Tuesday 2 July 2013

F-Secure president and chief executive Christian Fredrikson

Finnish firm F-Secure is regularly seen in the headlines, with its security experts Mikko Hypponen and Sean Sullivan providing us with insights into the ever-changing threats facing us. However behind these expert commentators, F-Secure chief executive Christian Fredrikson has been subtly making moves to change the direction of the firm and the security industry as a whole. He has done this using his experience in the telecoms industry to ink deals with numerous big name network carriers like BT, TalkTalk, Orange, AT&T and Telefonica and grow the company's cloud portfolio since taking the reins in 2012.
Eager to get the inside story on Fredrikson, we put him in the V3 Hot Seat. Fredrikson's Hot Seat follows those of Hitachi Data Systems's vice president and general manager in the UK and Ireland, Stephen Ball and EMC vice president for UK and Ireland James Petter, as part of V3's weekly insight into the professional and personal preferences of the biggest names in the IT industry.
V3: What's your favourite part of your current job?

Fredrikson: Letting the world know that we are coming with new great products, such as Personal Cloud, where we are better than what is on the market with current legacy players. We are also known for our best protection, but we have moved to the cloud and offer the safest place for consumers to store, share and access their most precious digital content from anywhere and with any device.

What would be your dream job?

My current job is my dream job for sure. Otherwise it could have been great to be a professional sportsman.

Which mobile phone and tablet do you currently use?

I use a Nokia mobile phone and an iPad.

Which person do you most admire in the IT industry?

There is not one person who is outstanding for me, maybe it is the Finnish heritage - where we believe that leaders typically are not as bad or as great as people think. I have had the great fortune of having a few excellent leaders work as my manager during my career and I have learned a lot first hand from them. In general I am impressed by leaders with great values, for showing courage to stand up for what they believe in, having accomplished impressive results against odds and stayed humble as people despite their success.

Which technology has had the biggest impact on your working life?

Mobile networks, the internet and mobile gadgets have brought me unseen freedom in digital life and I have worked with these global trends all my career.

What was your first job?

My first part-time job was during my university years, when I worked as a youth leader. My first full-time job was as an IT software engineer in a Finnish company.

What's your favourite thing about working in the IT industry?

It's a fast moving industry, which makes you challenge yourself every day. Also meeting talented people in this industry all the time is great.

What will be the next big innovation of the coming years?

Cloud expansion is still going to breed new innovations over the coming years. Also consumerisation will change the way IT will be adopted and developed, for example Bring Your Own Device and Bring Your Own App. Overall digital technology will continue to change our society in many fundamental ways.

What do you enjoy doing when you finish work?

I like spending time with my family and doing sports.

What keeps you awake at night?

I usually sleep very well. If anything, it would be some big decision that I keep analysing in my head, things like new strategic options or innovative ideas that have come up during the day.

What was the last book you read and was it any good?

I just finished reading two books in parallel. One was Markets and Democracy, from a Finnish writer. The other was a history novel: Emperor, Julius Caesar.

Who is your favourite band or musician?

Being a bit obvious here but I would go for my daughter. Otherwise I listen to all kinds of music - mixing it for variation, English pop, Finnish pop - or something new that my children are listening to.

Where's your favourite holiday destination?

My favorite and most peaceful destination is our summer cottage on an island close to Helsinki in the south of Finland.

Ereaders or real books?

I prefer to use ereaders.

Twitter, Facebook or Google+?

I use Twitter: follow me at: @CFredrikson.

The Beatles or the Rolling Stones?

I prefer The Rolling Stones

Favourite film?

Gladiator for action and the Finnish comedy series of Turhapuro movies for laughs.

Windows or Mac OS?

I'm multi-OS.

What's holding back women from entering the IT profession?

Nothing should hold them back, that is for sure. I believe that so far there have been more males going for engineering careers and studies, which is seen in the industry. We have many women at F-Secure, also at our Labs and R&D. Diversity is important to drive innovation and thus, we want to have women in all functions.

How can we get more school children interested in IT careers?

