. We recently put our core privacy principles into a structured form and shared them with the world - and Micke delved into them in a recent 3-part series. We also are passionate about helping you protect your own privacy - which is why we've created privacy-centered products like Freedome, which keeps online advertisers out of your business by blocking tracking. At the very least, we hope to inspire you to be, if not already, a little more aware of your data trail. So in celebration of Data Privacy Day, here are a few tips for helping you keep from spreading your data too far: 6 Tips for Defending Your Personal Data Check before committing. If your relationship with a business means you’ll be giving up a lot of data to them, check for a privacy policy or principles that outline how they use customer data Choose privacy. Turn on Private or Incognito mode in your web browser so that websites can’t use cookies to identify you Check your settings. Use this handy list to check your privacy settings on all the most popular sites, from ecommerce to social media and more. Provided by the folks behind Data Privacy Day. Search carefree. Use F-Secure Search, our free search engine that makes sure your search history is not stored anywhere or linked to you Get informed. Use F-Secure App Permissions, our free app that lets you know what information you’re giving up to the apps you’ve installed on your phone Keep advertisers at arms' length. Use F-Secure Freedome, our privacy app that blocks third-party online advertisers from following you around the Web. Freedome is available for a free 14-day trial here.   Happy Data Privacy Day!   Image courtesy Philippe Teuwen, flickr.com  

Jan 28, 2015
BY 

Latest Posts

Charlie

January 7th was a sad day. The Charlie Hebdo shooting in Paris was both an attack on free speech and fuel for more aggression against Muslims. And controversially also fuel for even more attacks against free speech. The western society’s relation to free speech is very complicated nowadays. Officially it is still valued as a fundamental right. But it is also seen as a threat, even if politicians are very keen to masquerade free speech reductions as necessary security improvements. British PM Cameron’s recent debacle is an excellent example. In his opinion, there must not be any form of communication that the authorities can’t listen in to, which would mean restrictions on encryption. Non-digital metaphors are usually a good way to explain things like this. This is as smart as banning helmets because they make it harder to recognize criminals riding motorcycles. French president Francois Hollande wanted to join the party and proposed a law making internet providers responsible for users' content in their services. The idea was to make companies like Facebook and Twitter monitor all communication and call Paris as soon as someone talks terrorism. This goes even further than Cameron as it actually would force companies to do the police’s work. But should the phone company also be held responsible if it turns out that a terrorist has been allowed to place calls? And maybe even send mail delivered by the postal service? Hollande did of course not include those as they would help people understand how crazy the idea is. Anything can be misused for criminal purposes. But trying to make providers of things responsible is just madness and hurts the whole society and economy. The important point here is naturally that freedom of speech is a much broader concept than what Charlie Hebdo utilizes. The caricatures express our freedom to communicate publicly without censorship. But there is also another dimension of free speech. Everybody has the right to choose whom they communicate with and whom a message is intended for. This is not just about secrecy and privacy, it is really about being free to exchange opinions without worrying about them being used against you later by some third party. This dimension of free speech would of course not exist in Cameron’s ideal society. So no Cameron and Hollande, you are definitively not Charlie! It’s sad that the great “Je Suis Charlie” -movement has become a symbol for both freedom of speech and hypocrisy. Didn’t you really see anything wrong in first marching in support of Charlie Hebdo in Paris, and then immediately attack freedom of speech yourself? It takes courage to be a leader and balance between security and freedom. Today we really need leaders like Benjamin Franklin, who had guts and said things like “Freedom of speech is a principal pillar of a free government; when this support is taken away, the constitution of a free society is dissolved, and tyranny is erected on its ruins.” and “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”   Safe surfing, Micke   Image by Markus Winkler @ Flickr under CC BY-SA 2.0 via Wikimedia Commons Benjamin Franklin quotes from wikiquote.org

