Thanks, lots of great comments! Now I need to run. See you online and remember to be careful out there! -- Mikko

This is Mikko Hypponen. I've been working with computer security since 1991 and I've tracked down various online attacks over the years. I've written about security, privacy and online warfare for magazines like Scientific American and Foreign Policy.

I work as the CRO of F-Secure in Finland. I speak a lot about security and privacy. Here is a playlist featuring dozens of talks and interviews I've given: https://www.youtube.com/playlist?list=PLkMjG1Mo4pKIRUqHj1eUMDqvV5a0o2CoS

If you only want to watch one talk, here's a talk I gave about Hackers and Elections at Websummit: https://www.youtube.com/watch?v=JAChQaySECY

I'm here for Data Privacy Day, which is actually tomorrow -- January 28. It's an international day observed across Europe, USA and Canada. The point, quite obviously, is to raise awareness about controlling our personal data. I believe data is the new oil. And just like oil brought us both prosperity and problems, data will bring us prosperity, and problems.

I'm glad to answer your questions about anything related to privacy, security, old Atari games or anything. AMA!

Mikko (/u/mikkohypponen)

PS. Proof: https://twitter.com/mikko/status/818996504367140864

Comments: 1296 • Responses: 64  • Date: 

dannyler1538 karma

What's the name of your first pet?

asking for a friend.

mikkohypponen2655 karma

hunter2.

69memes666387 karma

Thanks for doing this AMA. I'm kinda interested in the job you are doing. What did you study?

mikkohypponen478 karma

I studied computer science and programming. Everything beyond that I learned by doing. What helped me in getting better with malware analysis was that I did have a strong low-level programming experience (assembly). That I gathered by programming turbo-loaders for the old 8-bit home computers in the 1980s.

Captain_Haeroe125 karma

Do you have good suggestions for general areas to practice/do hobby work in/maybe even work in, if one is interested in getting into infosec?

mikkohypponen520 karma

We're running an online course on computer security. Why not start from there? It's free. http://mooc.fi/courses/2016/cybersecurity/

acpi_listen67 karma

The course started a while back. Can you still finish it with credits if you start now?

mikkohypponen80 karma

Maybe. You can check with Lappis from our staff. You can reach him on Twitter at @thelappis.

GuyAtTheOffiss377 karma

Hi Mikko,

What was the largest scale/most advanced operation you took down?

mikkohypponen1616 karma

I remember spotting a Facebook worm spreading from one user account to another couple of years ago. It was brand new, but spreading very fast and it was clear that it could potentially infect millions of accounts.

When investigating the domain name linked to the attack (fbhole dot com), I got lucky. The domain pointed to an IP address in Czech Republic. I did a reverse search for the IP address and noted that it hosted one other domain name: ironbrain dot net. More importantly, unlike fbhole dot com, which was registered with privacy protection, this domain had contact information in the WHOIS database, complete with a Czech phone number.

So I called the number.

The call went roughly like this:

– Hello?

– Hi. This is Mikko Hypponen from F-Secure Labs.

– What is this about?

– I'm looking for a person related to ironbrain dot net.

– ???

– We're investigating a Facebook worm on fbhole dot com. That domain shares an IP address with ironbrain dot net which is registered under your name.

– And you are?

– I'm from an antivirus company. Are you related to ironbrain dot net?

– I'll have to check… maybe my company is…

– Please do.

– Bye…

[Click]

About 15 seconds later, both fbhole dot com and ironbrain dot net went offline. The attack was over.

insert_attention349 karma

What would be your best advise to a new internet user about security and privacy, and how to protect themselves?

Also, what habits would you suggest a regular internet user to eliminate regardless of the technology they use to access the internet?

mikkohypponen1285 karma

Here’s couple of things everybody should do:

Use a password manager. This will solve tons of other problems for you, as you will automatically have a unique strong password on every site. I prefer password managers that do not store your passwords in the cloud, but keep them locally encrypted on your own devices and just use an encrypted sync to keep them updated on them.

Sign up for data leak notifications on Have I been pwned. This free service will email you right away if your email address is part of some data breach - such as the recent Yahoo breaches (or, say, Ashley Madison). The service is run by Troy Hunt and it’s trustworthy.

