???????

Cyber war is a term we often hear tossed about, but is it just science fiction, or is it really happening? How worried should we be about the potential governmental offensive use of cyber power, and what constitutes a cyber weapon? Mikko Hypponen, Chief Research Officer of F-Secure, joins us this episode to help separate fact from fiction. Links: Episode 20 transcript    

They say that the best defense is a good offense, as football fans or anyone that’s played a game of Risk might agree. But how does this idea look when you apply it to cyber security? F-Secure Principal Security Consultant Tom Van de Wiele joins this episode of Cyber Security Sauna to talk about offensive and defensive approaches to cyber security, and how defenders can use these strategies to protect their systems, operations and data. Links: Episode 19 transcript F-Secure Incident Response Report  

If you're looking for love nowadays, you'll likely turn to an online dating app. But what do these apps mean for your security? What privacy concessions are you making when you swipe? How does your online behavior impact your real life? Sean Sullivan joins Janne this episode to discuss the balancing act of maintaining your privacy while finding a match, avoiding romance scams and the tradeoffs you're making when using Tinder and apps like it. Links:  Episode 18 transcript FBI Internet Crime Complaint Center (IC3) AARP Scams & Fraud page DTR podcast - Mixed Signals episode

2018 is winding to a close and the new year is just around the corner. What's in store for 2019 in cyber security? In this episode, five experts talk about exactly that, and discuss notable trends of 2018. From mobile phishing to AI trends, supply chain attacks, IoT, data privacy and more, our roundtable keeps you abreast of the trends. Joining the show are Adam Sheehan of MWR Infosecurity, and Laura Kankaala, Tom Van de Wiele, Artturi Lehtiö, and Andy Patel, all of F-Secure. Links Episode 17 transcript Facebook Hack Exposes an Internet-Wide Failure - Single Sign-On research

Endpoint protection has been the trusted backbone of many companies' security. But with stories about data breaches and successful cyber attacks constantly in the news, people are beginning to think endpoint security is dead. Whether or not you agree, you might be wondering if there's any truth to this statement. F-Secure's Principal Security Consultant Antti Tuomi joins us this episode to talk about endpoint protection, its strengths and limitations, and when detection and response is needed. Links Episode 16 transcript

Democracy in the digital age is a wonderful yet wild beast. When it comes to electing our leaders nowadays, we're faced with questions about how to escape the influence of malicious actors. With the US midterm elections just around the corner, F-Secure security adviser Sean Sullivan joins us this episode to talk about the complexities of the US election system, why going back to all paper ballots isn't the answer for securing it, and how the hacker mindset can help. Links: Episode 15 transcript Vox: The Brexit ballot is amazingly simple New York Times: See which Facebook ads Russians targeted to people like you Campaign ads - in the transcript  

Should your laptop ever get stolen and fall into the wrong hands, you would probably be comfortable in the knowledge that the data on it is protected by full disk encryption. But what if a malicious adversary could get around that encryption and access the data anyway? F-Secure's Olle Segerdahl and Pasi Saarinen have discovered a flaw that allows attackers to do just that, and it affects almost all modern corporate laptops - probably yours too. Olle and Pasi join us today to talk about bypassing the mitigations vendors have put in place against cold boot attacks, and what companies can do to mitigate the risk. Links: Episode 14 transcript The Chilling Reality of Cold Boot Attacks

Passwords. You plug them into your accounts and the services you use at work, you try little tricks to make them more unique, but have you ever wondered what a hacker thinks of your passwords? For episode 13, ethical hacker Jan Wikholm joins us to talk about passwords – how he cracks them in his job at F-Secure, the tricks hackers know you're using, and what you should do to keep your credentials safe. Jan also fills us in on hashing, how he does brute forcing, how companies should protect their users' passwords, and how to create a secure password you can actually still remember. Links: Episode 13 transcript

How can companies know if their security investments are actually working? Getting attacked is the ultimate test, but hiring a red team is a less disruptive way to find out. These guys rely on technical chops, acting skills and pure creativity to engage in an all-out attack on a company’s defenses. Joining us this episode is Tom Van de Wiele, Principal Security Consultant at F-Secure, to talk about how red teaming can help companies improve their security posture, his tricks for hustling his way into a company, and why the coffee machine is a red teamer's best friend while on a job (but not for the caffeine). Be warned: You’ll never look at strangers around your office the same way again. Links: Episode 12 transcript Video - The Value of Red Teaming, with Tom Van de Wiele

Disinformation. Fake news. Social media manipulation. Lately another dark side of the internet has come into focus - its use as a tool for deception. Technologies like machine learning and artificial intelligence are being employed to play hoaxes and mislead on purpose. Seeing is no longer believing - and moving forward, it's only going to get harder to distinguish facts from falsehoods. Andy Patel from F-Secure's Artificial Intelligence Center of Excellence has been studying this phenomenon. He joins Janne in this episode to share what he's learned about Twitter bots, falsified content and the tools that make it all possible. Links: Episode 11 transcript Andy's Twitter research

Over the past few years, ransomware stole headlines as the biggest malware threat to worry about. Consumers and businesses alike were being hit and forced to shell out money to retrieve their files. But the cybers never stand still, and neither does malware. Nowadays ransomware is being eclipsed by new trends. F-Secure Labs researchers Paivi Tynninen and Jarkko Turkulainen join us to explain why ransomware is on the decline, and what’s taking its place. Listen for the story on cryptojacking and the current world of cybercrime. Links: Episode 10 transcript

