Sandra@F-Secure

Follow me on:

latest posts from Sandra@F-Secure

IMG_3395

It's like a press conference anyone can join from anywhere. And even if you don't have a question, you can upvote the ones you don't like and downvote the ones you do. President Obama did one. Snoop Dogg/Snoop Lion did one. An astronaut did one from outer space. And our Mikko Hypponen will sit down for his second Reddit AMA on December 2 at 9 AM ET. If you have something you've wanted to ask him about online security, great. If not, here are five resources that document some of Mikko's more than two decades in the security industry to prod you or prepare you. 1. Check out this 2004 profile of his work from Vanity Fair. 2. Watch his 3 talks that have been featured on TED.com. [protected-iframe id="7579bbf790267cc081ac7d92d951262c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="fdf818f4afa2f7dcb179c5516c44918c-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] [protected-iframe id="54be2fe9bce28ae991becbe3d4291e56-10874323-9129869" info="https://embed-ssl.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act.html" width="640" height="360" frameborder="0" scrolling="no" webkitallowfullscreen="" mozallowfullscreen="" allowfullscreen=""] 3. Check out his first AMA, which took place just after his first talk at TEDglobal was published. 4. Take a trip to Pakistan with Mikko to meet the creators of the first PC virus. [protected-iframe id="8c0605f62076aa901ed165dbd3f4fcd7-10874323-9129869" info="//www.youtube-nocookie.com/v/lnedOWfPKT0?version=3&hl=en_US&rel=0" width="640" height="360"] 5. To get a sense of what he's been thinking about recently, watch his most recent talk at Black Hat "Governments as Malware Creators". [protected-iframe id="54b24406f022e81b15ad6dadf2adfc93-10874323-9129869" info="//www.youtube-nocookie.com/v/txknsq5Z5-8?hl=en_US&version=3&rel=0" width="640" height="360"] BONUS: Make sure you follow him on Twitter to get a constant stream of insight about online security, privacy and classic arcade games. Cheers, Sandra

Nov 14, 2014
Screen Shot 2014-11-04 at 5.06.36 PM

When the F-Secure Community opened in 2011, our Customer Care team envisioned it as a nexus where experts from both inside and outside of F-Secure could help each other and users in search of answers. Since then, it has been refined and expanded to include a German board and forum for you to prod our developers with ideas for new features. More than 18,000 posts later, the Community is thriving and one of our experts just passed a milestone we can't help but celebrate. User @Simon responded to his 1000th post last Monday and he hasn't slowed down since, offering 32 more posts since then. He's a hero to us and we wanted to get some insight into what he gets out of being such a key contributor. So we asked him 6 questions, and -- typically -- he quickly responded to them all. Let's meet Simon. Gosh, I never expected such royal treatment just by making 1000 posts! :D How long have you been using F-Secure? I've been using F-Secure, on and off, since 2006, but had to have a break from it shortly after I joined here, due to problems with iTunes compatibility. What is your favourite device? My favourite device is my mobile phone, and that is from where I do most of my postings! I had an iPhone for several years, but due to the cost of the iPhone 6, and reported build quality issues (bendygate), I've recently switched to an HTC One M8, which I am still getting used to. Do you have a favourite post you've made of your more than 1,000? I don't really have a favorite post - but I guess the most rewarding ones are those marked as solutions, or appreciated in other ways. What's the best thing that's happened since you joined the Community since 2011? I guess the best thing that's happened, F-Secure related, since joining the community, is taking part in the Beta program. It's always nice to have an opportunity to try out new things, not to mention, it gives me protection for free! :D The other best thing is getting to know some new people, and becoming a little more familiar with F-Secure staff, both on the forum, and in the Beta program. Is there any one solution/piece of advice you find yourself posting over and over? One solution/piece of advice I find myself posting over and over, is telling mobile phone users that we can't unlock their phones on the forum! This can be quite frustrating, especially when the same answer was given to the person who posted before, in the same thread, and people just can't be bothered to read it! As far as other advice goes, there are people, like NikK who have far more technical expertise than me, and his advice is excellent. Sometimes, though, people just want a simple and straightforward answer, and the most simple and straightforward answer is often to reinstall the product, as that seems to fix many issues, so I guess that's probably the one I give out the most. Favourite emoticon? :D Cheers, Simon! Sandra