Jan 29, 2015
F-Secure shares tips to protect your data on Data Privacy Day

Nowadays companies know more about you than ever. But do you know what they’re doing with all your data? Today's Data Privacy Day, and at F-Secure we usually talk a lot about defending your personal data from online criminals: the likes of hackers, scammers and WiFi snoops. But today we'd like to talk a little about how your privacy can be invaded completely legally - by private businesses who collect your data, and how you can protect yourself. We give companies unprecedented access to our personal info and shopping habits. We give knowingly, such as when we fill out a website form. We also give in ways we may not be aware of, in the case of online advertisers who track our clicks around the web and gain insight into our interests and preferences. These advertisers are building up detailed, extensive profiles about us so they can target us with online ads we'll be more likely to click on. The apps we install garner even more of our information. Not to mention what we give to social networks and our email providers. The result: a mass of digital data is spread around about each of us that's super difficult to control. An Adroit Digital study found that 58% of respondents aren't comfortable with the amount of information they have to give to get special offers or services from retailers, and 82% are uncomfortable with the amount of information online advertisers have about them. And according to a survey by SAS, more than 69% of respondents agree that recent news events have increased their concerns about their data in the hands of businesses. News events like all-too-common data breaches, no doubt. But there's also a skepticism of what businesses and organizations may do with the data they are entrusted with. Last week, for example, Americans were shocked to learn that their government’s healthcare website had been quietly funneling consumers’ personal details along to advertising and analytics companies. At F-Secure, we've always been extremely conscious about the responsibility we have to respect the privacy of our customers' data and content. We recently put our core privacy principles into a structured form and shared them with the world - and Micke delved into them in a recent 3-part series. We also are passionate about helping you protect your own privacy - which is why we've created privacy-centered products like Freedome, which keeps online advertisers out of your business by blocking tracking. At the very least, we hope to inspire you to be, if not already, a little more aware of your data trail. So in celebration of Data Privacy Day, here are a few tips for helping you keep from spreading your data too far: 6 Tips for Defending Your Personal Data Check before committing. If your relationship with a business means you’ll be giving up a lot of data to them, check for a privacy policy or principles that outline how they use customer data Choose privacy. Turn on Private or Incognito mode in your web browser so that websites can’t use cookies to identify you Check your settings. Use this handy list to check your privacy settings on all the most popular sites, from ecommerce to social media and more. Provided by the folks behind Data Privacy Day. Search carefree. Use F-Secure Search, our free search engine that makes sure your search history is not stored anywhere or linked to you Get informed. Use F-Secure App Permissions, our free app that lets you know what information you’re giving up to the apps you’ve installed on your phone Keep advertisers at arms' length. Use F-Secure Freedome, our privacy app that blocks third-party online advertisers from following you around the Web. Freedome is available for a free 14-day trial here.   Happy Data Privacy Day!   Image courtesy Philippe Teuwen, flickr.com  

Jan 28, 2015
iot

F-Secure is back from CES -- where the tech world comes together in Las Vegas to preview some of the latest innovations – some which might change our lives in the coming years, others never to be seen or heard again. Inside the over 200,000 square meter exhibit space, Drones flew, and made a fashion statement; hearing aids got smartphone apps; and 3-D printers printed chocolate. We made a stir of our own with Freedome. Our David Perry reminded the industry professionals that the mobile devices nearly all of them were carrying can do more than connect us. "I want you to stop and think about this," he told RCR Wireless News as he held his smartphone up on the event floor. "This has two cameras on it. It has two microphones. It has GPS. It has my email. It has near-field detectors that can tell not only where I am but who I'm sitting close to. This is a tremendous amount of data. Every place I browse on the internet. What apps I'm running. What credit cards I have. And this phone doesn't take any steps to hide my privacy." In this post-Snowden world, where professionals are suddenly aware of how much their "meta-data" can reveal about them. Privacy also played a big role in the discussion of one the hottest topics of 2015 -- the Internet of Things (IoT). The world where nearly everything that can be plugged in -- from washing machines to light bulbs to toasters -- will be connected to the internet is coming faster than most predicted. Samsung promised every device they make will connect to the net by the end of the decade. If you think your smartphone holds a lot of private data, how about your smarthome? "If people are worried about Facebook and Google storing your data today, wait until you see what is coming with #IoT in next 2-5 years," our Ed Montgomery tweeted during the event's keynote speeches, which included a talk from US Federal Trade Commission Chairwoman Edith Ramirez that tackled privacy issues on the IoT. Newly detected attacks on home routers suggest that the data being collected in our connected appliances could end up as vulnerable to snoops and hackers as our PCs. Some fear that these privacy risks may prevent people from adopting technologies that could eventually save us time, effort and energy. At F-Secure we recognize the promise that IoT and smart homes hold and we’re excited about the coming years. But we also understand the potential threats, risks, and dangers. We feel that our job is to enable our customers to fully enjoy the benefits of IoT and that is why we’re working on new innovations that will help customers to adopt IoT and smart home solutions in a safe and controlled way. It will be an exciting journey and we invite you to learn more about our future IoT solutions in the coming months. We at F-Secure’s IoT team would like to hear from you! Are you ready to jump on the IoT? What would your dream connected home look like? Or have you perhaps already set up your smart home? What are you worried about? How could your smart home turn into a nightmare? Read the rules and post your thoughts below for your chance to win one of our favorite things -- an iPad Air 2 16 GB Wi-Fi. [Image by One Tech News | via Flickr]

