NEWS FROM THE LAB - February 2012


Wednesday, February 29, 2012

Download: Mobile Threat Report, Q4 2011 Posted by Sean @ 15:36 GMT

Yesterday, our Mobile Threat Report, covering the 4th quarter of 2011, was made available for public release — now, we share it with you. Past reports have been produced for internal use, this is our first external release.

Around half a dozen analysts contributed to the Q4 report (and it looks great, thanks to folks on our graphics team).

Mobile Threat Report, Q4 2011

MTR-Q42011: 32 pages of analysis which includes plenty of interesting details.

Mobile Threat Report, Q4 2011

You can download it here: Mobile Threat Report, Q4 2011 [PDF]


Tuesday, February 28, 2012

What is the definition of cybercrime? Posted by Sean @ 14:01 GMT

Two weeks ago, the "Cybersecurity Act of 2012" was introduced in the U.S. Senate.

The bill (S.2105) is designed to protect critical infrastructure such as water, energy, and transportation. It directs the U.S. Department of Homeland Security (DHS) to coordinate with network operators on developing security standards. A related bill, the "Cybersecurity Information Sharing Act of 2012" (S.2102) was introduced on February 13th.

Naturally, civil liberties group such as the EFF and EPIC examined the legislation. They say it's too broad.

CNET's Elinor Mills: Civil liberties groups: Proposed cybersecurity bill is too broad

Whatever else there is to say about the Cybersecurity Act of 2012, it was a bit surprising to read in CNET's article that "there is no definition of 'crime'." After all, the definition of "cybercrime" has been established for years now.

Thomas, the U.S. Library of Congress's legislative archive, provides 27 results when searching for the term "cyber".

One of those results is for S.1469, the International Cybercrime Reporting and Cooperation Act, which is sponsored by Senator Kirsten Gillibrand of New York.

112th Congress, S. 1469

Senator Gillibrand's bill is a rather concise (and quite readable) four pages and clearly references the Council of Europe's Convention on Cybercrime. The Convention on Cybercrime is also referenced by the longer (40 page) Cybersecurity Act of 2012. It's not as easy to locate, but it's there.

The Convention of Cybercrime treaty was prepared by CoE members and Canada, Japan, South Africa and the United States in 2001. The treaty has been in force since 2004.

Convention on Cybercrime

Anybody with an interest in cybercrime should check out Convention Committee on Cybercrime's website.

Final note: rather than worry about the definition of "crime", we would suggest that the greater concern to citizens can be found in the Cybersecurity Information Sharing Act of 2012's Section 7.


Limitation on liability?

Translation: If "Little Brother" shares your information with third-parties, causes you harm, but is wrong about the security risk — Little Brother isn't liable as long as it acted in "good faith". Limitation of liability essentially encourages a "shoot first and ask questions later" approach to cybersecurity.

Doesn't sound good.

P.S. Limitation of liability (a.k.a. immunity for taking voluntary action) is also prevalent in SOPA.


Wednesday, February 22, 2012

Digital Activists are Building an Uncensorable Network Posted by Sean @ 13:43 GMT

Scientific American's March issue has an intriguing article which explores the efforts of digital activists to circumvent corporate and governmental control over the Internet. The aim of the moment is to configure and build a decentralized mesh network that cannot be blocked, filtered or turned off.

Egypt's Internet shutdown during last year's Arab Spring played a significant inspirational role.

Scientific American, March 2012, The Shadow Web
Image: Scientific American Magazine

With a "shadow" network configured, activists would remain able to communicate, even after central hubs have gone dark.

Scientific American, March 2012, The Shadow Web
Image: Scientific American Magazine

Here's the online version of the article: The Shadow Web

And here are some supplemental links from the print edition:

  •  FreedomBox Foundation
  •  FunkFeuer
  •  Mesh Networks Research Group

Another fascinating addition to all of this is Scientific American's Science Talk podcast: The Coming Entanglement [MP3].

In the podcast, SA editor Fred Guterl talks with Bill Joy and Danny Hillis about the need to build an alternative, hardier network due to the ever increasing complexity of our current Internet (which makes it ever more prone to unexplained failures).

