UPDATE: This sweepstakes is now closed. The winner will be contacted and then announced via our Facebook page.
Facebook recently announced a new feature: One-time passwords sent to users via text message.
[To use this feature, go to “Account “> “Account Settings”. Under “My Account”, click “Mobile”. If you already have a mobile activated, you’re ready to go. If not, you need to “Sign up for Facebook Mobile.” Facebook will text you a code to activate your phone. Now, whenever you need a One-time password, just text “otp” to 32665 (FBOOK).]
Does Facebook just want access to more mobile phones, as security expert Larry Zeltser has suggested? Probably. But Facebook has looked at its user base and attempted to solve a serious security problem.
If you’ve ever taken a look at the screen on the public computers in libraries, Internet cafes and schools, you see that nearly everyone has Facebook open. And the problem with public computers is that you have no idea what has been installed on them—including a keylogger.
A keylogger can track every key you hit, possibly revealing your most intimate credentials to a cybercriminal. That’s why entering your Facebook password on an unsecured public PC is risky. And shopping or banking on an unsecured PC is like shouting your credit card number through a megaphone. You would never do that. People do things online that they would never in the real world.
So here’s this week’s question. Have you ever shopped or banked on a public computer? Yes or no will do. But we’d love to hear your story.
Read the rules and post your answer in the comments for your chance to win a brand new Nokia N8 plus F-Secure Internet Security 2011.
F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #5- COMPETITION RULES AND PRIZES
If you do not accept these rules, please do not enter this promotion.
1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 6:00 PM PDT on October 17, 2010 and end at 6:00 PM PDT October 24, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 3 prizes a Nokia N8 with a retail value of $549 and 2 F-Secure Internet Security licenses with a retail value of $119.98 will be given as prizes in this promotion at the close of the competition.
5. Only one (1) entry, per person per Sweepstakes will be accepted. Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes Week #5“. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 30 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/10/15/get-sweepstakes-week-5/ and comment on the post. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with accidents, terrorism, theft, natural disaster, the promotion of the Get Real Sweepstakes, the distribution of any prize, entrants’ participation in and/or entry into the Get Real Sweepstakes, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14. Employees of Sponsor and family members of such employees are not eligible to enter.
© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.
CC image by Andres Rueda.
Mikko Hypponen is one of the world’s most prominent cyber security experts. Described as a “virus hunter” in a Vanity Fair profile called “The Code Warrior”, Hypponen has spent nearly 25 years with F-Secure protecting people from computer viruses, worms, trojans, and other types of malware. In 2011, Hypponen travelled to Pakistan to meet the men behind the first known PC virus – Brain.A. [youtube https://www.youtube.com/watch?v=lnedOWfPKT0&w=560&h=315] The Brain virus was released in January of 1986, making January 2016 the 30th anniversary of this milestone in malware history. I thought it would be interesting to reach out to Mikko and ask him about other families of malware that standout as being noteworthy. So here’s Mikko’s list of some of the most infamous malware families (including viruses, worms, trojans, etc) that’ve pestered, frustrated, and even extorted computer users over the past few decades. 1990 Form – Form was a common computer virus identified in 1990, and for several years, was arguably the most prominent computer virus in the world. Spread through 3.5” floppy disks, it infected millions of computers throughout the world, and is possibly one of the most widespread viruses in history. 1992 Michelangelo – Michelangelo earns a place on the list for being the first truly global virus scare. It was named after the famous artist because the virus remained dormant until March 6 (the artist’s birthday), when it would awaken and overwrite sections of infected hard disks, thereby making the information inaccessible and the computer unusable. The virus was never particularly prominent compared to some of its contemporaries, but its destructive nature and subtlety helped spread Michelangelo Madness throughout the globe. 1995 Concept – Concept was the very first macro virus – a type of virus that infects applications such as Microsoft Word. It was a very prominent security concern in the mid-nineties, and even though it was successful in propagating itself organically during this time, it hasn’t been seen in over a decade. As the first macro virus, it was notable in that it spread by hiding itself as a Word doc and then infecting computers as those documents were shared. By using Word, it could use both Windows PCs and Macs to spread infections, as the software could run on both platforms. 1999 Melissa – Melissa, supposedly named after an exotic dancer, was a computer virus that sent infected Word documents to contacts in victims’ Outlook address book. While the virus was not designed to be particularly destructive, its rapid proliferation through the Internet wreaked considerable havoc on corporate servers and infrastructure. Some accounts claim that it infected twenty percent of computers globally, and the man eventually convicted of releasing the virus into the wild admitted to causing eighty million dollars in financial losses. 2000 Loveletter – Loveletter, also widely known as ILOVEYOU, was a prominent email worm that was able to spread itself throughout the globe in a matter of hours by promising victims a little bit of love. Disguising itself as a chain, love-themed email to recipients helped it quickly spread from its Filipino origin through Asia, Europe and North America. To this date, it is one of the largest malware outbreaks of all time, and responsible for an estimated 5.5 billion dollars of damage. 2001 Code Red – Code Red was the first fully-automated network worm for Windows. As in users would not have to interact with a machine in order to spread the infection. Code Red’s most infamous day was July 19th, 2001, when it successfully infected 300,000 servers. The worm was programmed to spread itself on certain days, and then execute distributed denial-of-service (DDoS) attacks on others, and was used against several different targets (including The White House). 