Follow me on:

latest posts from Sandra@F-Secure

iCloud Hack

When news broke that Facebook was at least temporarily using users physical location to suggest real world connections, a strategy that has been employed by the NSA, the backlash was sharp.  It wasn't difficult to imagine scenarios when identities could be inadvertently and uncomfortably revealed through group therapy, 12-step meetings or secretive political movements. The world's most popular social network quickly said it would not continue what it called a small-scale test nor roll the feature on a wider scale in the future. But Facebook is still using your location data for other purposes, Fusion's Kashmir Hill reports: We do know that Facebook is using smartphone location for other things, such as tracking which stores you go to and geotargeting you with ads, but the social network now says it’s not using smartphone location to identify people you’ve been physically proximate to. Hill notes that using location to match users up, thus acting as a tool to reveal the identity of nearby strangers, might violate Facebook's agreement with the Federal Trade Commission . So you should expect that your location -- like everything you do on Facebook -- is being used to turn you into a better product for its advertisers. That's the cost of using a "free" site but you can limit your exposure a bit by turning off location services for Facebook on your phone. Here's very simple instructions for turning off location services on your Facebook and Facebook Messenger apps on your Android of iOS device. Do you mind if Facebook uses your location to suggest new friends? Let us know in the comments. [Image by Lwp Kommunikáció | Flickr]

June 30, 2016

In Finland, there is this thing called juhannus. A few years ago, our former colleague Hetta described it like this: Well, Midsummer – or juhannus – as it is called in Finnish, is one of the most important public holidays in our calendar. It is celebrated, as you probably guessed, close to the dates of the Summer Solstice, when day is at its longest in the northern hemisphere. Finland being so far up north, the sun doesn’t set on juhannus at all. Considering that in the winter we get the never ending night, it’s no surprise we celebrate the sun not setting. So what do Finns do to celebrate juhannus? I already told you we flock to our summer cottages, but what then? We decorate the cottage with birch branches to celebrate the summer, we stock up on new potatoes which are just now in season and strawberries as well. We fire up the barbecue and eat grilled sausages to our hearts content. We burn bonfires that rival with the unsetting sun. And we get drunk. If that isn't vivid enough, this video may help: [protected-iframe id="f18649f0b62adf8eb1ec638fa5066050-10874323-9129869" info="" width="560" height="315" frameborder="0" style="border: none; overflow: hidden;" scrolling="no"] And because the celebration is just so... celebratory, it's easy to lose your phone. So here are a few ways to prepare yourself for a party that lasts all night. 1. Don't use 5683 as your passcode. That spells love and it's also one of the first passcodes anyone trying to crack into your phone will try. So use something much more creative -- and use a 6-digit code if you can on your iPhone. You can also encrypt your Android. 2. Write down your IMEI number. If you lose your phone, you're going to need this so make sure you have it written down somewhere safe. 3. Back your content up. This makes your life a lot easier if your party goes too well and it's pretty simple on any iOS device. Just make sure you're using a strong, unique password for your iCloud account. Unfortunately on an Android phone, you'll have to use a third-party app. 4. Maybe just leave it home. Enjoy being with your friends and assume that they'll get the pictures you need to refresh your memory. And while you're out you can give your phone a quick internal "clean" with our free Boost app. [Image by Janne Hellsten | Flickr]

June 22, 2016

All the software security in the world won't protect your laptop if someone swipes it, compromises it with malware and then returns it to you without you ever noticing. So if you must travel with your laptop in places you don't feel 100 percent secure, you should consider traveling with glitter nail polish. Yes, it must be glitter nail polish. Here's why. A few years back, two security researchers presented a tactic to combat what's known as "An Evil Maid attack" that's more effective than simply applying a tamper-proof sticker on your laptop, since those stickers aren't as "tamper-proof" as you might imagine. "The idea is to create a seal that is impossible to copy," Wired's John Borland writes. "Glitter nail polish, once applied, has what effectively is a random pattern. Once painted over screws or onto stickers placed over ports, it is difficult to replicate once broken." Then you take a picture before you leave your machine and another when you return. It would be ideal if you don't take any other pictures while you're out so you can easily do a side-by-side comparison. It's a technique the researchers borrowed from astronomers who study the night sky. Of course, this isn't a fail-safe system that keeps hackers out. It lets you know if they've been in, so you don't exacerbate the breach by continuing to use the PC. "And a few bits of advice from a seasoned glitter polish user: Make sure to let it dry before you take the photo, or the glitter could move if it’s disturbed and upset your carefully documented pattern," Motherboard's Victoria Turk writes. "I’d also advise against painting it directly onto your devices as it’s sticky stuff and difficult to remove (and I wouldn’t want to get nail polish remover—effectively paint stripper—too near any expensive parts). Painting the glitter onto a sticker (that you can't cleanly peal back and replace) might be a good solution." Opsec -- or operational security -- is both an art and science. It's almost impossible to do perfectly, but if you're protecting high value data and need to be abroad this technique may come in handy.