Use a good VPN to secure yourself while using wi-fi networks. Without a VPN, it’s trivial for anyone else using the same wi-fi to see big parts of your traffic. Use a VPN on your laptop, on your phone and your tablet. I like VPNs that enhance your privacy by also removing tracking cookies and other potential breaches of privacy. The added benefit of this is that browsing becomes much faster - it’s often faster with a VPN than without!

Lastly, make a backup. Then make a backup of your backup. Backup your laptop, backup your phone, backup your tablet. And back them up so that you can recover your data even if your house burns down. Because sometimes your house really does burn down, and sometimes you are hit by encrypting ransom trojans. Our lives and memories are on our devices and they deserve to be backup up.

SSHeretic312 karma

How dangerous is it, really, for the sitting President of the US to continue to use an unsecured phone?

mikkohypponen543 karma

I can't believe he continues to use his personal, outdated device to do realtime communication with the whole world.

It's easy to see how attackers could misuse the @POTUS account if they got their hands on it.

He really should not do it.

And, he should go to Twitter settings and change his settings on Security & Privacy / Password Reset / Require Personal Information To Reset My Password

Quizzelbuck254 karma

How close are we to stopping the menace hacker known as 4 Chan?

mikkohypponen308 karma

VERY close. Trust me.

vardeminer174 karma

Hi, Mikko. Thanks for the AMA. It's great to have the opportunity to speak with you.

What would be your best advice for someone that wants to work in infosec?

Thanks again!

mikkohypponen623 karma

Hi!

You want to learn as much as possible, but you need to pick your focus area. What do you want to do? Penetration testing? Encryption? Malware analysis? Forensics? Underground intelligence? Counter-espionage?

Pick a niche, as narrow as possible. Then become as good as you can in that narrow niche.

As a good all-around backgrounder, start by reading Bruce Schneier's books. All of them.

Then you need to find mentors and coaches. The easiest way to do this is via online forums dedicated to your focus area.

SANS has some great online resources for people starting up in this area: check them out.

Follow the news. Follow the leaders on Twitter. Read /r/netsec on Reddit. Read Hacker News. Read Krebs.

Don't waste your commute to listening to pop music. Listen to infosec lectures and podcasts.

Check these resources:

https://www.troyhunt.com/careers-in-security-ethical-hacking-and-advice-on-where-to-get-started/

https://github.com/gradiuscypher/infosec_getting_started

https://medium.com/@laparisa/so-you-want-to-work-in-security-bc6c10157d23

http://www.defensivesecurity.org/entering-information-security-industry/

http://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/

http://www.thoughtcrime.org/blog/career-advice/

http://krebsonsecurity.com/category/how-to-break-into-security/

http://opensecuritytraining.info/

Also see our course material at http://mooc.fi/courses/2016/cybersecurity/

I wish I could give more guidance, but it's a fast-moving career. Nothing's constant for very long.

All the best, and thank you for your work.

atearofpetrol165 karma

do you have any advice for tampering with pinball machines?

mikkohypponen430 karma

Sure thing. The motherboard is always in the backbox, behind the glass. The lock is in the inside top part and is easily pickable. Older Williams pinballs are running an 8-bit 6809 CPU, or multiple of them. Which is cool.

PS. Here's my pinball. http://i.imgur.com/EUePByG.jpg

sohotsohottoohot108 karma

What kind of data that hackers typically steal besides the regular financial data (credit card info etc)? Is it like what hollywood often show in the movies how hackers could steal some sensitive information and sell it over the dark web? Thanks!

mikkohypponen160 karma

Not all online criminals try to steal data. Many simply want access; for example, gaining access to the desktop used in a company's financial department can be very valuable, as they would be able to wire money out of the company.

Those criminals that are looking for data are typically looking for financial information (such as credit cards) or credentials. Dumps of user accounts and linked passwords can easily be sold in the underground, as the same credentials will work on many services (because people use the same passwords on multiple sites).

goshgash99 karma

Do you see any way end to end encryption for emails (e. g. PGP) would ever become mainstream?

mikkohypponen144 karma

Apparently this will never happen. We've all been waiting for it for 20 years or more, already.

HalpTheFan98 karma

How do you feel hackers could be portrayed better in the media?

