Sandra@F-Secure

Follow me on:

latest posts from Sandra@F-Secure

AMA

Fresh off his latest talk at at TEDxBrussels, our Chief Research Officer Mikko Hypponen sat down for a little session of "ask me anything" on reddit. You can read all of the questions people had for him and answers here. WARNING: There is a lot to go through. With over 3,200 comment's, Mikko's AMA ranks among one of the more popular threads in the subreddit's history. For a quick taste of what Mikko had to say about artificial intelligence, Tor, and Edward Snowden, here are slightly edited versions of 5 of our favorite questions and answers. How safe are current smart phones and how secure are their connections? - Jadeyard The operating systems on our current phones (and tablets) are clearly more secure than the operating systems on our computers. That's mostly because they are much more restricted. Windows Phones and iOS devices don't have a real malware problem (they still have to worry about things like phishing though). Android is the only smartphone platform that has real-world malware for it (but most of that is found in China and is coming from 3rd party app stores). It is interesting the Android is the first Linux distribution to have a real-world malware problem. Lots of people are afraid of the viruses and malware only simply because they are all over the news and relatively easy to explain to. I am personally more afraid of the silently allowed data mining (i.e. the amount of info Google can get their hands on) and social engineering style of "hacking". How would you compare these two different threats and their threat levels on Average Joes point of view - which of them is more likely to cause some harm. Or is there something else to be more afraid of even more (govermental level hacks/attacks)? - BadTaster There are different problems: problems with security and problems with privacy. Companies like Google and Facebook make money by trying to gather as much information about you as they can. But Google and Facebook are not criminals and they are not breaking the law. Security problems come from criminals who do break the law and who directly try to steal from you with attacks like banking trojans or credit card keyloggers. Normal, everyday people do regularily run into both problems. I guess getting hit by a criminal attack is worse, but getting your privacy eroded is not a laughing matter either. Blanket surveillance of the internet also affects us all. But comparing these threats to each other is hard. Hi, Mikko! Do you subscribe to Elon Musk's statements and conceptions of AI being the single biggest threat to humans? - matti80 Elon is the man. I've always thought of Tony Stark as my role model and Elon is the closest thing we have in the real world. And he's right. Artificial Intelligence is scary. I believe introducing an entity with superior intelligence into your own biosphere is a basic evolutionary mistake. Europol's cybercrime taskforce recently took down over a hundred darknet servers. Did the news shake your faith in TOR? - brain4narchy People use Tor for surfing the normal web anonymized, and they use Tor Hidden Service for running websites that are only accessible for Tor users. Both Tor use cases can be targeted by various kinds of attacks. Just like anywhere else, there is no absolute security in Tor either. I guess the takedown showed more about capabilities of current law enforcement than anything else. I use Tor regularly to gain access to sites in the Tor Hidden Service, but for protecting my own privacy, I don't rely on Tor. I use VPNs instead. In addition to providing you an exit node from another location, VPNs also encrypt your traffic. However, Tor is free and it's open source. Most VPNs are closed source, and you have to pay for them. And you have to rely on the VPN provider, so choose carefully. We have a VPN product of our own, which is what I use. If you ever met Snowden what would be the first question you would ask him? - SaPro19 'What would you like to drink? It's on me.' Cheers, Sandra

