blog_photo_Jan2013

There’s no such thing as a private message

blog_photo_Jan2013

You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.

Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.

So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.

The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.

Micke

Photo by Sam Catanzaro @ Flickr

More posts from this topic

15855489588_6c209780a9_b

How “the Cloud” Keeps you Safe

“The cloud” is a big thing nowadays. It’s not exactly a new concept, but tech companies are relying on it more and more. Many online services that people enjoy use the cloud to one extent or another, and this includes security software. Cloud computing offers unique security benefits, and F-Secure recently updated F-Secure SAFE to take better advantage of F-Secure’s Security Cloud. It combines cloud-based scanning with F-Secure’s award-winning device-based security technology, giving you a more comprehensive form of protection. Using the cloud to supplement device-based scanning provides immediate, up-to-date information about threats. Device-based scanning, which is the traditional way of identifying malware, examines files against a database saved on the device to determine whether or not a file is malicious. This is a backbone of online protection, so it’s a vital part of F-Secure SAFE. Cloud-based scanning enhances this functionality by checking files against malware information in both the local database found on devices, and a centralized database saved in the cloud. When a new threat is detected by anyone connected to the cloud, it is immediately identified and becomes "known" within the cloud. This ensures that new threats are identified quickly and everyone has immediate access to the information, eliminating the need to update the database on devices when a new threat is discovered. Plus, cloud-based scanning makes actual apps easier to run. This is particularly important on mobile devices, as heavy anti-virus solutions can drain the battery life and other resources of devices. F-Secure SAFE’s Android app has now been updated with an “Ultralight” anti-virus engine. It uses the cloud to take the workload from the devices, and is optimized to scan apps and files with a greater degree of efficiency. Relying on the cloud gives you more battery life, and keeps you safer. The latest F-Secure SAFE update also brings Network Checker to Windows PC users. Network Checker is a device-based version of F-Secure’s popular Router Checker tool. It checks the Internet configuration your computer uses to connect to the Internet. Checking your configuration, as opposed to just your device, helps protect you from attacks that target home network appliances like routers – a threat not detected by traditional anti-virus products. So the cloud is offering people much more than just extra storage space. You can click here to try F-Secure SAFE for a free 30-day trial if you’re interested in learning how F-Secure is using the cloud to help keep people safe. [Image by Perspecsys Photos | Flickr]

June 30, 2015
BY 
Mikko Hypponen What Twitter knows

Your favorite breakfast cereal and other things Twitter knows about you

At Re:publica 2015, our Chief Research Officer Mikko Hypponen told the main stage crowd that the world's top scientists are now focused on the delivery of ads. "I think this is sad," he said. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] To give the audience a sense of how much Twitter knows about its users, he showed them the remarkable targeting the microblogging service offers its advertisers. If you use the site, you may be served promoted tweets based on the following: 1. What breakfast cereal you eat. 2. The alcohol you drink. 3. Your income. 4. If you suffer from allergies. 5. If you're expecting a child. And that's just the beginning. You can be targeted based not only on your recent device purchases but things you may be in the market for, like a new house or a new car. You can see all the targeting offered by logging into your Twitter, going to the top right corner of the interface, clicking on your icon and selecting "Twitter Ads". Can Twitter learn all this just based on your tweets and which accounts follow? No, Mikko said. "They buy this information from real world shops, from credit card companies, and from frequent buyer clubs." Twitter then connects this information to you based on... your phone number. And you've agreed to have this happen to you because you read and memorized the nearly 7,000 words in its Terms and Conditions. Because everyone reads the terms and conditions. Full disclosure: We do occasionally promote tweets on Twitter to promote or digital freedom message and tools like Freedome that block ad trackers. It's an effective tool and we find the irony rich. Part of our mission is to make it clear that there's no such thing as "free" on the internet. If you aren't paying a price, you are the product. Aral Balkan compares social networks to a creepy uncle" that pays the bills by listening to as many of your conversations as they can then selling what they've heard to its actual customers. And with the world's top minds dedicated to monetizing your attention, we just think you should be as aware of advertisers as they are as of you. Most of the top URLs in the world are actually trackers that you never access directly. To get a sense of what advertisers learn every time you click check out our new Privacy Checker. Cheers, Jason