2003 Slammer, Lovsan, and Sobig – Ok, so there’s three here and not just one. But they all occurred very close together, and unfortunately, all three were worms responsible for massive, global malware outbreaks. Slammer targeted servers so it’s presence wasn’t readily apparent to end users (save some lagging when they were attempting to access an infected server). Lovesan, however was able to infect end users running Windows ME or Windows XP, and use the infected machines in DDoS attacks. Sobig spread itself through email and network drives, and contained a trojan in order to cause more headaches for infected users. However, it appears that the trojan feature did not function as expected. These three worms infected millions of machines, and made headlines all over the world. 2004 Sasser – A computer worm that can be considered as the last large “hobbyist” outbreak. This is significant as it signaled the end of an era when most malware was written by people who were simply curious to see what the malware could do. Nowadays, malware has a more specific, insidious purpose, such as stealing information or making money. 2006 Warezov – A two-year email worm campaign perpetuated by professional criminals, Warezov gained notoriety for downloading new versions of itself from remote servers – sometimes as frequently as every 30 minutes, according to a 2006 interview with Mikko. 2007 Storm Worm (also called Small.dam) – Storm Worm was a trojan that was spread as an attachment to spam emails. But more importantly, it was a combination of complex and advanced virus techniques that criminals were able to use to make money by using infected machines as part of a botnet. 2013 Cryptolocker – A notorious ransomware family, Cryptolocker was spread through malicious email attachments, as well as the infamous Gameover Zeus botnet. Infected victims would find their hard drives suddenly encrypted, essentially locking them out of their devices and data until they paid a ransom to the perpetrators. While the FBI, in cooperation with other law enforcement agencies and security companies (including F-Secure), were able to disrupt the operation, the perpetrators were able to use Cryptolocker to extort about 3 million dollars from victims before being stopped. Other notable mentions include the 2005 Sony rootkit (for being distributed on Sony BMG CD-ROMs on their behalf), the still prominent Downadup worm from 2008 (for infecting millions, including armed forces of several countries and police departments), and the well-known Stuxnet virus from 2010 (for both its sophistication and its apparent state-sponsorship). If you want to know more about the history of computer viruses, you can check out Computer Invaders: The 25 Most Infamous PC Viruses of All Time!
This TED talk is so hilarious that I just have to share it with you. Watch it! British comedian James Veitch is engaging in the noble art of scam baiting, or scamming the scammers. The same as this site is dedicated to, or when I almost sold my boat to Mexico. I guess most or all of you already know how to spot an advance payment scam, aka. Nigerian scam. But James has some more to offer here. He’s making two important points, in addition to the excellent entertainment value. People often warns about engaging in any kind of conversation with these scammers. They are after all criminals and it’s safest to steer clear of them. I disagree, just like James. The people behind this kind of scams is not exactly the violent drug mafia. As a matter of fact, anyone who can use e-mail and Google Translate can set up a scam like this. And they are located in some poor remote country, typically in Africa. So it’s extremely unlikely that any of them would start hunting down people who play with them. That would disrupt their everyday business and cut profits, cost money and introduce the risk to get caught. But I do discourage people from engaging in scam baiting under their real identity. Set up a new mail account under a false name and never reveal any real contact info to them. You can reply from a different address than where you got the original spam. They are pumping out millions of spam messages and will not even notice the changed address. This adds an additional layer of security. And more important, it keeps your real inbox free of spam. Use their own tactic. Create a false identity with name, address, profession and country of residence. Stick to that story and make sure not a single bit of it is true. Read more about how to scam bait at 419eater.com. The other point is that scam baiting is a good deed. It keeps the scammers busy and ties up their resources. Resources that otherwise would have been used to scam a real victim and cause real damage. A single scam baiter can’t of course save the world, but they would probably shut down if all of us spent an hour a week scam baiting. And it can be fun so why not? A good scam baiter can be a real pain in the a** for the scammers. Be prepared to get some threats and evil language when they realize what is going on. Consider that as a trophy, a proof that you did it right. Don’t feel bad for them. They did after all contact you with the sole purpose to scam you for money. Safe scam baiting, Micke Image: Screenshot from ted.com
"We are no longer securing computers," our Chief Research Officer Mikko Hypponen said recently, "we are securing society." This responsibility is immense and since he joined F-Secure in 2012, Christian Fredrikson has fixated on the need to provide solutions that match it. His leadership is now being recognized by European CEO, which has just named him the "Best CEO in the Online Security Industry." "This demonstrates hard work & commitment of Fellows to build a great company!" Christian tweeted, in response to the award. "I'm honored to be part of this journey." He also has a new editorial about the need for security in an age of mass connectivity. "As smartphones lead to smart homes, smart cities and smart grids, the potential for efficiency is dwarfed only by the potential vulnerabilities," he writes. Before Christian joined F-Secure, he was the global sales for of Network Systems business unit at Nokia Siemens Networks. He's also a member of new EU cloud computing board , the Steering Board of the European Cloud Partnership, the Communications Administration Committee of Ministry of Transport and Communications Mobile in Finland, the Board of Remedy Entertainment Ltd. and the Board of Finnish Information Security Cluster. And in his spare time -- if he has any -- he swims and enjoys football. Cheers, Sandra