Have you ever wondered if that machine that gives you cash make also be swiping some? Do you know how to tell if an ATM skimmer has been adding to a banking machine? Are you using your primary bank account when you travel?
Then you need to watch this.
Every year Cyber Monday sets new sales records. The Monday after the U.S.'s biggest brick-and-mortar shopping day a year opens the online shopping season with a flood of sales and deals that are often better than what you'll find in person, without the crowds. But whether you're shopping for presents or not during the next month, advertisers and online criminals will assume you are. And if they aren't targeting your wallet, they may be after the private photos and videos we all keep on the hard drives of our computers or devices. So stay skeptical. Stay focused. And keep up the same online shopping and storage hygiene you should be practicing all year long: 1. Make sure your system, browser and security software are patched and protected. If it's software, it requires updates. As developers have become better at reminding you to update your software, there's become more to update. So keep up with your operating system updates and make sure you're running updated security software. Right now, you can get our F-Secure SAFE protection on 5 PCs or devices with 200 GB of free secure cloud storage. 2. Do all your shopping in in one browser. No Java. Our Security Advisor Sean Sullivan advises that you do all of your financial transactions in one browser that you only use for shopping and banking. “Too many tabs open, too many things going on – that’s when you’re most prone to click on a malicious link or download something you shouldn’t have," he said. So use Chrome for surfing and Firefox for the serious stuff. Whichever browser you use for your transactions, you should disable Java in it -- and all your browsers if possible. If a certain website you need to use requires Java, enable it in just one browser that you use only for that site. 3. Stick to stores/sites you trust. Bad grammar and poor design have been the warning signs of malicious sites and emails for years. But criminals are always upping their game. Your best bet is to avoid untrustworthy sites in general, just as you likely avoid unprofessional looking stores and people who randomly try to sell you stereo equipment from their van. Avoid shopping via Google. Go directly to sites you trust and search there. 4. Only shop over a secure connection -- VPN and https. If you're shopping via Wi-Fi, make sure you're on a network you trust or secure yourself with a virtual private network like F-Secure Freedome. This will encrypt your data to protect your passwords and other private data. Freedome also protects you from scams and trackers, which may use your data to sell you things that do not fit your budget. To make sure your data is secure as it's being transmitted, don't enter your private data unless you see you're on a secured connection where the url starts with "https". If you're not seeing that, move on to the next store. 5. Use one credit card for all your online shopping. Limit your damages. If your data is captured by a crook, chances are your credit card company will catch any irregularities. However, you still may be left without a card during the holiday season. Using only one card for online purchases also makes it simpler to keep focused on how much you're spending. 6. Check your statements. You do this? Right? If you don't check your statements to make sure all the charges are yours, who will? 7. Do not reuse passwords. It's like putting the same lock on your house, car, boat and safe. Your passwords for your crucial accounts are sacred and need to be unique and strong. This isn't easy, which is why we recommend a password manager. You can use our F-Secure KEY on one device for free. 8. Have a secret email account for online shopping. Sites like Amazon allowing you to use your email for a login, which is convenient. It also means anyone who knows your email, knows your login and is halfway to cracking your account. A simple solution is to use a special email account that you with with no one that you use as login for financial accounts. 9. Back up everything. What's on our devices and PCs is worth more than the hardware themselves because they represent the thing we can never get back -- time. During the holiday season, your phone is filled with memories of celebrations and gatherings that will only happen in that exact way once. So make sure all your devices are backed up, all the time. 10. Use a cloud service you can trust. As you know from the series of nude photos of celebrities released this year, the security of your cloud storage matters. The more people you have trying to hack you, the more your content is at risk. Using a service -- like our younited -- that offers two-factor authentication and is designed to protect your privacy. Happy holidays, Sandra [Photo by Mike McCune via Flickr]
It's like a press conference anyone can join from anywhere. And even if you don't have a question, you can upvote the ones you don't like and downvote the ones you do. President Obama did one. Snoop Dogg/Snoop Lion did one. An astronaut did one from outer space. And our Mikko Hypponen will sit down for his second Reddit AMA on December 2 at 9 AM ET. If you have something you've wanted to ask him about online security, great. If not, here are five resources that document some of Mikko's more than two decades in the security industry to prod you or prepare you. 1. Check out this 2004 profile of his work from Vanity Fair. 2. Watch his 3 talks that have been featured on TED.com. [protected-iframe id="7579bbf790267cc081ac7d92d951262c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="fdf818f4afa2f7dcb179c5516c44918c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="54be2fe9bce28ae991becbe3d4291e56-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] 3. Check out his first AMA, which took place just after his first talk at TEDglobal was published. 4. Take a trip to Pakistan with Mikko to meet the creators of the first PC virus. [protected-iframe id="8c0605f62076aa901ed165dbd3f4fcd7-10874323-9129869" info="//www.youtube-nocookie.com/v/lnedOWfPKT0?version=3&hl=en_US&rel=0" width="640" height="360"] 5. To get a sense of what he's been thinking about recently, watch his most recent talk at Black Hat "Governments as Malware Creators". [protected-iframe id="54b24406f022e81b15ad6dadf2adfc93-10874323-9129869" info="//www.youtube-nocookie.com/v/txknsq5Z5-8?hl=en_US&version=3&rel=0" width="640" height="360"] BONUS: Make sure you follow him on Twitter to get a constant stream of insight about online security, privacy and classic arcade games. Cheers, Sandra
Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good. Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.