It’s not just you. A lot of people are concerned about their privacy on Facebook. Some are worried about being tracked, even when they aren’t logged in. Some are worried about unintentionally sharing private information or opinions that can threaten their reputation or relationships. Others worry about exposing the private data on their machine through some tricky attack.
As Facebook’s new Timeline is being introduced now is the perfect time to think about how you use Facebook. We have given you 3 things to do before you activate Facebook’s new Timeline. We hope you’ll take those steps to review what you have and will be sharing and with whom. What more can you do?
You use smart passwords and have your PC patched and protected. You know, of course, the most important privacy feature on Facebook is the ‘Post’ button. If you make a point of NEVER sharing anything that you wouldn’t want your grandmother or your worst enemy to see publicly, you’re off to a good start.
But what extra step can you take prevent invasive tracking and protect the private data on your computer?
Here’s what Sean from F-Secure Labs recommends: Do all of your social networking in a one browser. Use one browser exclusively for “public” behavior. Then use a separate browser for all of your private banking, shopping and viewing. This strategy helps you avoid worries about tracking and information bleeding between your private and public lives.
Want to be even safer? Use a dedicated machine for your social activity. This is an extremely wise strategy if you use your PC to manage your finances and or business.
An added advantage to using a ‘public’ browser or PC for your social networking is that you’ll constantly remind yourself that what you share online stays online.
So we want to know. What do you think of Facebook’s new Timeline?
This is really an old problem, but it’s in the headlines again. Pokémon Go is yet another example of a “free” game with a business model based on in-app purchases. These games are also known as F2P, standing for free-to-play. You can start playing, and get hooked, for free. But soon you run into a situation where you can’t proceed without buying virtual stuff in the game. The stuff you buy is virtual but the payment is very real money. This is no doubt a profitable model. Pokémon Go went straight to the top and for example Finland-based Supercell, maker of Clash of Clans, has constantly reported nice profits. This can naturally cause trouble for addicted adults, but the real problems arise when kids get hooked. There are numerous public stories about kids making purchases for hundreds or even thousands of Euros, often without even understanding how much they have spent. And the sinister part is that this can go on for a while until you get the credit card bill, and it’s too late. Your chances to get a refund are somewhere between slim and none. But how can this happen? Let’s take a look at the most common scenarios. Your kid has set up the new device and created the needed account with Apple or Google. Everything is fine until he or she needs an app that isn’t free. You enter your credit card on the kid’s device and make the purchase, but you don’t pay any attention to the security settings. This may give your kid carte blanche to buy anything he or she likes, and you pay the bill. You have entered your credit card but set up the kid’s store account so that a password only you know is required for every purchase. But there are some convenient settings that allow purchases without a password within a limited time window after the password has been entered. Kids learn very quickly to utilize this opportunity. Let’s assume the same setup as in the previous point, but with the correct security settings. Now the password is needed for every purchase. But the store account is still owned by the kid and the password can be reset. The password reset link will be sent to the kid’s mail or phone number. It’s carte blanche again with the new password. Ok, you create an account you own for the kids phone. It’s tied to your mail and phone number, so the password reset trick shouldn’t work anymore. You put down your phone and head for the toilet. Your kid has been waiting for the opportunity and initiates the password reset request. Your phone is there on the table wide open, with the reset link in the mail. You can figure out the rest yourself. And of course the simple alternative. You think the store password on your kid’s device is secret. But in reality it is either too easy to guess or someone has been looking over your shoulder. So there’s many things that can go wrong, but what can we do to avoid it? There are many ways to fight this problem, but this is in my opinion the best approach: Let the kid set up the store account on the device and set own passwords. Just like an adult would use a phone, except that there’s no payment method registered. Never enter your credit card number on the kid’s device. On Android, get familiar with Google Play Family. This feature enables you to purchase stuff for your kid on your own device. On iPhone, send apps or money as gifts. There may be applications that bypass the store and handle credit card transactions directly. This can typically be handled with vouchers or other prepaid payment methods instead. The application usually guides the users and list all supported methods. Let’s also take a look at the hard way. Follow these instructions if you for some reasons must have your credit card registered as a payment method on the kid’s device. Make sure the store is protected with a good password that only you