May 15, 2015
BY 
business security cyber defense

You have new e-mail — or, how to let hackers sneak in with a single click

This is the first in a series of posts about Cyber Defense that happened to real people in real life, costing very real money. A rainy, early spring day was slowly getting underway at a local council office in a small town in Western Poland. It was a morning like any other. Nobody there expected that this unremarkable day would see a series of events that would soon affect the entire community... Joanna Kaczmarek, a Senior Specialist in the council’s Accounting Department, rushed into her office a little late, but in a good mood nonetheless. Before getting down to work, she brewed herself a cup of coffee and played some music on her computer. Several days earlier, she had finally installed a music app on her PC so she could listen to her favourite tunes while she worked. This had taken some effort though, as she had needed administrator’s access to her computer. It took a lot of pleading and cajoling, but after a week the IT guy finally gave in. Joanna had no idea that she was opening a dangerous gap in the council’s IT system. That morning, Joanna launched, as she had countless times before, a government issued budget management application. With a few clicks, she made a transfer order for nearly twenty thousand zloty. The recipient of the money was a company that had won the contract for the renovation of a main road in the town. The whole operation took seconds. Two days later, the owner of the company phoned Joanna, asking about the advance he was supposed have received. “I can’t get the work started without that money”, he complained in an annoyed voice. Joanna was a little surprised and contacted the bank. The bank confirmed the operation, saying that there was nothing suspicious about it. Joanna, together with the Head of the IT Department, carefully ran back over the events of the day of the transfer. They found nothing out of the ordinary, so started checking what was happening on Joanna’s computer around the time before the transfer date. They soon found something: nearly a week prior to the date of the missing transfer, Joanna had received an email from the developer of the budget management software. For Joanna, the message hadn’t raised any red flags; the email contained a reminder about a software update and looked very legitimate. It contained the developer’s contact data, logo and telephone number. Everything was in order… Everything except for a change of one letter in the sender’s address. Joanna hadn’t noticed – a “t” and an “f” look so alike when you read quickly, don’t they? Unaware of the consequences, Joanna followed the link that was to take her to the update website. With just one click of her mouse she started a snowball of events that ultimately affected each and every resident of the town. Instead of the “update”, she downloaded dangerous spyware onto her computer. In this way, the cybercriminals who orchestrated the attack learnt that the woman was a Senior Specialist in the Accounting Department and was responsible for transferring money, including EU funds. The thieves lured Joanna into a digital trap, tricking her into installing software that replaced bank account numbers “on the fly”. As she was processing the transaction, the hackers replaced the recipient’s account details with their own, effectively stealing the money. Joanna would have been unable to install the fake update if she hadn’t obtained the administrator’s rights she’d needed for her music app. All she had wanted was to listen to some music while she worked. If only she had known what the consequences would be... After the attack was discovered, the Police launched an investigation. Joanna was just one of many victims. Investigators discovered that the malware infection was likely to have targeted computers used by local government workers in hundreds of municipalities across Poland. Law enforcement authorities haven’t officially disclosed how much money was stolen, but given the fact that losses may have been underreported, the estimated figures are in the millions of zlotys. On the top of that, Joanna’s town had to wait months for the completion of the roadwork. This was one of the largest mass cyber-attacks against local government in Poland. It certainly won’t be the last one... For small and medium sized enterprises, the average financial loss as the result of a cyber security incident is on average 380 000€. The risk and the lost is real. Don’t be an easy target. We help businesses avoid becoming an easy victim to cyber attacks by offering best in class end-point protection and security management solutions trusted by millions.

May 13, 2015