Nov 5, 2014
DIGITAL WAR ON THE HONG KONG PROTESTERS

Is this China's digital riot police? A "particularly remarkable advanced persistent threat" has been compromising websites in Hong Kong and Japan for months, according to Volexity. The pro-democratic sites that have been infected include "Alliance for True Democracy – Hong Kong" and "People Power – Hong Kong" along with several others identified with the Occupy Central and Umbrella Revolution student movements behind the massive protests against the Chinese government. Visitors to the sites are being targeted by malware designed for "exploitation, compromise, and digital surveillance". In an analysis on our Labs Blog, Micke notes that it's possible that cybercriminals could be simply piggybacking on the news without any political motivation. However, the Remote Access Trojans (RATs) being used could provide serious advantages to political opponents of the movement. "A lot of the visitors on these sites are involved in the movement somehow, either as leaders or at grassroot level," he writes. "Their enemy could gain a lot of valuable information by planting RATs even in a small fraction of these peoples’ devices." And even leaders aren't compromised, the publicity around the attack will drive users away from the sites. This is a tactic that would definitely benefit those who want these see protests to end ASAP.  And it would be a far more effective tactic if not for social networks like Twitter that can be accessed to plan resistance,even if the government blocks them -- as long as you have a VPN solution like our Freedome. If the goal is to cripple the protests by targeting protesters, "you don’t have to be a genius to figure out that China is the prime suspect," Micke writes. The significance a state-sponsored RAT attack -- or even a state-condoned attack carried out by privateers -- would be immense. Criminals use malware to target individuals, businesses and governments themselves. Government-sponsored cyberattacks on citizens practicing civil disobedience could be considered an escalation beyond even likely government-sponsored surveillance malware like Flame, which forces businesses to consider malware attacks from their own governments. Over the last year we've learned just how far suspicious governments will go to play defense against internet users who haven't been accused of any crime. Now we're seeing hints that a government may be willing to play offense too.

Oct 15, 2014
cryptolocker

Unlike Team Fortress 2 or Doom, two of the most popular PC games of all time, GameOver ZeuS is not a game you can buy online or would willingly download on to your computer. What is GameOver ZeuS? While we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began infecting users in 2012. Gameover ZeuS is designed to capture banking credentials from infected computers, and make wire transfers to criminal accounts overseas. It was allegedly authored by Russian hacker Evgeniy Bogachev, who then implanted it on computers all around the world; building a network of infected machines - or bots - that his crime syndicate could control from anywhere. It’s predominately spread through spam e-mail or phishing messages. So far, it’s been estimated to scam people out of hundreds of millions of dollars and it’s only getting worse. It doesn’t stop there; Gameover ZeuS can also be modified by hackers to load different kinds of Trojans on to it. One such Trojan is a ransomware called CryptoLocker, which is a devastating malware that locks a user’s most precious files by encrypting all the files until he or she pays the hacker a ransom. In June 2014, the FBI, Europol, and the UK’s National Crime Agency announced they had been working closely with various security firms and academic researchers around the world and took action under a program dubbed “Operation Trovar.” This initiative temporarily disrupted the system that was spreading the Trojan and infecting computers, allowing a temporary pause in additional computers from being infected. However, computers that were already infected remained at risk, as they were still compromised. What’s next? The disruption of the GameOver ZeuS botnet was a great success in many ways, but it’s not over. Our security advisor, Sean Sullivan, worries that this temporary disruption was actually more dangerous than completely taking it down. “Without arresting Bogachev, Gameover ZeuS is still a huge threat and likely to evolve to become more dangerous. The hackers can just as easily program a future version of the Trojan to initiate a “self-destruct” order (like destroy every file on a computer) if the ransom isn’t paid, or if authorities try to intervene.” What can we do to protect our digital freedom? Beware of malicious spam and phishing attempts — don’t open any attachments within emails unless you are specifically expecting something. Check email attachments carefully, and make sure you don’t open any files that automatically launch, which frequently end in .exe Have an Internet security solution in place and keep it up to date Keep your Windows operating system and your Internet browser plugins updated Back up all of your personal files regularly Also, check your machines to be sure you do not carry the Gameover ZeuS Trojan. For more information on how this powerful Trojan works and how it is spread, check out this this video. [protected-iframe id="888198d18fd45eae52e6400a39fb4437-10874323-9129869" info="//www.youtube-nocookie.com/v/JhiPDbTIsqw?hl=en_US&version=3&rel=0" width="640" height="360"] Have more questions? Ask us here on the blog.  