Jan 21, 2015
dune_tracks

You're searching online for a baby gift for a friend's newborn, and then for a while you're followed by diaper ads on practically every site you visit. Ever notice something like that happening to you? Yes, the web can be an eerie place. Intelligence agencies and criminals aren’t the only people who may be tracking your online behavior - there’s a lot more to your browsing session than meets the eye. Take, for example, this F-Secure Labs study that found that of the 100 most popular URLs in the world, only 15 percent are actually accessed by real people. The other 85 percent are third-party sites that are accessed behind the scenes of your browsing session, by the sites you visit. And over half of these third-party sites are tracking-related. They are helping build up an online profile of you and your browsing habits. Why? So marketers can better target you with ads that meet your interests and preferences - or at least try to, in the case of the diaper ads. How does it work? When you visit a site with ads, you'll be tracked by the marketing company behind the ads on that site. And one marketing company may be working with a huge network of other websites. So whenever you visit another site that also has a relationship with that marketer, the marketer captures more and more data about you and your online behavior. All this data goes into an extensive profile that is being built up about you. If that sounds a little creepy, rest assured that you can regain control of your digital privacy. There’s an easy way to block advertisers from tracking you everywhere you go. Last year we launched F-Secure Freedome to stop tracking on your mobile device (to date, Freedome has already blocked over 900 million tracking attempts globally). And now there's good news - today we're unveiling Freedome for your Windows PC! Freedome for Windows has the same privacy features as the mobile versions, protecting you from trackers and hackers. It's got the same VPN technology to protect your browsing session from snoops while using public Wi-Fi. In addition, it also includes a new Private Search feature that offers tools so you can get your search engine results without the tracking. Since the Snowden revelations, we as consumers have become more and more aware that we may be revealing the most intimate details of our lives through our connected devices. According to a recent study by the Pew Research Center Internet Project, 91% of adults in the survey agree that consumers have lost control over how personal information is collected and used by companies. If you're concerned too, download a free 14-day trial of Freedome for your Windows PC. And let us know what you think!   Banner image courtesy of Filip Goc, flickr.com  