June 9, 2016
Mobile World Congress, #MWC16, F-Secure Sense

The world's top mobile hardware and software manufacturers and experts are gathering in Barcelona again for the Mobile World Congress. And while new hardware -- like the sharp new Samsung S7, the futuristic LG G5  and the Samsung Gear VR -- makes news around the globe, the real story of #MWC16 is the Internet. Sure, you've probably heard this story before. But now the story is even bigger "The Internet is becoming an invisible fabric—like air—that enables all the services we’ve come to depend on—from communications to banking to driving in the right direction," Wired's Jessi Hempel wrote. The irony of having more Internet in our lives is that it feels like less Internet. "The more our world becomes connected, the more we stop noticing it altogether," Hempel explained. "Things just work. This morning, I called a cab (Halo), transferred money to my partner (Venmo), read up on trends (Twitter), and checked in with my editor (Slack)—all in about ten minutes." The real question is not if the Internet will become a part of our home life but how quickly it does. The Internet of Things has been a rare tech development that has been driven by commercial and government adoption and not consumers -- many of whom got laptops and iPhones for personal use before their work ever offered them one. "Cities like Los Angeles and San Antonio are deploying connected street lighting to cut down on waste and make streets safer for drivers," Mike Feibus wrote in USA Today. "And companies like GE and Harley-Davidson are connecting factory equipment to decrease downtime by predicting equipment failure, and to anticipate heating and cooling needs to cut costs and improve comfort." But that doesn't mean home users aren't picking on the technology. Feibus notes there are 2.9 billion home IoT units versus 1.6 billion commercial devices. But that includes Smart TVs, gaming units and home theaters. Consumers are not yet migrating in droves to Internet-connected "home automation, energy and security devices." Why are consumers so wary? It could be the same reason that U.S. Armed Forces isn't rushing to get on IoT despite the obvious strategic advantages -- security. An F-Secure survey last year found that 7 of 10 people were worried about their "smart home" devices being hacked. And poll after poll says that consumers worry about IoT security, which is probably why they stick to products that seem like natural upgrades to audio-visual equipment they already own but aren't branching out more than that -- despite the potential to save time, money and lives by making homes smart. We want to help change this. That's why we're at Mobile World Congress to introduce people to SENSE. SENSE is a brand new security and privacy product designed to protect people, smart homes, and all of the Internet-connected devices people use to get online. What does SENSE protect? Everything. That is everything in your home that connects to the Internet. It's the device you need to have the confidence to begin automating your home. And we want to give you the chance to see for yourself that it works. If you're at #MWC16, we hope to meet you so you can meet SENSE. If not, you can get a good look at SENSE here.

February 23, 2016
Virdem malware, old viruses, Malware Museum

What's so fun about old malware? In just four days more than a hundred thousand people have visited The Malware Museum -- an online repository of classic malware, mostly viruses, that infected home computers in the 1980s and 90s. Working with archivist Jason Scott, Mikko Hyppönen -- our Chief Research Officer -- put together 78 examples finest/worst examples of old-school malware that includes emulations of the infections with the destructive elements removed so you can enjoy them safely. "I only chose interesting viruses," Mikko told BBC News. The result is "nerdy nostalgia," says PC Magazine's Stephanie Mlot. The exhibits feature clunky ASCII graphics, pot references and obscure allusions to Lord of the Rings. While an early ancestor of ransomware like Casino was willing to ruin your files and call you an "a**hole," it wasn't trying to extort any cash out of you. That's because the creators of these early forms of digital vandalism were amateurs in the truest sense of the world. They did it for the love of mayhem. We long for the days of "happy hackers," as Mikko calls them, because the malware landscape today is so ominous. "Most of the malware we analyze today is coming from organized criminal groups... and intelligence agencies," Mikko explained. To keep the memories of the good old days alive, we're going to make t-shirts celebrating some classic malware. And we'd like you to choose which viruses we should commemorate. CRASH V SIGN FLAME CASINO PHANTOM (Image via @danooct1) [polldaddy poll=9302985] If you appreciate the Museum, Mikko asks that you contribute to the Internet Archive. You can learn more about Malware from Mikko's Malware Hall of Fame. Cheers, Sandra

February 8, 2016

January 28 is Data Privacy Day in the U.S. and Data Protection Day in Europe and the idea is the same all over the world: If you don't watch out for your data, no one will. Every day, we put tremendous amounts of trust in the sites we use, the services we choose and the governments who are supposed to protect us but spend a lot of time making sure they can watch us too. It takes a society to shape these policies and we encourage you to join with those who demand privacy as a human right. But even as an individual, there is a lot you can do to keep your data private. In fact, there's probably too much you can do. Many of us get inundated with security and privacy tips and end up doing nothing to protect ourselves. So this Privacy Day, keep it simple. Just focus on one new thing you can do to keep your data more secure. Here is a privacy menu to choose from: Always lock your PC and devices when they aren't in use. And if you want to step it up, don't just use a good passcode, use a good passphrase. Stop trying to memorize your passwords. And do what the pros do: use a password manager like our F-Secure KEY, which is free on one device, instead. Check your privacy settings. Start with the platform you use the most. Use two-factor authentication. It's the easiest way to keep your accounts from being hacked and more and more sites offer it. Always use a VPN when you connect to public Wi-Fi. Avoid bad network connections and keep your data from being sniffed. Our Freedome VPN also blocks online trackers. If you do all of these things, good on you. You're ready to go to Edward Snowden or an ex-FBI agent levels of privacy. Cheers, Sandra  

January 28, 2016