know. Make sure the kid isn’t watching too closely when you enter it. Make sure the store is set up to require the password every time a purchase is made. Make sure the store account is attached to an e-mail only you have access to. Make sure the e-mail password is decent and not known to your kid. Make sure your phone’s security settings are decent. Use a PIN or password your kid doesn’t know and make sure it locks automatically quickly enough. Even better, do not have the e-mail of your kids store account on your phone. Access it through web mail when needed. So this is after all a quite complex issue. There are many variations and other ways to deal with the problem. Did I miss some simple and clever way? Write a comment if you think I did. And finally. Yes, there’s also many ways to lock the kids out of the store completely. This does no doubt solve some problems, but I don’t think it’s a good idea. They will after all live their lives in a world where digital devices and services are as natural as breathing. They deserve the opportunity to start practicing for that right now. Let them browse the store and discover all the fun stuff. And be part of the group and use all the same apps as their friends. Let them have fun with the phone and learn, even if they will learn some things the hard way. Don’t ruin it for them. Safe surfing, Micke
This has got to be the quickest Quick Tip of all. Literally. With just one click, it's too easy not to do. You know your computer can be infected. But did you know your router can, too? And because most people just aren't aware of it, if your router is compromised, it could stay that way a long time without you ever knowing. Unless, of course, you use our free Router Checker. No need to download anything. Just visit the page and click to start the check. Hacking your router is just one more method attackers use to display fraudulent advertising, spread malware, or steal your private account credentials. It's called DNS hijacking. When you type in a website name, say "cooldomain.com," you're directed to a DNS server that will find the website's IP address - say "44.567.54.69" for example, and display the website you need. But in a DNS hijack, hackers change your router's settings to direct you to a rogue DNS server. The rogue server will give a malicious IP address, purposely directing you to a website that may look like the one you want, but it's not. Here's an example: Let's say you want to log into your bank account. But unbeknownst to you, you're directed to a look-alike website that's not really your bank. You enter in your bank username and password. Now the attacker has your credentials, which he (or she) can use. F-Secure Router Checker makes sure the settings on your computers, phones, and routers connect to safe DNS servers. So what are you waiting for? Visit the F-Secure Router Checker page and click on "Check Your Router." It's too easy not to do.
F-Secure Labs recently released an analysis of the NanHaiShu Remote Access Trojan, which they believe was used to target "government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea." So what does it look like when you're hit with a cyber attack that may involve some of the most powerful nations on earth? This: Pretty harmless, right? But click on that attachment and you've invited hackers -- possibly even attackers backed by a nation-state -- into your network. An attachment owning fools in 2016? The first piece of internet security advice you ever heard was probably, "Don't click on attachments you weren't expecting!"So who'd click on that?! Employees at prestigious international law firms, government agencies and possibly even the world's most powerful political parties. So how is this happening? Maybe it's a lesson that doesn't sink in, no matter how many times you've heard it. Or maybe cyber criminals have just gotten so good at tricking us with them that, like so many old threats, it's new again. Give that this method of infection is being used by attackers at the highest levels of cyber espionage, we have to assume the latter. Where attackers used to send mass emails out with infected attachments hoping to infect just a small percentage of the recipients, these new attacks utilize "spearphishing" techniques. "These are communications that appear legitimate — often made to look like they came from a colleague or someone trusted — but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer," The Washington Post explained. These emails are carefully crafted or "socially engineered" to seem relevant. Often, as in the case above, they play on our greatest desires, such as money in the form or salary or bonus information. One big reason attackers have gotten so much better at targeting us is that so many of us have decided to make details about our lives public via social media. This is why hackers love your LinkedIn profile. So should you scrub your profile and hide in a time capsule to avoid these attacks? You should definitely be mindful that strangers know more about you than ever and be wary of of strange email that seems overly eager to get you to click on a link or attachment. But these threats are so pervasive and potentially harmful, that they need to be addressed at an organizational level. Our Labs team put together a Threat Intelligence Brief with several recommendations for avoiding RATs like NanHaiShu, including disabling the opening of email file attachments sent from unverified sources as an enforced policy for all installed email programs. That way, you're unlikely to be the weak link that attackers are always looking for.