Joy and Hillis envision a simpler, more robust network as a way to shelter some of our critical infrastructure from entanglements.


Tuesday, February 21, 2012

Nightline Takes "A Trip to The iFactory" Posted by Sean @ 13:55 GMT

Nightline, a U.S. news program, will air what's being billed as a special episode this evening on the ABC network. In it, Nightline Co-Anchor Bill Weir will tour Foxconn's factory floor. If you haven't heard of Foxconn, they're the company that manufactures devices such as iPad, iPhone, Kindle, PlayStation 3, Wii, and the Xbox 360.

Weir's invitation to visit "Apple's factory" in China is in part due to growing consumer pressure. Several weeks ago, This American Life, a production of Public Radio International, aired a segment of The Agony and the Ecstasy of Steve Jobs by monologist Mike Daisey. In the story, Daisey, a self-described super fan of Apple, traveled to China to see where his iPhone was made.

You can listen to the story here.

Edited on March 20th: This American Life has retracted Mike Daisey's story. The Retraction episode is now embedded below.

After Mr. Daisey and the Apple Factory aired, social activist groups such as and then organized petitions for Apple to make an "ethical" iPhone. The groups recently delivered over 250,000 signatures to Apple's flagship store in New York.

And so now Foxconn has reached its "Nike moment" (a reference to Nike's PR troubles in the 1990's) and has invited Nightline to tour its facilities to provide more transparency. You can read a preview of the report here: A Trip to The iFactory.

Also of note, Foxconn promised a 25% raise to employees yesterday.

So, what's the lesson of the story?

Our thoughts… looks to us like social activism is superior to hacktivism.

Updated to add: Readers outside of the United States will likely see this if they attempt to view full episodes of Nightline.

You appear to be outside of the United States…

However, you can listen to the full episode right now via Nightline's podcast feed.


Network Security, Circa 1990 Posted by Sean @ 11:36 GMT

AT&T recently released a film from its archive called "Computer Security: You Make The Difference".

While you might chuckle at the 1990's music and production values – the truth is this – many of basic issues that the video (which is a series of films stitched together) attempts to illustrate are still with us today, 22 years later.

And that's not much to chuckle about…

Click to watch

Hat tip to Robin.


Friday, February 17, 2012

Mountain Lion's Gatekeeper: More Control For "You" Posted by Sean @ 14:34 GMT

Yesterday, Apple released Mac OS X Mountain Lion Developer Preview. From a security perspective, its most interesting new feature is Gatekeeper, which restricts installation of downloaded applications based on their source.

"Allow applications downloaded from: Mac App Store; Mac App Store and identified developers; Anywhere"

The default setting is reportedly "Mac App Store and identified developers" which means that developers will have to sign up to Apple's Mac Developer Program ($99 annual fee) if they want to reduce friction. Based on the text in the image below, it seems that even if users opt to install from "Anywhere", Mountain Lion may still nag users that the application doesn't have a Developer ID associated with it.

Apple Gatekeeper, The Developer ID program

And that certainly is not a bad thing, at least in terms of system security. Developer fees and installation prompts will almost certainly create overhead costs that steer Mac's ecosystem towards security.

Gatekeeper also begins to solidify Mac's walled garden.

In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn't really very difficult to imagine it revoking third-party peripheral drivers in order to "secure" that experience.

No matter how many times I view the image below, I keep reading it as: more control – over – you.

Apple Gatekeeper, More Control For You

But that's how Mac enthusiasts like it, right?

By 2014, I expect somebody out there will be jailbreaking their Mac…



Thursday, February 16, 2012

Taking Poika Out on the Town Again Posted by Mikko @ 14:15 GMT

A year ago, we won the AV-Comparatives Product of the Year award. As a result, we blogged about "Taking Poika Out on the Town" where the award found itself in various places around Helsinki.

Well, today we received our trophy for AV-TEST Best Protection Award for our Client Security.

And it's time to go out on the city again.

