UPDATE: This sweepstakes is now closed. The winner will be contacted and then announced via our Facebook page.
Facebook recently announced a new feature: One-time passwords sent to users via text message.
[To use this feature, go to “Account “> “Account Settings”. Under “My Account”, click “Mobile”. If you already have a mobile activated, you’re ready to go. If not, you need to “Sign up for Facebook Mobile.” Facebook will text you a code to activate your phone. Now, whenever you need a One-time password, just text “otp” to 32665 (FBOOK).]
Does Facebook just want access to more mobile phones, as security expert Larry Zeltser has suggested? Probably. But Facebook has looked at its user base and attempted to solve a serious security problem.
If you’ve ever taken a look at the screen on the public computers in libraries, Internet cafes and schools, you see that nearly everyone has Facebook open. And the problem with public computers is that you have no idea what has been installed on them—including a keylogger.
A keylogger can track every key you hit, possibly revealing your most intimate credentials to a cybercriminal. That’s why entering your Facebook password on an unsecured public PC is risky. And shopping or banking on an unsecured PC is like shouting your credit card number through a megaphone. You would never do that. People do things online that they would never in the real world.
So here’s this week’s question. Have you ever shopped or banked on a public computer? Yes or no will do. But we’d love to hear your story.
Read the rules and post your answer in the comments for your chance to win a brand new Nokia N8 plus F-Secure Internet Security 2011.
F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #5- COMPETITION RULES AND PRIZES
If you do not accept these rules, please do not enter this promotion.
1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 6:00 PM PDT on October 17, 2010 and end at 6:00 PM PDT October 24, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 3 prizes a Nokia N8 with a retail value of $549 and 2 F-Secure Internet Security licenses with a retail value of $119.98 will be given as prizes in this promotion at the close of the competition.
5. Only one (1) entry, per person per Sweepstakes will be accepted. Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes Week #5“. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 30 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/10/15/get-sweepstakes-week-5/ and comment on the post. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with accidents, terrorism, theft, natural disaster, the promotion of the Get Real Sweepstakes, the distribution of any prize, entrants’ participation in and/or entry into the Get Real Sweepstakes, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14. Employees of Sponsor and family members of such employees are not eligible to enter.
© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.
CC image by Andres Rueda.
You might know what a VPN (Virtual Private Network) is. But if you’re like many people out there, you probably don’t use one. You should though. And when you finish this blog post, you’ll know why. A VPN is a private network established over the internet. That might sound complicated, so simply put, a VPN provides security for your device’s internet connection. The layer of security VPNs provide is how you make sure that data you send and receive is encrypted and safe from trackers, hackers and anyone else trying to intercept your data while it’s in transit. Companies and schools use VPNs to let people connect to local networks from anywhere. And you can also use a VPN to stay anonymous whether you’re at home, at work or school, or using an untrusted public network. And as an added bonus, of course, a VPN also lets you change your virtual location, which can mean unrestricted access to a whole world of content. So why is online anonymity so important? Who better to answer that than two real Freedome VPN users. And while we can assure you these guys are both real, in keeping with the theme of anonymity, let’s just call them “John” and “Doe”. “Anonymity is important because I really see it as a human right. Like if I’m looking for things that are really personal, I have the right to stay private and keep that information private,” says John, a university student who’s been using Freedome VPN for three months and counting. Doe, who is 29 and in the IT industry, has used VPNs before, but recently switched to F-Secure’s Freedome. For him, using a VPN isn’t just about protecting himself today: it’s an investment in the future. “I’ve never had problems myself, but we know for a fact that there are organizations and people out there right now who are looking to get their hands on our information and identities for whatever reason. This is definitely going to be a bigger problem in the future, and I want to be prepared,” says Doe. Both John and Doe say that most of their friends in the tech industry are using VPNs right now. But unfortunately, there are lots of people out there who aren’t. “I really wish people were more aware of the fact that they’re potentially giving away parts of their identity and privacy every single time they go online without a VPN,” says Doe. John agrees. “If you think about how people are feeding more and more of their personal information into a wider and wider range of sites, services etc., it’s obvious that the potential risks to our privacy are also increasing,” he says. John and Doe definitely know what they’re talking about and we couldn’t agree more. There’s never been a better time to take control of your online anonymity. So check out the Freedome VPN site for videos and more info. And don’t forget to tap or click to get yours! [Image by Blue Coat Photos | Flickr]