Sep 20, 2014
PROTECTS YOUR DEVICES

In the early twenty-first century, when hackers were mostly pranksters, having security software on your PC was mostly about saving you some trouble. In 2014, international crime syndicates regularly co-opt millions of computers in order to systematically steal banking information, take identities and hold files for ransom, security isn't about convenience. It's about giving our families the freedom to live our lives online with out the threat of strangers invading our lives, hijacking our time and money. An anti-virus on one PC is a good step. But who just uses one PC now? Many of us three different devices before breakfast. That's why we created F-Secure SAFE -- it's built to protect all the devices and all of the people in your family. The latest update of SAFE is designed to make it easier to install on infected computers for a smoother overall experience. It also gives your tools to keep your devices and family safe wherever they go. Since SAFE is such a dramatic expansion of what our traditional F-Secure Internet Security does we wanted to cover 16 ways it protects you, your family and your devices. And to celebrate the new SAFE launch, we're giving away one SAFE hoodie and a free year of SAFE on our Facebook page every day for 16 days beginning on September 16. Please read the rules and enter now. Here's how SAFE protects you, your devices and your family: PCs and laptops 1. Protection against ransomware Thanks to browsing protection, F-Secure SAFE protects you against malicious software that impersonates authorities, such as Interpol or the FBI, and may block your computer, demanding ransom for unblocking it and preventing you from accessing your files until you pay. Thanks to F-Secure SAFE, all known versions of this insidious type of malware can't get on your computer. 2. Protect your home computer in the same way your office computer is protected Your office computer is protected by software that safeguards it against viruses and protects corporate data against theft by criminals. SAFE gives you the same options on your home computer. 3. Limit the time your children spend on the Internet. If you think that your children may spend too much time browsing the internet or playing online games, SAFE will let you decide for how many hours they are allowed to do it every day. You can easily define in which hours exactly they connect to the Internet. If they try to go online during unapproved times, the computer will not connect to the Internet. 4. Online banking protection your bank knows you need Do you know that most banks recommend in terms of security is using paid anti-virus software when banking online? SAFE ensures you meet these recommendations. 5. Safeguard your memories  F-Secure Safe protects the photos and videos of your children or grandchildren against falling into the wrong hands. The built-in anti-virus application and protection against as-yet-unknown threats ensure that all of the memories collected on your computer are fully protected. Your files will never be destroyed, encoded to demand payment for decoding them, or intercepted in order to be published or to gain profit from distributing them. 6. Protect your children against adult content Define which sort of content can be accessed by your children, whether you're monitoring them or not. 7. Shop online without worry Thanks to protection against spyware and browsing protection, your credit card number is invisible to criminals. Now you can relax when shopping online, booking hotels or buying air tickets. Tablets 1. Control which apps your kids can install Keep games that involve virtual violence, sex or gambling off your child's device with a simple setting. 2. Decide which sites your child can visit  Even if they use tablets in their rooms, you can be sure that they visit no websites inappropriate for their age. 3. Protect your device against malware with browsing protection. Protect yourself from phishing scams, ransomware and malicious apps that could be triggered by visiting the wrong site. 4. Keep login data and online banking passwords secure SAFE protects your tablet against spyware that steals your bank login data. Smartphones 1. Find your missing phone. Locate your lost phone and make sure no one can access your data should your device be stolen. 2. Find your child Check the location of your child’s phone from our simple web portal. 3. Avoid surprising charges Are you concerned that your children may install games than require additional payments? F-Secure Safe lets you control which software is installed on their phones. 4. Block calls and text messages from unwanted numbers Start your own "Do not call" list with this feature that allows you decide who has access to you through your phone. 5. Keep your phone malware free More than 99 percent of all mobile malware targets Android, which is the second most targeted platform in the world behind Windows. With SAFE, you have protection from increasingly complex ransomware and trojans designed to get inside your phone then your wallet. You can try F-Secure SAFE for free now. Cheers, Sandra