Getting IT tools and all kinds of new cool IT and mobile gadgets early into classes and telling stories about working in this industry. There is nothing scary about a career in IT and we see a lot of interest, but we should do a better job still to tell our great individual success stories for new students. We offer internships and collaborate with universities, it is essential for us to find new talent.

Did you always grow up wanting to work in IT?

Not really, in university I got interested in it and my first full-time job took me in that direction. After that I never looked back or wanted to work in any other industry than IT/Telecoms.

What websites do you have bookmarked at work?

F-Secure World Map or Radar (it is done by our company Labs), with all the latest threats shown live on the screen. Finnish and English/American newspapers. Twitter.

Android hack tool siphons Windows PC data


Google Android
Criminals have developed an Android hack tool capable of siphoning vast amounts of data from compromised Windows PCs, according to Finnish security firm F-Secure.
F-Secure said the USBCleaver attack tool can steal numerous types of data from Windows PCs, including browser passwords stored on Firefox, Chrome and Internet Explorer and the PC's WiFi password and network information. F-Secure analyst Sean Sullivan confirmed to V3 while dangerous, the tool requires physical access to a machine to work, diminishing its threat to businesses.

"The key thing is access. The hack tool needs to connect to the Windows PC, typically via a USB cable. Physical security is critical. Business travellers should always shut down (not suspend) their computers and lock them up in the hotel's safe in order to avoid ‘evil maid' attacks. An attacker carrying a laptop and gear around a hotel might look suspicious. But somebody with a phone? Not at all," he said.
Sullivan added that such tools have been commonly carried and distributed via USB sticks in the past. "For a long time now there have been Linux boot hack-tool kits for netbooks and the like. USB Cleaver is an Android tool for hacking Windows computers. It effectively reduces the size and amount of the hardware that needs to be carried around," he said.
F-Secure reported there are already numerous other ways outside of physical measures able to protect users from the Android hack tool.
"Fortunately, USBCleaver's Windows-infecting routine can be blocked by a simple measure that's been standard security advice for the last couple of years: disabling the Autorun by default (this is already standard on Windows 7 machines). An additional mitigating factor is that most older Windows systems need to have mobile drivers manually installed in order for this attack to work," F-Secure noted.
The attack tool is one of many mobile threats being uncovered on Android. Generally the threats are Trojan applications sold on third-party marketplaces or phishing scams containing malware designed for Android, though numerous security vendors have reported detecting more advanced attacks targeting the platform. Most recently, McAfee reported finding advanced mobile malware able to infect Android smartphones and tablets via Bluetooth.

Cisco warns of denial of service and command injection flaws in security appliances

A Cisco logo
Cisco is advising administrators to patch their security appliances following the disclosure of vulnerabilities in the company's Web Security and Email Security Appliance systems.
The company said that the issues included both command injection and denial of service flaws for both of the security systems.
For the Web Security Appliance, the fix will bring patches for two authenticated command injection vulnerabilities. If exploited, the flaws could allow a user to remotely take control of a targeted appliance and execute arbitrary code. In order to do so, however, Cisco noted that the user would need to have a valid account on the network, thus decreasing the likelihood of a remote attack.
The remaining flaw, however, could potentially be exploited by a remote attacker to produce a denial of service attack. By exploiting a flaw in the handling of HTTP and HTTPS messages, the attacker could prevent users and administrators from accessing the targeted appliance.
Meanwhile, the update in the Email Security Appliance will include two fixes for denial of service errors and one for an authenticated command injection flaw. Like the Web Security Appliance update, the command injection flaw requires a valid account, while the denial of service flaws can be remotely targeted to take the security appliance offline.
Cisco is also issuing updates to address code injection and denial of service flaws in its Content Security Management Appliance and a denial of service issue in the ASA Next-Generation Firewall platform.
The company is advising that users of the impacted Cisco appliances apply the fixes or contact their maintenance providers to check their systems and install the updates if needed.