Dec 5, 2014
11184349836_ea2bfb1da8_b

Every year Cyber Monday sets new sales records. The Monday after the U.S.'s biggest brick-and-mortar shopping day a year opens the online shopping season with a flood of sales and deals that are often better than what you'll find in person, without the crowds. But whether you're shopping for presents or not during the next month, advertisers and online criminals will assume you are. And if they aren't targeting your wallet, they may be after the private photos and videos we all keep on the hard drives of our computers or devices. Right now, you can get our F-Secure SAFE protection on 5 PCs or devices with 200 GB of free secure cloud storage. Until December 6, we're giving away one free license for SAFE on 5 devices along with 200 GB of storage and a SAFE hoodie for free each day on our Facebook page. Read the the rules and enter now. And while you're shopping on any device, stay skeptical. Stay focused. And keep up the same online shopping and storage hygiene you should be practicing all year long: 1. Make sure your system, browser and security software are patched and protected. If it's software, it requires updates. As developers have become better at reminding you to update your software, there's become more to update. So keep up with your operating system updates and make sure you're running updated security software. 2. Do all your shopping in in one browser. No Java. Our Security Advisor Sean Sullivan advises that you do all of your financial transactions in one browser that you only use for shopping and banking. “Too many tabs open, too many things going on – that’s when you’re most prone to click on a malicious link or download something you shouldn’t have," he said. So use Chrome for surfing and Firefox for the serious stuff. Whichever browser you use for your transactions, you should disable Java in it -- and all your browsers if possible. If a certain website you need to use requires Java, enable it in just one browser that you use only for that site. 3. Stick to stores/sites you trust. Bad grammar and poor design have been the warning signs of malicious sites and emails for years. But criminals are always upping their game. Your best bet is to avoid untrustworthy sites in general, just as you likely avoid unprofessional looking stores and people who randomly try to sell you stereo equipment from their van. Avoid shopping via Google. Go directly to sites you trust and search there. 4. Only shop over a secure connection -- VPN and https. If you're shopping via Wi-Fi, make sure you're on a network you trust or secure yourself with a virtual private network like F-Secure Freedome. This will encrypt your data to protect your passwords and other private data. Freedome also protects you from scams and trackers, which may use your data to sell you things that do not fit your budget. To make sure your data is secure as it's being transmitted, don't enter your private data unless you see you're on a secured connection where the url starts with "https". If you're not seeing that, move on to the next store. 5. Use one credit card for all your online shopping -- or use credit card alternatives. Limit your damages. If your data is captured by a crook, chances are your credit card company will catch any irregularities. However, you still may be left without a card during the holiday season. Using only one card for online purchases also makes it simpler to keep focused on how much you're spending. For extra security, Sean recommends that you see if your bank offers virtual credit card numbers that can only be used once. 6. Check your statements. You do this? Right? If you don't check your statements to make sure all the charges are yours, who will? 7. Do not reuse passwords. It's like putting the same lock on your house, car, boat and safe. Your passwords for your crucial accounts are sacred and need to be unique and strong. This isn't easy, which is why we recommend a password manager. You can use our F-Secure KEY on one device for free. 8. Have a secret email account for online shopping. Sites like Amazon allowing you to use your email for a login, which is convenient. It also means anyone who knows your email, knows your login and is halfway to cracking your account. A simple solution is to use a special email account that you with with no one that you use as login for financial accounts. 9. Back up everything. What's on our devices and PCs is worth more than the hardware themselves because they represent the thing we can never get back -- time. During the holiday season, your phone is filled with memories of celebrations and gatherings that will only happen in that exact way once. So make sure all your devices are backed up, all the time. 10. Use a cloud service you can trust. As you know from the series of nude photos of celebrities released this year, the security of your cloud storage matters. The more people you have trying to hack you, the more your content is at risk. Using a service -- like our younited -- that offers two-factor authentication and is designed to protect your privacy. Happy holidays, Sandra [Photo by Mike McCune via Flickr]