Jan 21, 2015
David Cameron

British Prime Minister David Cameron has announced that, should the Conservatives win the general election in May, they will ban forms of communications which can’t be accessed by law enforcement if they have a warrant. It appears that messaging apps which use encryption will be banned in the UK. There are a number of reasons why this idea is a flawed knee-jerk reaction to the tragedies which happened in Paris. Here, F-Secure looks into them… Il n’est pas Charlie Each terror attack and paedophile ring which is busted gives the Government an opportunity to introduce laws which curtail the British people’s freedom and privacy. This is not the sentiment which has been shared across the world in the past two weeks, as people stood together against the massacre at Charlie Hebdo’s offices in Paris. Without civil liberties, Charlie Hebdo would not be allowed to exist. Self-censorship would ensue Knowing that your communications could be read by the Government would lead to self-censorship, possibly unconsciously. This could gravely affect activist groups and NGOs whose purpose it is to hold the Government to account. The Universal Declaration of Human Rights Article 12 states: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. If that wasn’t enough, mass surveillance also contravenes Article 8 (the right to respect for private and family life) and Article 10 (the right to freedom of expression) of the European Convention on Human Rights. The European Court of Human Rights has repeatedly stated that surveillance, if conducted without adequate judicial oversight and with no effective safeguards against abuse, will never be compatible with the European Convention. Ultimately, international law does not support Cameron’s intentions. Who will regulate open source encryption services? It is one thing to demand a large company, such as Facebook, abides by the law, but who will they approach for open source standards which have no single owner, such as OpenPGP? How do you regulate peer-to-peer communications app such as FireChat? What about mesh networks? This technology has not been widely adopted yet, but it has been available for some time and is bound to gain users if Cameron’s plans go ahead. Already used in Barcelona, Greece and Baghdad, mesh networks wirelessly connect computers and mobile devices to each other without the need for a service provider (such as an ISP). With this direct form of communication, there is no one to serve a warrant to. It can’t be monitored It is still unclear how Cameron expects to implement a ban. How will he stop people downloading software from outside Britain? Will resources (which could be spent on, say, targeted surveillance of people on the Government’s watch lists) then be spent on policing innocent people using encrypted communications? The British economy would suffer Start-ups wanting or needing to use end-to-end encryption are likely to avoid Britain as a base, taking their taxes and jobs with them. The Government would suffer The Government uses encryption for communications too. Will it be one rule for them and a different one for businesses and the public? It would wipe Britain off the technology map Take any number of services which could be affected by this law – WhatsApp and iMessage probably being the most widely used. These are not British companies bound by British laws. As such, are they likely to re-write their privacy source code or will they simply pull out of the market? When a new technology is launched, Britain is usually one of the test-beds before global roll-outs. Making Britain unviable for such programmes would see it fall behind its western competitors, bringing all the economic woes attached to it. So much for Cameron’s ‘Digital Britain’. It puts Britain in bad company Cameron is not the first to try this. He would be following Russia, Syria and Iran. All of whom have struggled to implement it. A warrant from the Home Secretary won’t help with end-to-end encryption It appears that Cameron is unaware that, with end-to-end encryption, the users hold the encryption keys, not the service provider. Turning up at, for example, the WhatsApp offices with a warrant for access to a specific user’s communications would be pointless. WhatsApp don’t hold the encryption keys, so wouldn’t be able to provide the unencrypted data. Did Cameron really mean what he said? The Prime Minister is not a technology expert, neither is his speech writer. Did this cause confusion? It is possible that Cameron’s intent is to make anonymity-enabling encryption abnormal, so that those using it are suspicious? It gives the authorities a tip on who to be watching. If we all use encrypted communications, they don’t have this advantage, so they would prefer it remained in fringe technology. Will it even happen? The plan has been called everything from ‘crazy’ to ‘cloud cuckoo land’ by security experts who understand the complexity of what Cameron intends. There is every chance that a ban on encrypted communications will not happen. However, the Government has shown its intentions. Not content with the mass surveillance being conducted by GCHQ (with no judicial oversight), they have also introduced the Regulation of Investigatory Powers Act (RIPA) and the Communications Data Bill. The message is clear, the British Government wants to unilaterally invade the British people’s privacy. Britain as a surveillance state is becoming a reality.