PRISM: NSA accused of hacking EU computers and bugging buildings

de-montfort-university-deloitte
The US intelligence service may have placed bugs in European Union (EU) buildings as part of its PRISM spying program, it has emerged from documents released by whistle-blower Edward Snowden.
Documents seen by the German newspaper Spiegel suggest that not only were bugs installed in the EU's offices in Washington, but also that the building's computer network was infiltrated. Through this, surveillance teams had the capability to listen to discussions in several offices belonging to the EU, as well as being able to access emails and documents on computers.
The newspaper also alleges that offices in New York and Brussels also came under the watch of US surveillance teams, with EU security officials apparently noticing suspicious telephone calls targeting a remote maintenance system of a building in Brussels, where the EU Council of Ministers and the European Council are based. The calls are said to have been traced back to a NATO headquarters in Brussels, from a building used by NSA employees.
On Sunday, Spiegel also revealed that the NSA typically taps half a billion phone calls, emails and text messages per year in Germany alone. The paper also indicated that surveillance in the country was stronger than in any other EU country.
Last week, shadow home secretary David Davis told the House of Commons that UK laws to protect citizens from surveillance were ‘completely useless'. Founder of the web Tim Berners-Lee also weighed in last week, urging further advances in web freedom.
This follows allegations that security organisations such as the NSA and GCHQ were monitoring personal emails of people across the world, and accessing data from companies such as Facebook, Microsoft and Google.
The former NSA contractor Edward Snowden's location is still unknown after he failed to take a flight to Ecuador he had been booked onto last week. The US government has issued a warrant for his arrest, with WikiLeaks founder Julian Assange expressing his allegiance to Snowden.

European officials slam US over bugging report

Officials expressed concern Sunday at reports that U.S. intelligence agents bugged EU offices on both sides of the Atlantic, with some leftist lawmakers calling for concrete sanctions against Washington.
The president of the European Parliament, Martin Schulz, said he was "deeply worried and shocked about the allegations of U.S. authorities spying on EU offices" made in a report published Sunday by German news weekly Der Spiegel.
The magazine said the surveillance was carried out by the U.S. National Security Agency, which has recently been the subject of leaks claiming it scanned vast amounts of foreign Internet traffic. The U.S. government has defended its efforts to intercept electronic communications overseas by arguing that this has helped prevent terror attacks at home and abroad.
Schulz said that if the allegations that the NSA bugged European Union offices were confirmed "it would be an extremely serious matter which will have a severe impact on EU-US relations."
Green Party leaders in the European Parliament, Rebecca Harms and Daniel Cohn-Bendit, called for an immediate investigation into the claims and suggested that recently launched negotiations on a trans-Atlantic trade treaty should be put on hold.
They also called for existing U.S.-EU agreements on the exchange of bank transfer and passenger record information to be canceled. Both programs have been labeled as unwarranted infringements of citizens' privacy by left-wing and libertarian lawmakers in Europe.
In Germany, where criticism of the NSA's surveillance programs has been particularly vocal, a senior government official accused the United States on Sunday of using Cold War methods against its allies by targeting EU offices in Washington, New York and Brussels.
"If the media reports are accurate, then this recalls the methods used by enemies during the Cold War," German Justice Minister Sabine Leutheusser-Schnarrenberger. "It is beyond comprehension that our friends in the United States see Europeans as enemies."
Leutheusser-Schnarrenberger called for an "immediate and comprehensive" response from the U.S. government to the claims in the Spiegel report, which cited classified U.S. documents taken by former NSA contractor Edward Snowden that the magazine said it had partly seen.
Spokespeople for the NSA and the office for the national intelligence director in Washington did not immediately respond to requests for comment Sunday.
According to Der Spiegel, the NSA planted bugs in the EU's diplomatic offices in Washington and infiltrated the building's computer network. Similar measures were taken at the EU's mission to the United Nations in New York, the magazine said.
Der Spiegel didn't publish the alleged NSA documents it cited nor say how it obtained access to them. But one of the report's authors is Laura Poitras, an award-winning documentary filmmaker who interviewed Snowden while he was holed up in Hong Kong.
The magazine also didn't specify how it learned of the NSA's alleged eavesdropping efforts at a key EU office in Brussels. There, the NSA used secure facilities at NATO headquarters nearby to dial into telephone maintenance systems that would have allowed it to intercept senior EU officials' calls and Internet traffic, the Spiegel report said.
Also Sunday, German federal prosecutors said they were examining whether the reported U.S. electronic surveillance programs broke German laws. In a statement, the Federal Prosecutors' Office said it was probing the claims so as to "achieve a reliable factual basis" before considering whether a formal investigation was warranted.
It said private citizens were likely to file criminal complaints on the matter, but didn't comment on the possible legal merits of such complaints.
Der Spiegel reported that at least one such complaint was lodged with prosecutors in the state of Hesse last week.