Many people feel that some platforms are more secure than others. And while there may be some truth in that, what’s far more common is that operating systems offer users security features that people choose to use, or ignore. As Micke has pointed out in the past, behavior is often more important for security than product features. So someone with an Android device that updates all the software, sets it up to keep the device and data in their control, and knows how to avoid risky behavior that hackers look for will keep their data safer than an iPhone user that’s never even looked at the settings for their device. And based on what we saw at AltConf2016 – a developer event that mirrored Apple’s last WWDC – it looks like many iPhone and iPad users are making some pretty basic security faux pas. So here’s a few tips iPhone and iPad users can use to protect their devices and data. Don’t forget to forget Wi-Fi networks Unlike Android and Windows Phone, iOS devices don’t let you see your Wi-Fi history. It might not seem like it, but periodically cleaning out your Wi-Fi history is important. We’ve shown in the past that many people configure their devices to automatically connect with Wi-Fi hotpots they’ve connected with before. This leaves them exposed to hackers spoofing Wi-Fi hotspots (which is surprisingly simple and inexpensive to do). So if you’re an “auto-connector”, you should always remember to “forget” public Wi-Fi networks that you use in the odd café, hotel, or restaurant you visit. Because iOS devices don’t let you see your network history, you can’t pick and choose old networks you want to forget. So iOS users have two options: either forget a Wi-Fi network before you leave and walk out of range, or do a periodic network reset to clean out your entire network history. Don’t name your device after yourself During AltConf2016, F-Secure set up a Wi-Fi hotspot to see whether or not people would connect to any available free Wi-Fi. And as we’ve seen in the past, people take their Wi-Fi wherever they can get it. While many people connected and disconnected frequently, it was clear that lots of those people seem to name their device’s after themselves – approximately 80% of the devices that connected included a first name as part of the device identifier. And out of that 80%, 70% of them were iOS devices (Android and OS X devices constituted the remaining 30%). Now, hackers won’t really need this information to “pwn” their victims. But little tidbits like these are great for scams that use social engineering. Fraudsters and tricksters can use something as simple as this to manipulate people as part of a larger scam. It’s tough to say why personalizing devices seems more popular among iOS users than their Android/Windows counterparts. And having unique device names helps keep them separate on, say, a family’s Wi-Fi network that can have multiple people using it at any one time. But using initials or some other way to differentiate them is a better way to personalize your device without necessarily giving tech-savvy fraudsters the opportunity to learn something they can use to scam you. Use app restrictions (they're not just for kids) Earlier in the year, F-Secure Security Advisor Sean Sullivan recommended people change their iOS settings to take advantage of the various restrictions you can use. You can check out his blog post about it here, but basically, using iOS’ restrictions can create safeguards against malicious apps or attacks that try to trick your device into sharing information without your knowledge. Attackers use apps and processes that can run without requiring direct action from users (such as cloud storage services) to steal data. It’s something often seen as part of corporate cyber attacks, so it’s especially important to do this if you use your iPhone or iPad for work. And as my colleague pointed out in this recent blog post, you should already be using two-factor authentication and strong, unique passwords. [Image by Kārlis Dambrāns | Flickr]
What's easier than typing, clicking or even swiping left? For most of us, speaking. Until we can get actual USB ports in our brain, our mouths may be the quickest way to make our our desires known to our devices. And as it Internet of Things develops, we're going to be doing more and more talking to machines, including our thermostat, light bulbs and possibly even our drones. Fans of Siri and the Amazon Echo are already familiar with the benefits of a conversational interface. But, as with any new technology that gains widespread adoption, privacy and security concerns are inevitable. We spoke to F-Secure's Cyber Gandalf Andy Patel about what users of voice-activated technology should know as they make the leap into this newer realm of connectivity that has long been imagined by science fiction visionaries from Philip K. Dick to Star Trek's Gene Roddenberry. So are these voice-activated devices listening all the time? Yes. In order for a device to react to a voice command without the user pressing a button to activate the feature, the device must listen all the time. How could this be used against us? If a device streams voice data to a server for processing, a few privacy and security implications arise. If the data is being streamed in an insecure way, it can be intercepted by a third party. If the speech data is stored insecurely, it can become compromised in the case of a data breach. It can also potentially sold to a third party. Speech is processed into text. That text might be stored, it might be associated with its source, and it could also be leaked. When the speech processing service returns data to the device that requested the processing, it could also be intercepted. Are the any real privacy concerns for owners of voice-activated devices? Some companies outsource their speech recognition services and cannot properly account for the processes and collection methods used by those companies. Along those lines, just last year, Samsung TV voice recognition made the news for recording owners' chatter. Voice command systems can also be maliciously hijacked. Last year, a group of French researchers demoed a method for remotely controlling Siri from a distance, using sounds that triggered Siri’s voice control, but that couldn’t be recognized by a human. So what will voice-activated technology look like in five or ten years? Big names are interested in voice control because they attach it to AI and machine learning systems -- which are, in turn, fed by the Big Data they’ve collected -- for an interactive experience. The end goal would be a scenario where you could ask your computer to perform arbitrary tasks in the same manner as on Star Trek.