Sep 15, 2014
super hacker fest

Black Hat conferences promise to "put you face to face with people on the cutting edge of network security, and with no vendor pitches." In other words: just the latest industry intelligence with no marketing BS. The USA edition begins in Las Vegas on Saturday August 2 and two experts from F-Secure Labs will be there. Unlike the NSA, our Mikko Hypponen will presenting this year. His talk -- "Governments as Malware Authors: The Next Generation"-- will likely be of interests to spy agencies all over the globe. "After canceling his RSA talk in protest, Mikko delivered his talk on Governments as Malware Authors at TrustyCon instead," the description reads. "This follow-up talk will look at what's changed since then, and what new we have learned about governments that write malware." Timo Hirvonen will be giving his first Black Hat talk on "Dynamic Flash Instrumentation for Fun and Profit". Timo has been working on the Deep Guard technology in our security products for years and is an expert in analyzing the kind of files most likely to infect you -- including Java files and PDFs. In this talk he will introduce and demonstrate "the first tool that enables dynamic analysis of malicious Flash files". But our experts also value the information they pick up from talks -- whether they are attending or not. BadUSB: Big, bad USB security problems ahead: http://t.co/2xrL1vrE2x ~ About Karsten Nohl's upcoming Black Hat talk. Looks very interesting. — Sean Sullivan (@5ean5ullivan) August 1, 2014 Antti Tikkanen, our Director of Security Response, gave us a list of talks he'd be attending if he were in Las Vegas this year: - A SURVEY OF REMOTE AUTOMOTIVE ATTACK SURFACES. More of car hacking, which has been in the news with Tesla lately. - COMPUTRACE BACKDOOR REVISITED. "We have found several proofs of unauthorized activations of Absolute Computrace anti-theft software on our private and corporate computers and discovered that this software can be used as an advanced removal-resistant BIOS-based backdoor." - DISSECTING SNAKE - A FEDERAL ESPIONAGE TOOLKIT. Should be a good warmup for Mikko's talk. And what's Mikko looking forward to? "The BadUSB talk should be good," he told us. "And I'm always looking forward for Pwnie Awards." Cheers, Sandra [Image by Marco Verch via Flickr.]

Aug 1, 2014
Password joke

You come back after a nice vacation, rested, tanned and ready to catch up on a few weeks of email.  The only problem? You've forgotten your password. This may seem like a trivial problem, until you realize that it's not just you -- it's the guy at the next desk and the next desk and the next desk. And it isn't just one account. A new report finds that lost or forgotten passwords cost the city of Espoo, a city of about 249,000 in Finland, about 18€ per worker for a total cost of 200, 000€ -- every year. And that doesn't include the cost of the workers' lost time. The fact is people have better things to think about than strings of often nonsensical numbers and letters that include a special character. The need for strong, unique passwords for all of our important accounts is overwhelming, with most people needing to remember at least 20 different passwords. Users have been forced to chose between using memorable terrible passwords or forgettable good passwords. At F-Secure, we believe technology should free your mind to deal with important work, not passwords. That's why we created Key, our password manager that offers you one password to rule them all. It stores all your passwords, log-ins, e-mails, PIN codes and other credentials securely. You don't need to think of crazy unguessable passwords because it generates them for you and fill them in as you use the web. And our encryption protects all your data. It's free to use on one device and as cheap as $1.84 a month if you want a premium account that covers all your devices. Give it a try, before you forget. Cheers, Sandra Image courtesy of Lulu Hoeller, flickr.com

Jul 23, 2014