Also in terms of fictionalised representation, are there any hackers in films or TV that looks a bit like hacking?

mikkohypponen291 karma

In Matrix, Trinity uses Nmap to find a vulnerable SSH server, and then proceeds to exploit it using the SSH1 CRC32 vulnerability. This was all very real and doable. Matrix was probably the first mainstream movie to get it right. Or maybe this was in Matrix Reloaded.

DoubleJake96 karma

Mikko - what's the threat of the future?

mikkohypponen329 karma

Ransomware on our smart cars.

ds353453461 karma

Do you think that is a true threat? Surely customers would appeal to their manufacturers for servicing or replacement? Any auto mfr who was both hacked, and refused to support their customers to restore full service, would halve their stock price overnight.

mikkohypponen269 karma

"Please pay now if you want to pick your kids from daycare in time"

llgs92 karma

Is long hair a requirement to become good at infosec?

mikkohypponen192 karma

Never trust a guy with a ponytail.

artTho84 karma

Hi Mikko,

What's your opinion on the UK's Snoopers Charter? An end to privacy?

mikkohypponen277 karma

It's not surprising that law enforcement agencies and intelligence agencies want to gain rights to do their work on the internet. It is 2017 and criminals and extremists really do use the internet for their purposes. However, we must not give away all of our rights just because bad people exist.

What I'm calling for is transparency. We need to know what our governments are doing in our name. We need to know how succesfully such intrusive methods are. And we need to be able to take away those rights from the agencies if they are not effective. Without transparency, we won't be able to tell how effective those tools are.

At the very least, we need statistics. For example: how many citizens were hacked by the government last year; how many of those turned out to be guilty; how many of those turned out to be innocent.

RustingDragon83 karma

Hi Mikko,

I applied for a few summer placements at F-Secure (junior malware analyst, junior web threats analyst and junior cyber security consultant). Regretting putting the stuff about my Python tattoo in the motivation letter, but it's done now. Hopefully the actual relevant work will make up for it.

What does F-Secure look for in potential interns/employees? Been studying hard in case I get an interview, any extra advice would be greatly appreciated - would love to work with a company which openly fights for privacy in this political climate instead of continuing this trend that the need for someone's life to be their own is now grounds for suspicion (not touching GCHQ placements with a bargepole).

AustinTransmog114 karma

Regretting putting the stuff about my Python tattoo in the motivation letter,

I think it might serve the community if you posted a pic of that tattoo. And a copy of that letter. You know...for science.

mikkohypponen274 karma

What we're looking for in potential interns is Python tattoos.

mikkohypponen145 karma

Also, we're looking for the capability to work under pressure, as outbreaks can get hectic. And the usual things about emphasizing teawork, being good in working with others, and not being a dick.

RustingDragon133 karma

Fantastic, here you go: http://i.imgur.com/UzFjQjs.jpg

Hectic sounds good, lots to learn! Thanks for the advice, just need to wait and see what happens.

mikkohypponen59 karma

Hey, nice looking tattoo! All the best.

tacodile__supreme79 karma

Hi Mikko! What is the most comical security incident that you've ever had to deal with?

Also: I'm a junior security consultant and want to know if you can recommend any companies to work for in the UK?

P.S F-Secure 4 lyf, plz send freebies

mikkohypponen240 karma

Most comical security incident? How about White House press secretary tweeting out his Twitter password?

josho8968 karma

Do you have any videos on you attacking hackers? I rather enjoy the comeuppance

mikkohypponen138 karma

When we collect enough evidence on online criminals, we pass them on to local police. Here's a video of the head of the Carberp banking trojan gang getting arrested by Moscow City police. https://www.youtube.com/watch?v=Iryyn_-iUiw

TravisSeldon63 karma

Your views on the US Election & Russia ?

mikkohypponen204 karma

Russia just tried affecting the outcome of the Presidential elections in the biggest superpower on the planet.

I think news stories don't become much bigger than that.

DrapedInVelvet62 karma

What are the biggest barriers to a major country doing online only voting in elections?

mikkohypponen234 karma

The biggest barrier is probably that smart people are telling the decision makers that online voting is a bad idea. Because it is a bad idea.