Nov 25, 2014
IMG_3395

It's like a press conference anyone can join from anywhere. And even if you don't have a question, you can upvote the ones you don't like and downvote the ones you do. President Obama did one. Snoop Dogg/Snoop Lion did one. An astronaut did one from outer space. And our Mikko Hypponen will sit down for his second Reddit AMA on December 2 at 8 AM ET. If you have something you've wanted to ask him about online security, great. If not, here are five resources that document some of Mikko's more than two decades in the security industry to prod you or prepare you. 1. Check out this 2004 profile of his work from Vanity Fair. 2. Watch his 3 talks that have been featured on TED.com. [protected-iframe id="7579bbf790267cc081ac7d92d951262c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="fdf818f4afa2f7dcb179c5516c44918c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="54be2fe9bce28ae991becbe3d4291e56-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] 3. Check out his first AMA, which took place just after his first talk at TEDglobal was published. 4. Take a trip to Pakistan with Mikko to meet the creators of the first PC virus. [protected-iframe id="8c0605f62076aa901ed165dbd3f4fcd7-10874323-9129869" info="//www.youtube-nocookie.com/v/lnedOWfPKT0?version=3&hl=en_US&rel=0" width="640" height="360"] 5. To get a sense of what he's been thinking about recently, watch his most recent talk at Black Hat "Governments as Malware Creators". [protected-iframe id="54b24406f022e81b15ad6dadf2adfc93-10874323-9129869" info="//www.youtube-nocookie.com/v/txknsq5Z5-8?hl=en_US&version=3&rel=0" width="640" height="360"] BONUS: Make sure you follow him on Twitter to get a constant stream of insight about online security, privacy and classic arcade games. Cheers, Sandra

Nov 14, 2014
Screen Shot 2014-11-04 at 5.06.36 PM

When the F-Secure Community opened in 2011, our Customer Care team envisioned it as a nexus where experts from both inside and outside of F-Secure could help each other and users in search of answers. Since then, it has been refined and expanded to include a German board and forum for you to prod our developers with ideas for new features. More than 18,000 posts later, the Community is thriving and one of our experts just passed a milestone we can't help but celebrate. User @Simon responded to his 1000th post last Monday and he hasn't slowed down since, offering 32 more posts since then. He's a hero to us and we wanted to get some insight into what he gets out of being such a key contributor. So we asked him 6 questions, and -- typically -- he quickly responded to them all. Let's meet Simon. Gosh, I never expected such royal treatment just by making 1000 posts! :D How long have you been using F-Secure? I've been using F-Secure, on and off, since 2006, but had to have a break from it shortly after I joined here, due to problems with iTunes compatibility. What is your favourite device? My favourite device is my mobile phone, and that is from where I do most of my postings! I had an iPhone for several years, but due to the cost of the iPhone 6, and reported build quality issues (bendygate), I've recently switched to an HTC One M8, which I am still getting used to. Do you have a favourite post you've made of your more than 1,000? I don't really have a favorite post - but I guess the most rewarding ones are those marked as solutions, or appreciated in other ways. What's the best thing that's happened since you joined the Community since 2011? I guess the best thing that's happened, F-Secure related, since joining the community, is taking part in the Beta program. It's always nice to have an opportunity to try out new things, not to mention, it gives me protection for free! :D The other best thing is getting to know some new people, and becoming a little more familiar with F-Secure staff, both on the forum, and in the Beta program. Is there any one solution/piece of advice you find yourself posting over and over? One solution/piece of advice I find myself posting over and over, is telling mobile phone users that we can't unlock their phones on the forum! This can be quite frustrating, especially when the same answer was given to the person who posted before, in the same thread, and people just can't be bothered to read it! As far as other advice goes, there are people, like NikK who have far more technical expertise than me, and his advice is excellent. Sometimes, though, people just want a simple and straightforward answer, and the most simple and straightforward answer is often to reinstall the product, as that seems to fix many issues, so I guess that's probably the one I give out the most. Favourite emoticon? :D Cheers, Simon! Sandra

