Before you start Christmas Shopping Online

My name is David Perry and my entire adult life has been taken up advising people about computer security. At first I did this as a tech support agent for Norton Antivirus, then for McAfee, and so on. For the last fifteen years I have worked as what is called a ‘technical evangelist’ but the work has all been education. I have a confession to make.
We have inadvertently wronged you, the computing public. We have focused on the most dramatic stories, the ones that are the most likely to get press. For a long time, most of us believed that the big big stories are the ones that you most needed to know. Now I have something to admit to you, something that I have suspected for a long time, something that I have checked with many of my peers (and even my betters) in the malware research communities.
You are more likely to fall victim to an individual hacker than you are to fall to some big hack (like the recent Target and Home Depot breaches) or even than you are to lose your identity to malware. Don’t get me wrong, those things are real and they represent a very real threat to you and your computer security.
But you are much much more likely to be pwned, (as they say–it means taken over and worked for some reason) by an amateur than a pro. This is especially true if you are using a smart phone or a tablet for your online shopping.
I can hear you preparing to protest, “But I use an iPhone and it’s not even jailbroken–there are virtually no hacks on that system.” This is generally correct (although not quite as absolute as all that) but, you see, we have wronged you. You are looking in absolutely the wrong place.
The reason that mobile devices have so little malware is twofold. The first reason is that mobile devices exist in a diversity of operating systems. (In the world of laptops and desktops, Microsoft Windows still controls more than 90% of all devices) Certainly there is a commanding lead with Android, but Android itself is diverse and not at all the same thing between a Nook and a Nexus. The second reason is that mobile devices tend to be run inside what is called a WALLED GARDEN. It is very hard to get Apple to put your App in the App Store and even if you do, they can remove it instantly from every device in the world if it is found to be harmful. Android apps in the play store are somewhat less scrutinized, and, just as you expect, this leads to the majority of mobile malware to be found on that platform.
So, very little malware when compared with the world of computers. Again, don’t get me wrong, we see more new malware for mobiles every day, and it is growing in ways unique to the mobile device. But that’s not the big problem, not the problem I wish to discuss with you today.
To get to the point, the problem with mobiles is not in the mobiles themselves. It is in the wide number of public WiFi connections. Most mobile devices will default to a free WiFi connection if one is available. If you did not use a password to connect to a WiFi (in the Starbucks, or airport, or McDonald’s or WHEREVER) then that connection is insecure. This makes it likely that one of three hacks can be worked on your session.
Sniffing attacks mean that a third party can ‘listen in’ to both sides of any connection you make with the local connection. Even if you are connecting to your secure bank via a password, it can be eavesdropped if you are running public WiFi. The tools to accomplish this are free on the internet and pretty much dead easy to use. A child could do it, and many do.
Evil Twin attacks are where somebody sets themselves up as the local connection and you are connecting to the local connection THROUGH THEM, and they can listen in on everything that happens. This can even work in a hotel where you need a password. They can just name their computer McDonald’s and your computer will never know the difference.
Also, any local connection to the internet that is open and clear can be easily pwned itself. This takes a little more skill but it is very common, all three of these hacks are so common that you should just count on them to be happening where you connect. It’s that bad.

Experts agree that you are best served in this situation by running a Virtual Private Network, or VPN. My company makes just such a solution (my company is F-secure and the product is called FREEDOME) and I would like to do you a favor.

Picture1 (1)
Install a seven day trial of FREEDOME and then go to the subscription menu and enter the following license key: xxcj58. (the period is not part of the license key) That will give you three months of FREEDOME on us, enough to get you through the cyber-shopping season. Should you decide that you like FREEDOME, it is available for very reasonable rates. It is available for Android, iOS and very soon for Windows. You can find it in the App Store, in the Google Play Store and you can get more information here.
By the way, FREEDOME is more than a mere vpn, it also blocks malicious websites and pre-scans downloads for malware. It blocks all tracking attempts, can be ‘relocated’ to many places in the world and has all kinds of hidden talents. My main job these days is to tell you about FREEDOME and I will answer any and all questions you might have about it right here in the blog or in any other way you like. But I am not the tech support department.
Don’t get hacked, and have a Merry Christmas. A Happy New Year to one and all. If you are celebrating anything else, my best to you as well. Let’s start with Thanksgiving!


David Perry

Huntington Beach, California November 24, 2014

3 thoughts on “Before you start Christmas Shopping Online

  1. Regarding your new comment on DHBUM #1, this is the wordpress account you used, so a reply here… or on the blog. As an aside, the DHBIM you liked, with the John Hartford and Tom Waits, you didn’t click the ‘like’ button; but in the main, it was that you asked for more BDB, and it is on the second one, DHBIM #2, which you haven’t heard yet.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s