US to fast-track cyber weapon development

The US plans to fast-track the development of cyber weapons to give it the ability to create the means to attack specific targets within months and even days.
The rapid development process is designed to respond to "urgent, mission critical" needs when the risk to operations and personnel is unacceptable, said the Washington Post, citing Pentagon a report.
This will be financed through operational funds and take advantage of existing or nearly completed hardware and software developed by industry and government laboratories.
Planning and testing phases have been streamlined for the rapid development of single-use or limited-deployment cyber weapons to be used in offensive cyber operations or to protect individual computer systems against specific threats.
The report to Congress describes a new level of department-wide oversight with the establishment of a Cyber Investment Management Board, chaired by senior Pentagon officials, the paper said.
The role of the board is to ensure co-ordination between military and intelligence cyber authorities and prevent abuse of the fast-track process because the cost of cyber weapons is often too low to trigger normal oversight processes.
The new framework also establishes a process for deliberate cyber weapons development that is designed for weapons whose use carries greater risks.
These projects will typically take longer than nine months to complete, but this is still faster than the development process for most Pentagon weapons systems that usually take years.
Defence experts said the fast-track process is necessary because of the dynamic nature of the cyber environment, which can render cyber weapons obsolete very quickly.
The report said that the US Cyber Command, which is based at Fort Meade and falls under US Strategic Command, will be in charge of ensuring that development of new weapons and tools is “undertaken only when required” and that “existing capabilities are broadly available.”

Victoria's Secret Angel F**K Tape Facebook

The scammers are spreading adult pictures accompanied by a post which promises a raunchy tape featuring Adriana Limaa Brazilian model and actress who is best known as a Victoria's Secret Angel since 2000.
Users who click on the links, which appear to point to an adult website, are taken to a site that presents them with a fake YouTube window. The video player displayed an error message saying "Sorry, you must be 18+ to view this video.  Click to verify".
Facebook customers are advised to be on the lookout for such posts. In case you’re a victim of the scam, be sure to remove the bogus Adriana Lima messages and all other posts published on your behalf from your Facebook timeline.

Anonymous attack on South Korea presidential site & massive data leak

Personal information from roughly 100,000 people was leaked in a recent hacking attack on the presidential office, a presidential official said Sunday, in the first confirmed data leakage involving the top South Korean office.
The official said the compromised information includes names, birth dates, identification numbers and offline addresses and Internet Protocol addresses, which are the online equivalent of street addresses or phone numbers.
Still, users' passwords and their registration numbers -- the South Korean equivalent of U.S. social security numbers -- were not stolen since they were encrypted, said the official who spoke on the condition of anonymity, citing policy.
The presidential office has offered an apology over the leakage of its users' personal information and said the hacking victims, who account for about half of registered users of its website, can seek compensation.
Unidentified hackers attacked the websites of the presidential office, another government agency and several media organizations on June 25, the anniversary of the outbreak of the 1950-53 Korean War that ended in a cease-fire, not a peace treaty.
Anonymous, a loosely associated hacking group, has claimed responsibility for the attack.
A number of North Korean websites and networks, including the country's main newspaper the Rodong Sinmun, were also offline on June 25 after Anonymous warned of cyber attacks on the communist country.
In February, the Seoul Western District Court ordered SK Communications Co., South Korea's third-largest Internet portal service provider, to pay 200,000 won (US$175) to each of the 2,882 victims for the leak of personal information in a hacking attack in 2011. The total amounted to some 570 million won.