The summer holiday season is upon us, and people are looking forward to trading their daily workplace grind for a new adventure. Traveling is always exciting, but it takes you out of your comfort zone, and that gives thieves and criminals opportunities to exploit you. F-Secure principal security consultant Tom Van de Wiele is back to tell us how we can keep our devices and data safe while enjoying a fabulous vacation. Are the kids safe from strangers when playing Minecraft on the hotel WiFi? Is it OK to use Bluetooth in your rental car? What are the most common vacation scams to watch out for? Don't miss this episode, complete with Tom's checklist for what to pack. Links: Episode 9 transcript

After months and months of anticipation, the May 25 deadline has passed and the GDPR is finally in effect. Companies around the world are being held to strict new standards for protecting the data of EU citizens. So what now? How well-prepared are most companies, and what about organizations who still aren't compliant? We're joined by F-Secure's Erik Andersen, who's spent the past few years helping organizations prepare for GDPR, and Hannes Saarinen, Privacy Officer at F-Secure, to get the rundown on GDPR myths and misconceptions, what to expect going forward, and the big idea some companies who object to GDPR are missing. Links: Episode 8 transcript The Big Idea Behind GDPR GDPR - F-Secure Learnings and Best Practices, with Hannes Saarinen

When people look for logos or symbols that emanate security, they often choose a lock. Sure, we know locks can be picked. But what would the world look like if attackers could just walk in without breaking their stride? After years of research, two F-Secure researchers have discovered that by exploiting design flaws in an electronic hotel lock system used in tens of thousands of hotels worldwide, they could create a master key to open any room in the building. In this episode, F-Secure’s Tomi Tuominen and Timo Hirvonen share their story of the "Ghost in the Locks," plus they get real with the unvarnished truth about hacking. The road wasn't easy, but these guys proved that after countless dead ends you can still come out on top.  Links:  Episode 7 blog post and transcript Ghost in the Locks webpage & FAQ Ghost in the Locks presentation at Infiltrate 2018  

Operational security is about turning the tables, looking at things from an attacker's point of view, and identifying how your own actions are making you vulnerable. Listen as Erka Koivunen, CISO of F-Secure, gets us up to speed on opsec: selecting your appropriate threat model, why you should never trust the office network, and tips for "spring cleaning" your opsec (potato chips and nail polish are recommended tools). And don't miss his favorite story of an epic corporate opsec fail. Links: Episode 6 blog post & transcript If you travel with your laptop, you probably should travel with nail polish Common Sense security tips from Erka  

With the disclosure of Meltdown and Spectre early this year, hardware security has come into focus. What are the special challenges of securing hardware versus software? What about securing high-risk industries like aviation and automotive? In this fascinating episode, Andrea Barisani, head of hardware security at F-Secure, shares why we should be thankful for Meltdown, why security problems do not equal safety problems, the one piece of advice he would give hardware manufacturers, and much more. Links: Episode 5 blog post

The Internet of Things promises futuristic smart homes, energy savings and efficiencies, and improvements to health and well-being. But the IoT still has a long way to go before we can safely enjoy these benefits - currently, it threatens our security and privacy. Steve Lord, a 20-year industry veteran and director at Mandalorian, joins the show to talk about the IoT, from smart cars and TVs to Amazon Alexa and Apple Health. You'll learn why companies love your data, the biggest misconception about the IoT, and the one thing you can do to stay secure if you own a smart device. Links: Episode 4 blog post You Actually Own Your Device, and Other Myths About the IoT F-Secure Report: Pinning Down the IoT Corey Doctorow, The Coming War on General Computation  

Data breaches. They're every organization's worst fear. Why are companies so ill-prepared, and what are companies missing in their approach to data breaches? Host Janne Kauhanen is joined by Marko Buuri, Principal Risk Management Consultant at F-Secure, and Tuomo Makkonen, Principal Security Consultant, to give you the lowdown on breaches and what you need to know. Links: Episode 3 blog post

Between zero day news flashes and stunt hacking reports, there are a lot of false conceptions about what it's like to be an infosec professional. So what should you focus on to get into the world of infosec testing or to become a security consultant? What background do you need? How valuable are conferences and certifications? These are just a few of the questions our guest Tom Van de Wiele answers to help you on your way in this rewarding field. Tom is a principal security consultant at F-Secure with 15 years of infosec experience. He specializes in red team operations and targeted penetration testing for the financial, gaming and service industries. When not breaking into banks, Tom acts as an advisor on topics such as critical infrastructure and IoT as well as incident response and cyber crime. Links:  Episode 1 blog post Tom's Top 21 Tips for Becoming an Ethical Hacker

The recent allegations against Russian antivirus vendor Kaspersky have prompted wider questions about antivirus in general - how it operates and what sort of data it collects from customer machines. In the first episode of Cyber Security Sauna, F-Secure's chief research officer Mikko Hypponen joins host Janne Kauhanen to answer these questions. You'll also hear his thoughts on Kaspersky and why it's important to trust your vendor. Links: Episode 1 blog post Episode 1 transcript FAQ: Everything You Wanted to Know About AV Data Transmission But Were Afraid to Ask F-Secure Data Transfer Declaration