Because of smart application development, most mobiles don’t face the plethora of threats that PC users do. But online criminals aim to change that. They’re working on malware for Macs, bad apps for Android and, of course, they can still hit you with a phishing scam on just about any web-connected device.
Here are a few precautions that will help protect you on all the laptops, desktop or mobile devices you use.
1. Keep your system and security software updated
This is a tip we always recommend for PCs. But it’s especially important on mobile devices and Macs too. Several important security updates have been included in recent updates of OS X. Our Mobile Security is available for Android, Symbian and Windows Phones. Research to find the best security for your device and keep it up to date.
2. Back up your device
A piece of content that exists only on one local hard drive is a piece of content at risk. Use some method of backup for your computers. If your phone has a backup capability enable it. If it’s available for your mobile, we recommend you use some remote lock software. Our Anti-Theft for Mobile is free. This way even if your device is out of your control, you can still protect your private data.
3. Get your software from a reliable source
For mobile phones, use official markets or vendors you know and trust. Never install software that suddenly appears on your computer or a mobile. You can give a criminal full access to your computer with the wrong click so take downloading and installing seriously. So don’t be afraid to take to cancel and research a product before installing it
4. Watch where you click, especially in emails
Most of us know never to open attachments we don’t expect in an email. But the links in an email can lead to a malicious site or a scam. Phishing scams have new power on mobile phones where we expect web pages to look strange and unfamiliar. Avoid clicking the links in emails you receive, especially from your bank. Go directly to the site you need to use or even call your bank directly if you have a question.
5. Keep your devices and accounts secure
Lock your computers and devices when you aren’t using them. And use a strong, unique password for all of the accounts that matter to you most.
The good habits you’ve picked up from being a smart PC user will benefit you however you connect to the web.
F-Secure’s new Safe Anywhere gives the world’s leading operators and ISPs the ability to protect PCs, Macs and mobile devices with one award-winning solution. Find out more about Safe Anywhere here.
Many techie terms in the headlines lately. Supercookies, supertrackers, HTTP headers and X-UIDH. If you just skim the news you will learn that this is some kind of new threat against our privacy. But what is it really? Let’s dig a bit deeper. We will discover that this is an issue of surprisingly big importance. Cookies are already familiar to most of us. These are small pieces of information that a web server can ask our browser to store. They are very useful for identifying users and managing sessions. They are designed with security and privacy in mind, and users can control how these cookies are used. In short, they are essential, they can be a privacy problem but we have tools to manage that threat. What’s said above is good for us ordinary folks, but not so good for advertisers. Users get more and more privacy-aware and execute their ability to opt out from too excessive tracking. The mobile device revolution has also changed the game. More and more of our Internet access is done through apps instead of the browser. This is like using a separate “browser” for all the services we use, and this makes it a lot harder to get an overall picture of our surfing habits. And that’s exactly what advertisers want, advertising is like a lottery with bad odds unless they know who’s watching the ad. A new generation of supercookies (* were developed to fight this trend. It is a piece of information that is inserted in your web traffic by your broadband provider. Its purpose is to identify the user from whom the traffic comes. And to generate revenue for the broadband provider by selling information about who you really are to the advertisers. These supercookies are typically used on mobile broadband connections where the subscription is personal, meaning that all traffic on it comes from a single person. So why are supercookies bad? They are inserted in the traffic without your consent and you have no way to opt out. They are not visible at all on your device so there is no way to control them by using browser settings or special tools. They are designed to support advertisers and generate revenue for the mobile broadband provider. Your need for privacy has not been a design goal. They are not domain-specific like ordinary cookies. They are broadcasted to any site you communicate with. They were designed to remain secret. They are hidden in an obscure part of the header information that very few web administrators need to touch. There are two ways to pay for Internet services, with money or by letting someone profile you for marketing purposes. This system combines both. You are utilized for marketing profit by someone you pay money to. But what can and should I do as an ordinary user? Despite the name, this kind of supercookies are technically totally different from ordinary cookies. The privacy challenges related with ordinary cookies are still there and need to be managed. Supercookies have not replaced them. Whatever you do to