Nov 5, 2014
DIGITAL WAR ON THE HONG KONG PROTESTERS

Is this China's digital riot police? A "particularly remarkable advanced persistent threat" has been compromising websites in Hong Kong and Japan for months, according to Volexity. The pro-democratic sites that have been infected include "Alliance for True Democracy – Hong Kong" and "People Power – Hong Kong" along with several others identified with the Occupy Central and Umbrella Revolution student movements behind the massive protests against the Chinese government. Visitors to the sites are being targeted by malware designed for "exploitation, compromise, and digital surveillance". In an analysis on our Labs Blog, Micke notes that it's possible that cybercriminals could be simply piggybacking on the news without any political motivation. However, the Remote Access Trojans (RATs) being used could provide serious advantages to political opponents of the movement. "A lot of the visitors on these sites are involved in the movement somehow, either as leaders or at grassroot level," he writes. "Their enemy could gain a lot of valuable information by planting RATs even in a small fraction of these peoples’ devices." And even leaders aren't compromised, the publicity around the attack will drive users away from the sites. This is a tactic that would definitely benefit those who want these see protests to end ASAP.  And it would be a far more effective tactic if not for social networks like Twitter that can be accessed to plan resistance,even if the government blocks them -- as long as you have a VPN solution like our Freedome. If the goal is to cripple the protests by targeting protesters, "you don’t have to be a genius to figure out that China is the prime suspect," Micke writes. The significance a state-sponsored RAT attack -- or even a state-condoned attack carried out by privateers -- would be immense. Criminals use malware to target individuals, businesses and governments themselves. Government-sponsored cyberattacks on citizens practicing civil disobedience could be considered an escalation beyond even likely government-sponsored surveillance malware like Flame, which forces businesses to consider malware attacks from their own governments. Over the last year we've learned just how far suspicious governments will go to play defense against internet users who haven't been accused of any crime. Now we're seeing hints that a government may be willing to play offense too.

Oct 15, 2014
cryptolocker

Unlike Team Fortress 2 or Doom, two of the most popular PC games of all time, GameOver ZeuS is not a game you can buy online or would willingly download on to your computer. What is GameOver ZeuS? While we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began infecting users in 2012. Gameover ZeuS is designed to capture banking credentials from infected computers, and make wire transfers to criminal accounts overseas. It was allegedly authored by Russian hacker Evgeniy Bogachev, who then implanted it on computers all around the world; building a network of infected machines - or bots - that his crime syndicate could control from anywhere. It’s predominately spread through spam e-mail or phishing messages. So far, it’s been estimated to scam people out of hundreds of millions of dollars and it’s only getting worse. It doesn’t stop there; Gameover ZeuS can also be modified by hackers to load different kinds of Trojans on to it. One such Trojan is a ransomware called CryptoLocker, which is a devastating malware that locks a user’s most precious files by encrypting all the files until he or she pays the hacker a ransom. In June 2014, the FBI, Europol, and the UK’s National Crime Agency announced they had been working closely with various security firms and academic researchers around the world and took action under a program dubbed “Operation Trovar.” This initiative temporarily disrupted the system that was spreading the Trojan and infecting computers, allowing a temporary pause in additional computers from being infected. However, computers that were already infected remained at risk, as they were still compromised. What’s next? The disruption of the GameOver ZeuS botnet was a great success in many ways, but it’s not over. Our security advisor, Sean Sullivan, worries that this temporary disruption was actually more dangerous than completely taking it down. “Without arresting Bogachev, Gameover ZeuS is still a huge threat and likely to evolve to become more dangerous. The hackers can just as easily program a future version of the Trojan to initiate a “self-destruct” order (like destroy every file on a computer) if the ransom isn’t paid, or if authorities try to intervene.” What can we do to protect our digital freedom? Beware of malicious spam and phishing attempts — don’t open any attachments within emails unless you are specifically expecting something. Check email attachments carefully, and make sure you don’t open any files that automatically launch, which frequently end in .exe Have an Internet security solution in place and keep it up to date Keep your Windows operating system and your Internet browser plugins updated Back up all of your personal files regularly Also, check your machines to be sure you do not carry the Gameover ZeuS Trojan. For more information on how this powerful Trojan works and how it is spread, check out this this video. [protected-iframe id="888198d18fd45eae52e6400a39fb4437-10874323-9129869" info="//www.youtube-nocookie.com/v/JhiPDbTIsqw?hl=en_US&version=3&rel=0" width="640" height="360"] Have more questions? Ask us here on the blog.  

