84.6% of 21st century vacationers use their mobile devices to check their email, according to Prosper Mobile Insights. The thought of being without a smartphone, tablet or a computer, even while off in a foreign country, is a foreign thought for most of us. And if you’re always connected, you’re always at risk of some online nastiness.
F-Secure Labs has covered the recent discovery of the Flame malware, a cyberweapon that is being used to target very specific users for surveillance purposes. Unless you’re a nuclear scientist or the system administrator of a weapons developer, you’re not likely to be targeted by such advanced malware.
Still regular, everyday cyber criminals will take advantage of any sloppy mistakes you make while relaxing. So let’s get a few security precautions out of the way so you can have a good time.
1. Update your devices before you go.
Make your system software is updated on your PC, smartphone and tablet at home on your safe and secure network. A patched and protected system along with updated security software is your best protection against threats. (Our free Health Check makes that easy.) Avoid taking software updates while on the road, especially while using hotel Wi-Fi. Criminals have used faked updates on hotel Wi-Fi to infect users with malware. If you follow Krebs’s Number One Rule for Staying Safe Online–“If you didn’t go looking for it, don’t install it!”—you’ll be fine.
2. Back up your hard drives and put a remote lock on your phone.
Traveling with the only digital copy of irreplaceable data or media is not a wise choice. Before you leave your house, back up your devices hard drives. (If you don’t have a backup option, you can try our Online Backup for free.) You should also put a software on your phone that gives you the ability to lock a lost phone and erase it if necessary. (Our free Anti-Theft for Mobile does this for Android and Symbian phones.)
3. Use direct DSL or cable connection when you can; if not, use encrypted Wi-Fi with a VPN.
If free public Wi-Fi is your only option and you do not have a VPN, consider yourself watched. Try to use one-time passwords for services that offer them such as Facebook and Hotmail. Using free Wi-Fi or a public computer for shopping and banking is definitely not recommended.
4. Don’t click on links or attachments in email, especially from email you were not expecting.
This is a piece of advice from the Labs that we keep repeating because everyone knows the attachment but the link part is new. Links can lead to scams, which on your phone especially may look as official as any bank website.
5. Be careful about sharing your location.
Most of the fear about sharing location online comes from a very few examples of people being robbed by Facebook friends. The basic rule is don’t tell anyone online that you’re not home who you wouldn’t tell in real life. So you probably don’t want to broadcast your vacation on your public social networks. Why not use email—like we did in the olden days?
Using your devices to improve your vacation is not a problem as long, as you take a few precautions. You earned the chance to rest and relax so enjoy it.
[CC image by gavdana]
This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]
Our history is full of doomsday prophecies. Statistics show that they are wrong to about 100%, and that seems to be accurate as we still are here. :) Vint Cerf is not that pessimistic when predicting a digital dark age. His doomsday only affects our data, but that’s scary too. So what is this all about and how does it affect us ordinary mortals? Mr. Cerf is reminding us about one of the fundamental challenges in electronic data processing. The technology is still very young and sometimes unreliable. A special problem is the longevity of storage media. A traditional photographic print can last several hundreds of years and the oldest preserved writings are thousands of years old, but electronic data media longevity is measured in tens of years. And on top of that comes the rapid technology development that can make media incompatible before it breaks. Digital storage may become a black hole, you put things there but get nothing out. This could lead to a dark era from which we have almost no digital memories, according to him. But how realistic is this horror scenario? Let’s fill in some points that Mr. Cerf left out. The digital technology actually enables infinite life for our data, if used right. The old photograph starts to slowly degrade from day one and no copy of it is perfect. Digital info can be copied to a new media an infinite number of times without degrading quality. Any digital media has a limited lifetime. But the rapid technology development will silently solve this problem for most people. The computer becomes too old and slow before the magnetism starts to fade on the hard disk, and everything is copied to a fresh new computer. (* The need to regularly copy data to fresh media will also solve the compatibility problems. You will normally never need to access media that is more than some 5 – 10 years old. And media that young is still compatible. The floppy disks that usually are shown to illustrate incompatible media are over 25 