manage ordinary cookies, keep doing it. Supercookies are only used by some mobile broadband providers. Verizon and AT&T have been most in the headlines, but at least AT&T seems to be ramping down as a result of the bad press. Some other operators are affected as well. If you use a device with a mobile broadband connection, you can test if your provider inserts them. Go to this page while connected over the device’s own data connection, not WiFi. Check what comes after “Broadcast UID:”. This field should be empty. If not, then your broadband provider uses supercookies. Changing provider is one way to get rid of them. Another way is to use a VPN-service. This will encapsulate all your traffic in an encrypted connection, which is impossible to tamper with. We happen to have a great offering for you, F-secure Freedome. Needless to say, using Freedome on your mobile device is a good idea even if you are not affected by these supercookies. Check the site for more details. Last but not least. Even if you’re unaffected, as most of you probably are, this is a great reminder of how important net neutrality is. It means that any carrier that deliver your network traffic should do that only, and not manipulate it for their own profit. This kind of tampering is one evil trick, throttling to extort money from other businesses is another. We take neutrality and equal handling for granted on many other common resources in our society. The road network, the postal service, delivery of electricity, etc. Internet is already a backbone in society and will grow even more important in the future. Maintaining neutrality and fair rules in this network is of paramount importance for our future society. Safe surfing, Micke PS. The bad press has already made AT&T drop the supercookies, which is great. All others involved mobile broadband providers may have done the same by the time you are reading this. But this is still an excellent example of why net neutrality is important and need to be guaranteed by legislation. (* This article uses the simplified term supercookie for the X-UIDH -based tracker values used by Verizon, AT&T and others in November 2014. Supercookie may in other contexts refer to other types of cookie-like objects. The common factor is that a supercookie is more persistent and harder to get rid of than an ordinary cookie. Image by Jer Thorp
It's like a press conference anyone can join from anywhere. And even if you don't have a question, you can upvote the ones you don't like and downvote the ones you do. President Obama did one. Snoop Dogg/Snoop Lion did one. An astronaut did one from outer space. And our Mikko Hypponen will sit down for his second Reddit AMA on December 2 at 9 AM ET. If you have something you've wanted to ask him about online security, great. If not, here are five resources that document some of Mikko's more than two decades in the security industry to prod you or prepare you. 1. Check out this 2004 profile of his work from Vanity Fair. 2. Watch his 3 talks that have been featured on TED.com. [protected-iframe id="7579bbf790267cc081ac7d92d951262c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="fdf818f4afa2f7dcb179c5516c44918c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="54be2fe9bce28ae991becbe3d4291e56-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] 3. Check out his first AMA, which took place just after his first talk at TEDglobal was published. 4. Take a trip to Pakistan with Mikko to meet the creators of the first PC virus. [protected-iframe id="8c0605f62076aa901ed165dbd3f4fcd7-10874323-9129869" info="//www.youtube-nocookie.com/v/lnedOWfPKT0?version=3&hl=en_US&rel=0" width="640" height="360"] 5. To get a sense of what he's been thinking about recently, watch his most recent talk at Black Hat "Governments as Malware Creators". [protected-iframe id="54b24406f022e81b15ad6dadf2adfc93-10874323-9129869" info="//www.youtube-nocookie.com/v/txknsq5Z5-8?hl=en_US&version=3&rel=0" width="640" height="360"] BONUS: Make sure you follow him on Twitter to get a constant stream of insight about online security, privacy and classic arcade games. Cheers, Sandra
Whistleblowers have changed the world and there’s still a lot of hidden secrets that the public really should know about. High-profile leakers like Snowden, Manning and Assange are known globally, and are paying a high price for their courage. But only a few are dedicated enough to blow the whistle in public - most leakers want to carry on with their normal lives and remain anonymous. Snowden did no doubt show the way for others, and there are already several who have tried to leak and remain anonymous. That’s not easy and the stakes are high! Which is underlined by the recent news about the feds discovering one leaker. But is it even possible to leak anonymously in this word that in many ways is worse than Orwell’s fictive surveillance nightmare? Let’s list some advice for the case you would like to leak by phone to a journalist. I guess not many of you readers will ever be in a situation where you need this. But read on, this is highly interesting anyway and tells a lot about how our digital word works. Ok, let’s assume the worst case. The secrets you want to leak affects US national security, which means that your enemy is powerful and can use top surveillance against you. Let’s also assume it’s info you have authorized access to. And that you want to talk on the phone to a journalist. Here’s some basic rules and hints that may prevent you from ending up behind