Cyber Security Sauna
Technology Podcasts >
014| Reinventing the Cold Boot Attack: Modern Laptop Version
Should your laptop ever get stolen and fall into the wrong hands, you would probably be comfortable in the knowledge that the data on it is protected by full disk encryption. But what if a malicious adversary could get around that encryption and access the data anyway? F-Secure's Olle Segerdahl and Pasi Saarinen have discovered a flaw that allows attackers to do just that, and it affects almost all modern corporate laptops - probably yours too. Olle and Pasi join us today to talk about...
013| Passwords: A Hacker's Take on Cracking & Protecting Your Creds
Passwords. You plug them into your accounts and the services you use at work, you try little tricks to make them more unique, but have you ever wondered what a hacker thinks of your passwords? For episode 13, ethical hacker Jan Wikholm joins us to talk about passwords – how he cracks them in his job at F-Secure, the tricks hackers know you're using, and what you should do to keep your credentials safe. Jan also fills us in on hashing, how he does brute forcing, how companies should protect...
012| Adventures in Red Teaming
How can companies know if their security investments are actually working? Getting attacked is the ultimate test, but hiring a red team is a less disruptive way to find out. These guys rely on technical chops, acting skills and pure creativity to engage in an all-out attack on a company’s defenses. Joining us this episode is Tom Van de Wiele, Principal Security Consultant at F-Secure, to talk about how red teaming can help companies improve their security posture, his tricks for hustling...
011| The Rise of AI and Deliberate Deception
Disinformation. Fake news. Social media manipulation. Lately another dark side of the internet has come into focus - its use as a tool for deception. Technologies like machine learning and artificial intelligence are being employed to play hoaxes and mislead on purpose. Seeing is no longer believing - and moving forward, it's only going to get harder to distinguish facts from falsehoods. Andy Patel from F-Secure's Artificial Intelligence Center of Excellence has been studying this...
010| Ransomware Out, Cryptojacking In? Latest Cybercrime Trends
Over the past few years, ransomware stole headlines as the biggest malware threat to worry about. Consumers and businesses alike were being hit and forced to shell out money to retrieve their files. But the cybers never stand still, and neither does malware. Nowadays ransomware is being eclipsed by new trends. F-Secure Labs researchers Paivi Tynninen and Jarkko Turkulainen join us to explain why ransomware is on the decline, and what’s taking its place. Listen for the story on cryptojacking...
009| Top OpSec Tips for Vacation Travel
The summer holiday season is upon us, and people are looking forward to trading their daily workplace grind for a new adventure. Traveling is always exciting, but it takes you out of your comfort zone, and that gives thieves and criminals opportunities to exploit you. F-Secure principal security consultant Tom Van de Wiele is back to tell us how we can keep our devices and data safe while enjoying a fabulous vacation. Are the kids safe from strangers when playing Minecraft on the hotel WiFi?...
008| GDPR is Live. What Now?
After months and months of anticipation, the May 25 deadline has passed and the GDPR is finally in effect. Companies around the world are being held to strict new standards for protecting the data of EU citizens. So what now? How well-prepared are most companies, and what about organizations who still aren't compliant? We're joined by F-Secure's Erik Andersen, who's spent the past few years helping organizations prepare for GDPR, and Hannes Saarinen, Privacy Officer at F-Secure, to get the...
007| Popping Hotel Locks: The Hard Truth About Hacking
When people look for logos or symbols that emanate security, they often choose a lock. Sure, we know locks can be picked. But what would the world look like if attackers could just walk in without breaking their stride? After years of research, two F-Secure researchers have discovered that by exploiting design flaws in an electronic hotel lock system used in tens of thousands of hotels worldwide, they could create a master key to open any room in the building. In this episode, F-Secure’s...
006| Spring Cleaning for Opsec
Operational security is about turning the tables, looking at things from an attacker's point of view, and identifying how your own actions are making you vulnerable. Listen as Erka Koivunen, CISO of F-Secure, gets us up to speed on opsec: selecting your appropriate threat model, why you should never trust the office network, and tips for "spring cleaning" your opsec (potato chips and nail polish are recommended tools). And don't miss his favorite story of an epic corporate opsec...
005| Demystifying Hardware Security, with Andrea Barisani
With the disclosure of Meltdown and Spectre early this year, hardware security has come into focus. What are the special challenges of securing hardware versus software? What about securing high-risk industries like aviation and automotive? In this fascinating episode, Andrea Barisani, head of hardware security at F-Secure, shares why we should be thankful for Meltdown, why security problems do not equal safety problems, the one piece of advice he would give hardware manufacturers, and much...
004| Security, Privacy and the IoT, with Steve Lord
The Internet of Things promises futuristic smart homes, energy savings and efficiencies, and improvements to health and well-being. But the IoT still has a long way to go before we can safely enjoy these benefits - currently, it threatens our security and privacy. Steve Lord, a 20-year industry veteran and director at Mandalorian, joins the show to talk about the IoT, from smart cars and TVs to Amazon Alexa and Apple Health. You'll learn why companies love your data, the biggest...
003| Data Breaches: Bridging the Gap
Data breaches. They're every organization's worst fear. Why are companies so ill-prepared, and what are companies missing in their approach to data breaches? Host Janne Kauhanen is joined by Marko Buuri, Principal Risk Management Consultant at F-Secure, and Tuomo Makkonen, Principal Security Consultant, to give you the lowdown on breaches and what you need to know. Links: Episode 3 blog post
002| Breaking Into Infosec: Advice from an Ethical Hacker
Between zero day news flashes and stunt hacking reports, there are a lot of false conceptions about what it's like to be an infosec professional. So what should you focus on to get into the world of infosec testing or to become a security consultant? What background do you need? How valuable are conferences and certifications? These are just a few of the questions our guest Tom Van de Wiele answers to help you on your way in this rewarding field. Tom is a principal security consultant at...
001| Antivirus in the Hot Seat, with Mikko Hypponen
The recent allegations against Russian antivirus vendor Kaspersky have prompted wider questions about antivirus in general - how it operates and what sort of data it collects from customer machines. In the first episode of Cyber Security Sauna, F-Secure's chief research officer Mikko Hypponen joins host Janne Kauhanen to answer these questions. You'll also hear his thoughts on Kaspersky and why it's important to trust your vendor. Links: Episode 1 blog post Episode 1 transcript FAQ:...