Jan 20, 2015
SONY DSC

In computer security, we throw around the word authentication all the time. It means a process or mechanism that is used to prove that you are you, (or that someone else or something else proves to you that they are they). Imagine yourself in a wartime  encampment. Someone approaches the sentry and the sentry calls out "Flash" The approaching soldier replies, "Thunder". This is a classic sign and countersign password set from World War II. The answer doesn't make any sense, and that's entirely on purpose. This was to prove to the soldier that he was at the right camp, and to the sentry that he was one of his own. There is a lot of chatter about signs and countersigns at one of my favorite blogs, and you can find it here. In the age of computers, things get a lot more complicated, but it's basically the same process. The website wants to know who you are, that you are the right person, and that is authentication. Now there are three methods of authentication, and they are: 1. Something you have, such as your driver's license, credit card, etc. 2. Something you know, such as a password. 3. Something you are, such as your fingerprint, retinal scan, or facial structure. This is called biometric authentication. On a computer, you actually have other things that can be known about you. There is your IP address (the address assigned to your computer on the internet), and your computer itself has a unique identifying serial number that isn't too difficult to read. Your operating system identifies itself, so do many other pieces of hardware and software on your computer, all unique, and all traceable back to you. One of the things that we use to protect ourselves is a kind of authentication called a password. This creates a lot of confusion in our lives, and small wonder--what follows is abstracted from my personal blog: Hackers are into lockpicking.  Every year at DEFCON there are lock picking contests and demonstrations, and you can buy the various tools (picks, bump keys, etc.) at Black Hat and DEFCON and many other such events. Now,  Timo Hirvonen tells me that this is a legitimate extension of learning Penetration testing, and I believe that that he is absolutely correct. I actually took up lockpicking in the summer of 1965, long before I ever dealt with a computer, but that's a story for another day. This is actually relevant, so you might want to stay with me, here. Take a look at the typical key pictured above. This is a key to a pin tumbler lock, and is the most common kind. Notice that the little notches in the key is at a different depth. The key would insert into the keyhole, which is in the part of the lock called a cylinder. When all the notches on the key line up properly, the pins line up so that the cylinder can turn. They have to be very accurate. Our example here is a five pin lock, so this key would only need notches cut in five places. The pins each have a number of discrete settings, and just to make it easy, let's imagine that there are five different settings for each pin. So how many possible combinations is that? Five times five is 25, but that's not it. Neither is five times five times five, or 125, correct. This would be a very simple lock, but it would carry a grand total of 3,125 combinations (five to the power of five). If each pin had six possible positions, you could raise that to 15,625 different combinations. With a pin tumbler lock, like the one shown here, there is also a restriction that the key has to be the right keyway (that's what they call all the channels and grooves that let the key fit into the lock). Each brand of lock uses a unique keyway which is why the key shop has hundreds of different key blanks hanging on a big rotating display. This is a very close model of an internet password. The number of pins is equivalent to the number of characters, and the number of possible positions is equal to the number of possible characters. This is why people keep telling you that a password is either strong or weak.  Let's look at it. Imagine a very short password of only two characters. If you use only numbers, then there are only ten possibilities for each character position. (0-9) so with that limitation, a two digit password using only numerals in base ten would give you only 100 possible combinations. If you had to type that in by hand it might be too much trouble, but a computer could feed those hundred combinations in less than a single second. The same two character password, if it used alphabetical characters, instead of numbers, would give you 676 possible combinations, instead of a hundred. Going to more places, or more pins, would give you an even greater combination, such as noted below. Well, you don't have to. You can get a program known as a password manager. The one we make here at F-secure is called KEY. We will take a look at that in just a little bit. First we want to make a couple of things clear.So, as you can see, it becomes much more difficult to crack a longer password, or a password with more available characters. That is not the end of the story. If you use a password made up of words that can be found in any dictionary, then a hacker could attack your password with a dictionary. Really. It's actually called a dictionary attack. So the best password would be gibberish.  How would you ever remember such a thing? 1. Passwords are extremely valuable, they are the online version of your keys, and eventually your car will start and your door will open to a password, rather than to a physical key. (I am very tempted to run off on a tangent, here)  You need to pay some attention to your passwords, because they are getting stolen left and right and because they open the door to your email, to your reputation and to your bank account. RUNNING OFF ON A TANGENT Car keys have gotten much more complicated over the last decade. First we added electronic door locks to the car, and the key acts as a remote control. Other functions come with that, including trunk release, and some kind of an alarm system. On top of all that, there is a secondary locking mechanism included with your key, where the car will only open for a key with both the proper physical keyway and tumbler pattern (( as described above)) AND the proper electronic signature.  So, in my car, for example, a new key needs to be cut and then programmed, and a new key costs almost $300! Now they tell you that's because it takes extra programming, but it's really because you NEED a car key, and based on the brand of car you drive, and I drive a Lexus, they hit you up for the highest price the traffic will bear. The circuitry isn't worth nearly that much, and neither is the 'programming'.  This is indicative of the state of the world. Drive a 1961 Buick, and you can buy a key for a buck, drive a 2001 Lexus, and the key is $300---the newest models skip the physical key entirely, and cost even more. They only charge what the traffic will bear. 2. It is very important that you not use the same password for everything. If you do, when somebody cracks one of your passwords they can find all of them. Some people use simple, same passwords for things they don't really care about (your Cookie Bakery discount code coupon, for example) but use stronger, unique passwords for more important things, like missile launch codes. 3. Do not use passwords that can be derived from the names of your pets, or the name of your spouse, or your boat, or anything that could ever be found out about you from a thorough analysis of your Facebook page. 4. Back up your data!  I use two different backups on everything, and a third backup on the most important data. I back up to a NAS (network attached storage) device, and to the cloud, and the third method is secret. Never put yourself in a situation where somebody could hack into your account and steal or delete anything you are going to need. Having said that, I want to say that too many things are authenticated these days (that's what a password is all about, authentication--it's when you prove that you are you) If you are doing a lot online you might actually be known via hundreds of passwords and who can possibly keep up with that? Nobody, that's who. It's just another example of FUTURE SHOCK, brilliantly predicted in 1971 by Doctor Alvin Toffler. My point? Maybe we are authenticating too much. Does your nephew's Bar Mitzvah really need me to get a password to reply to the evite? Do I really need a strong password to protect my registration to a trade show? The universal and always increasing demand for new passwords kind of cheapen the image they have to the public. If you need to keep track of a hundred passwords, then you might not put so much effort into managing them. Here at F-Secure we have a solution and it is called KEY. I use it on all my devices and I think it handles things very well indeed. It synchronizes all your passwords to all of your devices under a single master password. The keys are safely encrypted and cannot be extracted from either the install nor the cloud. It can and will generate new and stronger passwords for your most valuable data. You might want to look into it. Persevere, David Perry Huntington Beach, California 10/29/2014