bars. First you need to assess how many persons have access to the data. They will all be on a list of suspects, together with you. The shorter the list, the bigger the risk for you. Your mobile phone is a tracking device. The cell phone network knows what base station you are connected to at any time. Other services can record and store even GPS-accurate position data. All this is accessible to the agents and you must make sure it doesn’t reveal you. Needless to say, your own phone does not participate in this project. You need to find out who you should leak to. Never do this research from your own computer because your search history can reveal you. It leaves traces both in your computer and in your user profile at Google (unless you know what you are doing and use privacy tools properly). Do this research from a public computer. Make sure you have never logged in to any personal account from this computer. You need a “burner phone” to do the leaking. This is a phone that can’t be connected to your identity in any way. Here’s some rules for how to use it: It is always switched off with the battery removed when not in use. Just using the power button does not cut power from all parts of the device. It is never switched on in or close to your home. The agents can easily find out what base station it was connected to and turning it on near home can make you more suspected than others. It is never switched on in or close to your vehicle. Base station records for the phone may correlate with traffic cameras storing your registration plate. This is especially important if you have a modern car with a built-in data connection for service monitoring etc. Never user the burner for any other contacts. Even a single call to your spouse creates a record that ties you to the phone. Needless to say, never store any other info in the phone than what you need for this project. You always leave your own phone at home when going out to use the burner phone. Otherwise the agents can see that your own phone “happen” to be in the same base station when the burner is used. Leave your own phone turned ON at home when you go out with the burner. Otherwise you create a recognizable pattern where your own phone turns off and the burner turns on, and vice versa, in a synchronized manner. Leave any other wireless devices at home. Tablets, wireless mobile payment devices, anything else with a radio transmitter. Using a voice changer is necessary especially if the list of suspects is short. Assume that your calls can be recorded and your own voice checked against the recording. Get the burner phone. Scout for a dealer with old-looking or insufficient security cameras located not too close to your home. Remember that the agents may locate the shop where the burner phone was sold, get the security camera recording and compare against the list of suspects. Even better, ask someone else to buy the phone for you. Choose a cheap non-smart prepaid phone with removable battery. Pay cash and make sure you don’t reveal your identity to the seller in any way. Safely destroy any receipts and other paperwork related to the purchase. Think about where to store physical items that can tie you to the leak. Such items are the burner phone and related documents or data media. This is especially important if the list of suspects is short. Storing such items at home, at your workplace or in your vehicle will reveal you if the agents perform a search. Try to find some other place that is safe and can’t be tied to you. Now you are ready to contact the journalist. Be very rigid with the rules for how to use the burner phone. There are also some additional rules for this situation: Dress discreetly to avoid sticking out in surveillance camera footage. Be far enough from home when making the call. Turn the burner on, make the call and turn it off again right away. Avoid public places with surveillance cameras when the burner is on. Do not use your credit card during this trip. Pay cash for everything. Any other personal payment instruments, like public transportation payment cards, is a big no-no as well. You have to assume that journalists dealing with leaks are being watched constantly. Assume that the hunt is on as soon as you have made the first contact. Try to wrap up the project as quickly as possible and minimize the number of times you turn on the burner phone. When you are done, dispose all items related to the leak in a secure way. The trash can of your own house is NOT secure. Dump the phone in the river or put it in a public trash sack far enough from home. The truly paranoid leaker will break the phone with gloves on. The outer shell can contain fingerprints or traces of your DNA and the electronics the traceable phone ID. It’s good to make sure they end up in different places. Huh! That’s a lot to remember. Imagine, all this just for maintaining privacy when making a phone call! But you really need to do it like this if the big boys are after you and you still want to continue as a free citizen. I hope you never need to go through all this, and also that you do it right if you have to. Disclaimer. This text is mainly intended as a demonstration of how intrusive the surveillance society is today. We provide no guarantee that this will be enough to keep you out of jail. If you really plan to become a whistle blower, research the topic thoroughly and get familiar with other sources as well (but remember what I wrote about researching from your own computer). Safe whistle blowing, Micke