HobboCx53 karma

hypothetically, What would it take for an intelligent and skilled group of hackers to break into a banking system or debt agency and rid the people of their debt owed?

mikkohypponen88 karma

It would have to be done so it wouldn't get detected. Otherwise the banks would just restore their systems back to the state were they were before the hack. So you couldn't wipe everybody debt. But for wiping individual debts, maybe doing it slowly, over months...I guess it would be doable. Hypothetically.

Strykah49 karma

Hi Mikko, welcome to Reddit.

I like the line

"I believe data is the new oil. And just like oil brought us both prosperity and problems, data will bring us prosperity, and problems."

Unfortunately in Australia, our Government recently enacted a metadata law that can soon allow access to citizens' metadata without a warrant. This was rushed into Parliament though, to satisfy copyright holders to combat piracy, reason I say this though is because we are known to be the top pirating country only because accessing shows legally are a nightmare.

Sorry for going off tangent there but have some questions;

  • 1) What measures should we take to be safe whilst using our constantly internet connected mobile phones?. Where NFC, Wifi are exploitable features.
  • 2) Do you have a recommendation for VPNs?. I've used PIA for a while now and find that it's good.
  • 3) In the tv show Mr Robot the characters deal with hacking, is it a true representation of what the hacking world is?
  • 4) As Donald Trump uses Twitter alot, do you think he will be hacked?
  • 5) I'm somewhat interested in cyber security as a career as I can see it being in demand. What would I need as a pre-requites before studying?. Is the maths level quite high?, as my maths isn't the best.

mikkohypponen299 karma

Lol, "welcome to Reddit". Please! I just had my 7-year cake day.

mikkohypponen109 karma

  1. Smartphone are not really a security nightmare, but they are privacy nightmare. Check your settings and grant minimum rights to apps.

  2. I would of course recommend our own VPN: Freedome

  3. I've heard of the Mr. Robot show but I haven't watched it.

  4. Secret Service is supposed to protect Mr. Trump, but this might be a hard one.

  5. Check my reply earlier in this thread.

nicolasap41 karma

European Union and data protection: what is your favourite regulation, what was a missed opportunity, and what is Europe doing wrong right now?

mikkohypponen133 karma

My favorite regulation is coming up with GPDR 2018. We are finally making it mandatory in EU for companies to report when they lose your data. This has been the norm in USA for years and years. But right now, is most European countries, when a company gets hacked and your credit card number is stolen, they don't have to tell you. Which is ridicilous and it's good to see this change.

An example of regulation that had good intentions but doesn't really work is the cookie law. Every god damn site shows this boilerplate about how they use cookies when you enter, and users click it away. I don't think it really increased awareness of privacy, or anything else. We all just click OK to make the box go away.

ankontini38 karma

1) There are so many security and privacy problems nowadays with hacks being on the news constantly. Are people losing trust in computers and internet services? How can we restore this trust?

2) If Microsoft wanted to spy on us, could they do it? And would we ever know?

4) None of my friends wants to use Signal. Do I change messenger or ... friends?

5) Do you like Mr Robot? 6) If you could sit on a bench for one hour and talk to anyone (from the present or the past), who would it be?

mikkohypponen103 karma

  1. RESTORE the trust? Why would we want to restore trust? People already trust too much on the net, clicking on every link, opening every attachment etc.

  2. Microsoft could definitely spy on us on our Windows computers without getting detected. But not on our phones.

  3. Whatsapp is fine for chatting with friends. Use Signal for stuff where security really matters.

  4. Mr. who?

  5. Tony Stark.

Twister-SF37 karma

Hey Mikko!

Do think that a show like Mr. Robot has a positive or negative impact on how the general public views cyber/information security and hacking? Why or why not?

Thanks for doing this AMA!

mikkohypponen60 karma

I can't really say. I haven't seen Mr. Robot. But I do know there's something called "F-Society" in it. Which sounds cool.

Malfanese20 karma

Its on amazon video if you have prime!

mikkohypponen137 karma

I have prime but I don't have time.

collectionofletters32 karma

How can I determine how easily doxxed I can be based on my public online presence on social media, etc.?

mikkohypponen68 karma

Hmm. Ask a friend to try to collect as much as info on you as they can from online sources, then draw your conclusions?

charlyblack30 karma

what smartphone setup/device would you reccomend as most privacy-preserving against tracking for commercial purposes and data harvesting?

mikkohypponen82 karma

All smartphones track us, one way or another. If you want to avoid that, use a dumb phone.