Jan 8, 2015
DoS

Ordinary people here in Finland have been confronted with yet another cybersecurity acronym lately, DoS. And this does not mean that retro-minded people are converting back to the pre-Windows operating system MS-DOS that we used in the eighties. Today DoS stands for Denial of Service. This case started on New Year’s Eve when customers of the OP-Pohjola bank experienced problems withdrawing cash from ATMs and accessing the on-line bank. The problems have now continued with varying severity for almost a week. What happens behind the scene is that someone is controlling a large number of computers. All these computers are instructed to bombard the target system with network traffic. This creates an overload situation that prevents ordinary customers from accessing the system. It’s like a massive cyber traffic jam. The involved computers are probably ordinary home computes infected with malware. Modern malware is versatile and can be used for varying purposes, like stealing your credit card number or participating in DoS-attacks like this. But what does this mean for me, the ordinary computer user? First, you are not at risk even if a system you use is the victim of a DoS-attack. The attack cannot harm your computer even if you try to access the system during the attack. Your data in the target system is usually safe too. The attack prevents people from accessing the system but the attackers don’t get access to data in the system. So inability to use the system is really the only harm for you. Well, that’s almost true. What if your computer is infected and participates in the attack? That would use your computer resources and slow down your Internet connection, not to speak about all the other dangers of having malware on your system. Keeping the device clean is a combination of common sense when surfing and opening attachments, and having a decent protection program installed. So you can participate in fighting DoS-attacks by caring for your own cyber security. But why? Who’s behind attacks like this and what’s the motive? Kids having fun and criminals extorting companies for money are probably the most common motives right now. Sometimes DoS-victims also accuse their competitors for the attack. But cases like this does always raise interesting questions about how vulnerable our cyber society is. There has been a lot of talk about cyber war. Cyber espionage is already reality, but cyber war is still sci-fi. This kind of DoS-attack does however give us a glimpse of what future cyber war might look like. We haven’t really seen any nations trying to knock out another county’s networks. But when it happens, it will probably look like this in greater scale. Computer-based services will be unavailable and even radio, TV, electricity and other critical services could be affected. So a short attack on a single bank is more like an annoyance for the customers. But a prolonged attack would already create sever problems, both for the target company and its customers. Not to talk about nation-wide attacks. Cyber war might be sci-fi today, but it is a future threat that need to be taken seriously.   Safe surfing, Micke   Image by Andreas Kaltenbrunner.  

Jan 5, 2015