Sep 20, 2014
PROTECTS YOUR DEVICES

In the early twenty-first century, when hackers were mostly pranksters, having security software on your PC was mostly about saving you some trouble. In 2014, international crime syndicates regularly co-opt millions of computers in order to systematically steal banking information, take identities and hold files for ransom, security isn't about convenience. It's about giving our families the freedom to live our lives online with out the threat of strangers invading our lives, hijacking our time and money. An anti-virus on one PC is a good step. But who just uses one PC now? Many of us three different devices before breakfast. That's why we created F-Secure SAFE -- it's built to protect all the devices and all of the people in your family. The latest update of SAFE is designed to make it easier to install on infected computers for a smoother overall experience. It also gives your tools to keep your devices and family safe wherever they go. Since SAFE is such a dramatic expansion of what our traditional F-Secure Internet Security does we wanted to cover 16 ways it protects you, your family and your devices. And to celebrate the new SAFE launch, we're giving away one SAFE hoodie and a free year of SAFE on our Facebook page every day for 16 days beginning on September 16. Please read the rules and enter now. Here's how SAFE protects you, your devices and your family: PCs and laptops 1. Protection against ransomware Thanks to browsing protection, F-Secure SAFE protects you against malicious software that impersonates authorities, such as Interpol or the FBI, and may block your computer, demanding ransom for unblocking it and preventing you from accessing your files until you pay. Thanks to F-Secure SAFE, all known versions of this insidious type of malware can't get on your computer. 2. Protect your home computer in the same way your office computer is protected Your office computer is protected by software that safeguards it against viruses and protects corporate data against theft by criminals. SAFE gives you the same options on your home computer. 3. Limit the time your children spend on the Internet. If you think that your children may spend too much time browsing the internet or playing online games, SAFE will let you decide for how many hours they are allowed to do it every day. You can easily define in which hours exactly they connect to the Internet. If they try to go online during unapproved times, the computer will not connect to the Internet. 4. Online banking protection your bank knows you need Do you know that most banks recommend in terms of security is using paid anti-virus software when banking online? SAFE ensures you meet these recommendations. 5. Safeguard your memories  F-Secure Safe protects the photos and videos of your children or grandchildren against falling into the wrong hands. The built-in anti-virus application and protection against as-yet-unknown threats ensure that all of the memories collected on your computer are fully protected. Your files will never be destroyed, encoded to demand payment for decoding them, or intercepted in order to be published or to gain profit from distributing them. 6. Protect your children against adult content Define which sort of content can be accessed by your children, whether you're monitoring them or not. 7. Shop online without worry Thanks to protection against spyware and browsing protection, your credit card number is invisible to criminals. Now you can relax when shopping online, booking hotels or buying air tickets. Tablets 1. Control which apps your kids can install Keep games that involve virtual violence, sex or gambling off your child's device with a simple setting. 2. Decide which sites your child can visit  Even if they use tablets in their rooms, you can be sure that they visit no websites inappropriate for their age. 3. Protect your device against malware with browsing protection. Protect yourself from phishing scams, ransomware and malicious apps that could be triggered by visiting the wrong site. 4. Keep login data and online banking passwords secure SAFE protects your tablet against spyware that steals your bank login data. Smartphones 1. Find your missing phone. Locate your lost phone and make sure no one can access your data should your device be stolen. 2. Find your child Check the location of your child’s phone from our simple web portal. 3. Avoid surprising charges Are you concerned that your children may install games than require additional payments? F-Secure Safe lets you control which software is installed on their phones. 4. Block calls and text messages from unwanted numbers Start your own "Do not call" list with this feature that allows you decide who has access to you through your phone. 5. Keep your phone malware free More than 99 percent of all mobile malware targets Android, which is the second most targeted platform in the world behind Windows. With SAFE, you have protection from increasingly complex ransomware and trojans designed to get inside your phone then your wallet. You can try F-Secure SAFE for free now. Cheers, Sandra

Sep 15, 2014