If you're looking for a security-centric smartphone, look at products like Blackphone, Bittium Tough Mobile or DTEK50.

SK-Canada29 karma

A little off-topic - if I moved to Finland from Canada, how easy would it be to live there knowing no Finnish in the beginning?

mikkohypponen56 karma

Everybody in Finland speaks English. At F-Secure HQ, we have employees from around 30 countries. Pretty much none of them speak Finnish.

m4rzito29 karma

Could you tell me the top 10 people I should follow for example on Twitter if I want to be up2date about security stuff?

mikkohypponen104 karma

You only really have to follow @SwiftOnSecurity to do that.

bit_of_hope28 karma

Did you get the new pinball balls yet?

I recently found out FSF had this guide for securing email with GPG. How do you like it? I think inconvenience and difficulty are some of the biggest hurdles in promoting secure and privacy-friendly habits to the general population, and easy and simple instructions like that being more common would help immensely. Would you agree?

Atari or Commodore? Choose your weapon!

mikkohypponen35 karma

I really should get some bling chrome mirror balls for my Ghostbusters Premium. Haven't had time to order them.

FSF has done good work with the guide. But PGP is still a nightmare to use. Unfortunately.

My weapon? Commodore. Forever.

MisViolence26 karma

What seems to be hackers greatest weaknes, we all know they are pretty smart but what is that something that gets them off track?

mikkohypponen53 karma

Companies only need to make one mistake to get hacked...but this works the other way too. Criminals only need to make one mistake to get caught. That mistake could be something simple like forgetting to hide their IP address with a VPN when connecting to a service, or leaking information via WHOIS entries of their domains. Simple stuff.

rickmuscles26 karma

Do you think Russians were capable of hacking the election? If so, how do you suspect they did it?

mikkohypponen101 karma

They were capable of hacking political targets and leaking the information they stole in order to shape opinions. They did not hack actual election systems.

-S7evin-25 karma

Do you think AI will be foundamental for the cyber security? If yes, how?

mikkohypponen128 karma

Vulnerabilities are basically just bugs in the programs. And we will always have bugs because programs are being written by human beings, and they make mistakes. So to fix this, we have to get rid of the programmers.

Years ago, I wrote a program that would write programs. It wrote terrible programs, but still. But if we would but a lot of effort into improving this program-that-programs, eventually it could become as good as a human programmer.

And that’s the last day that any programmer on the planet has to write anything ever again. The program would write a better version of itself, which would in turn write a better version of itself.

An advanced AI writing better versions of itself is scary, but it would provide a giant leap towards the creation of more secure software. And a breakthrough like that could finally create programs free of vulnerabilities. Or at least vulnerabilities that we humans would be able to exploit.

Also, I believe introducing an entity with superior intelligence into your own biosphere is a basic evolutionary mistake. But we seem to be set on doing just that.

WarrantyVoider24 karma

how common are badusb attacks? (http://phisonresearch.freeforums.net lil research by me)

mikkohypponen29 karma

BadUSB is one of those attack categories where the potential risk is huge but practical risk is low. So, we're not seeing these attacks happen in the real world. But they could, and then it would be really bad.

sampul123 karma

Mikko, I'm disappointed, where's the ö?

mikkohypponen32 karma

You mean the umlauts, aka the Rock'n'roll dots? I only use them in my last name domestically and drop them in international use. Makes things much easier for me.

here-to-up-vote-you22 karma

Hello Sir; thank you for taking the time to answer this iAmA. I was wondering how do you feel about Ruslan Stoyanov arrest, and why do you think it happened?

mikkohypponen36 karma

I do not know Ruslan. I believe I have exchanged one or two emails with him years ago.

Since the Russian authorities arrested him for treason, they probably believe that his actions were going to hurt Russian goverment some way.