AV-TEST Poika outside the Helsinki Cathedral

Poika by our HQ

Poika in the snow

Valtioneuvoston Linna
Poika by Valtioneuvoston Linna

Poika by the sea

"Poika" is a Finnish hockey term for the champion's trophy. This video will explain this in detail.


Wednesday, February 15, 2012

Avi Rubin: All Your Devices Can Be Hacked Posted by Sean @ 18:18 GMT

Avi Rubin, a Computer Science professor at Johns Hopkins University, recently gave an informative (and quite fun) presentation at TEDxMidAtlantic. Rubin's talk summarized the results of efforts to hack various devices.

Have you every wondered if you could wirelessly brake a car?

TEDxTalks: YouTube


Monday, February 13, 2012

Cryptome Hacked Posted by Mikko @ 13:58 GMT is a website that has focused on publishing information about freedom of speech, cryptography, spying, and surveillance. In many ways, Cryptome is similar to WikiLeaks — except it has been operating since 1996. The site is run by a New York based architect called John Young.


Cryptome has just announced it has been hacked. The hack planted an attack script on every page of Cryptome. This script used the infamous Blackhole toolkit to gain access to vulnerable computers that visited

The attacker is not known. Neither is the mechanism that was used to breach Cryptome.

Updated to add: The post has been modified. The attack script specifically avoids targeting IP addresses from Google, to prevent Google Search from blacklisting the site. Originally this post speculated that the script worked the other way around, and that the attack was targeting Google. It wasn't. Sorry for the confusion.


Thursday, February 9, 2012

Laptop Stickers 2012: Last Call Posted by Sean @ 17:55 GMT

There's only one day left to vote in our laptop sticker poll.

Here's a screenshot of the front runners:

Laptop Stickers Poll, 2012

Given the popularity of Mikko's recent post, we thought "Seems legit" would be at the top…

Almost ironic: Certificates for sale. Trust me.


Wednesday, February 8, 2012

Video: DarkMarket Posted by Sean @ 13:50 GMT

Author Misha Glenny was interviewed by broadcast journalist Charlie Rose recently. The majority of discussion was based on Misha's current book, DarkMarket: Cyberthieves, Cybercops and You.

The interview is 20 minutes long, a provides an excellent summary of the threats currently facing the Internet.

Misha Glenny, DarkMarket
Click to watch


Monday, February 6, 2012

How to Explain Man-in-the-Browser Attacks Posted by Mikko @ 14:11 GMT

With a 2-minute video, BBC News program "Click" does a very decent job explaining to the laymen how banking trojans such as ZeuS attempt to avoid detection by antivirus software:

zeus animation
Click to watch


Friday, February 3, 2012

Anonymous Leaks FBI Conference Call Posted by Sean @ 11:33 GMT

Breaking: a faction of Anonymous has released an MP3 recording of an FBI conference call which took place on January 17th.

During the call, which is currently posted on YouTube, members of the USA's FBI can be heard discussing several Anonymous and LulzSec related cases with investigators from the UK.

Anon/LulzSec Conference Call

Today's leak helps explain just how "Anonymous Sabu" (leader of the LulzSec group) appeared to have insider information regarding the postponement of Jake Davis a.k.a. Topiary's (LulzSec member) trial on January 27th.

Sabu appeared to have some sort of insider information.


And in fact, he did… Topiary's trial date and its delay was discussed during the conference call.

Anonymous has promised additional FBI related releases today. Those could also be quite interesting as it appears that an active member of the FBI's e-mail has somehow been compromised…

Stay tuned.


Thursday, February 2, 2012

Laptop Stickers 2012: Vote! Posted by Sean @ 16:37 GMT

Several weeks ago, we asked members of our community forums, and our blog readers to submit ideas for a new set of F-Secure Labs Laptop Stickers. Well, we finally find some time to pick the finalists.

You can see them, and vote for 10 of your favorites, on

Laptop Stickers Poll, 2012

The poll will be open for at least another week, so please feel free to share, tweet, et cetera.

And then of course we'll figure out some kind of way for folks to win a copy of the final set.