years old. (* But what about the file formats? It will be easy to implement support for our current file formats in tomorrow’s computer systems. That will be done if there is a need for it. So don’t worry if you are using the common standard file formats like JPG-images, MS Word or PDF-documents. They will no doubt be supported for a long time. But this may be an issue if you are using some exotic and less common format. We are entering the era of cloud storage. Our data is transferred to professionally managed data centers that take care of both backup and periodical media renewal on our behalf. Sure, they can fail too. But they are in generic a lot more reliable than our own homebrewed backup procedures. The use of cloud storage introduces a new threat. How long will the cloud company be around? A good thing to think about before selecting where to store the data. Another big threat against our data is our own attitude. Handling digital data is very easy, including deleting it. We need to understand the value of our data to make sure it is preserved. Last but not least. A very big threat against all data, analog or digital, is inability to find it. My piles of old slide photo boxes are of little use as they only have some labels with year and place. Looking for a particular shot is a nightmare. But my digital collection can easily be searched for place, time, equipment, technical data, keywords, etc. The pre-digital era was really the dark age seen from this perspective! So to wrap up. Yes, the digital revolution brings new challenges that we need to be aware of. But luckily also good tools to deal with them. Digital storage will no doubt lead to personal data loss for many persons. Disks crash every day and data is lost. So there is a true risk that digital storage leads to a personal dark age for you, unless you handle your data right. But there’s absolutely no need to talk about a digital dark age in a broader sense. Historians will easily get enough information about our society. It doesn’t matter if some of us have lost our files, there’s still plenty to work on. Actually, data overload will be a more likely problem for them. Good news. The sky is not falling after all! Safe surfing, Micke (* This is assuming that you keep your files on the computer. These problems will become real if you archive files on external media, store it away for later use and remember them some 20 years later.
We have repeatedly countered the arguments that people don’t have anything to hide, and can comfortable ignore the privacy threats on the Internet. That’s a very unwise attitude and here’s some more examples why. We have also talked a lot about on-line scams and how to avoid them. A key challenge for any scammer is to be trustworthy in the eyes of the victim. And this is where your data enters the picture. I have written a story about how a scammer can be more convincing if he knows your travel plans. Let’s cover a more business-oriented case this time. A controller at a firm in Omaha, Nebraska received mails from the CEO asking him to make a series of money transfers to China, and he transferred a total of $17.2 millions. Yes, you guessed it. The sender was not the CEO and a scammer made a nice profit. The obvious lesson we learn in both these cases is naturally that mail isn’t trustworthy. Mail itself does not provide any kind of sender authentication. The sender address is easily faked. Authentication of the other part must rely on the mail contents, a cryptographic signature or information that only the perceived sender can know. And this leads us to the less obvious lesson we can learn here. It looks like the Ohama-scammer had information about the victim. He knew who can handle money transfers. He also knew that the CEO had some business in China, which made the transfers sound legit. He probably also knew that this person doesn’t meet the CEO face to face daily as that would have ruined the scam. Part of this info is publicly available, like the name of the CEO. We don’t know how he got hold of the rest, but it is obvious that it helped the scammer. So here we have an excellent example of how criminals can utilize tiny grains of info to scam huge piles of money. But what should this Ohama-company have done differently? The controller should have called the CEO to verify the transactions. The company should analyze what info the scammer had, and go through their security policies. And that is pretty much what private persons should do too. Learn to think critically when someone approaches you by mail and verify the sender if in doubt. Also guard all your data to make this kind of targeted attack as hard as possible. This company responded by firing the controller. That's not an option for you if you fall for a scam and let go of your own money. Safe surfing, Micke PS. Was it right to fire the controller? Hard to say. Part of the responsibility naturally lies on the one who was gullible enough to trust an e-mail. But it also depends on if the company had proper rules in place for validating transfer requests. Did he break any concrete rules when sending the money? If he didn't, then the company is responsible too. Photo by Images Money