But I don't really know.

ds353453420 karma

Who is @swiftonsecurity? Is s/he like Banksy, but with cybersarcasm in place of paint?

mikkohypponen59 karma

Actually, @Swiftonsecurity is Banksy.

ds353453419 karma

Hi Mikko. How do you manage to balance your public and commercial roles with staying technical?

mikkohypponen48 karma

It's hard. I'm losing my technical skills. I still try to get my hands dirty every now and then, but the research work with todays advanced attacks is getting very hard. I miss the old days or reversing viruses through the night...

C2D217 karma

For forensics there are some distributions that have a nicely packaged toolkit. Do you use these distros or do you tend to build your own toolkit? What is in your toolkit?

mikkohypponen19 karma

We have forensics experts at F-Secure, I don't directly work with digital forensics myself.

OtheDreamer16 karma

What are the modern limitations to the direct physical impact a hack can have on a countries infrastructure?

mikkohypponen26 karma

Our societies run on computers & software. Almost anything can be affected by hacking. Most obviously, electricity distribution can be disturbed. And when the power is cut, nothing works. We would cope for a day or a few, but then what? No food. No communication. It could get pretty bad.

lukedearden10 karma

Hey!

What's your computer device history. What system did you get first etc?

Do you still get chance to play games?

Cheers

mikkohypponen25 karma

Ah, nice question.

I got a Commodore 64 in 1984 (receipt: http://imgur.com/ByqjYiG)

I bought a Morse 386DX 25MHz in 1989.

I bought some Pentium system maybe in 1993.

After that I have not bought home computers. I have my work laptops and my private tablets and that's it.

I mostly play retro arcade games and modern pinballs. I did buy an Xbox to play Trials HD. And I will buy a PS4 to play Nex Machina.

Eternal_Rewind10 karma

Hello /u/mikkohypponen,

How do you see IOT in 5 years? Is it the next blackmarket target ? I don't see B2B market going ham on this, meaning this should be less relevant for hackers to generate cash.

Any chance to see you at Les Assises? I missed you at FIC...

mikkohypponen26 karma

IoT is such a n easy target right now. All the devices are running old Linux kernels, and they have default admin credentials that nobody changes. And admin connections are done over a god damn telnet connection. Wtf.

IoT attackers are mostly using them for building DDoS botnets for now. And you can make cash with DDoS botnets.

I won't be at Assises, see you somewhere else!

dannyler9 karma

Hi Mikko! How to spread awareness to small brick&mortar stores or small companies like barbers, hotels and B&Bs, etc. that have no clue about infosec and still need to maintain a web-presence or social media presence?

mikkohypponen10 karma

Education is hard, and there are no shortcuts. Many countries run data security days, during which basic info is circulated to homes, companies etc. They seem to have a positive effect.

TheSeanKyle9 karma

Great timing as the Data privacy day is just around the corner. I was wondering if I am fully protecting my privacy with just a premium VPN installed and setup on router and my devices? Or are there some other recommendations too?

mikkohypponen37 karma

One good tip is to use different browsers for different purposes, so it's harder to track you. For example, use Firefox for Facebook but Chrome for everything else. That way, Facebook can't track your movements across the web.

ptman5 karma

What do you think is likely to happen as a response to Trump's executive order on privacy?

https://techcrunch.com/2017/01/26/trump-order-strips-privacy-rights-from-non-u-s-citizens-could-nix-eu-us-data-flows/

What would you like/hope to happen? ;)

mikkohypponen24 karma

What will happen is that a lot of lawyers will get to do a lot of work.

European internet users do not want to stop using U.S. services, and U.S. companies do not want to lose EU customers.

joni__5 karma

Hi Mikko! I live in Helsinki and i study IT engineering, my goal is to work in infosec, or to be exact as a pentester. And ofcourse F-Secure has been the dream for me. One question i've wanted to ask someone at F-Secure for a long time is, when someone applies for an infosec position @ F-Secure, how much do you care about certifications? And what certs do you prefer the applicant has? And can a cert like the OSCP compensate having work experience in the field? Thanks in advance!

mikkohypponen10 karma

Certifications are not required. First and foremost, we're looking for really technical people who are willing to become even more technical.

thickner4 karma

What steps should the average person take to protect their privacy online?

QuadrumN3 karma

What would be the best certification in your buisness ? CISSP or any other ?

mikkohypponen13 karma

Beats me. I have no certifications.

Spew333 karma

How the hell do you show up here on the wrong day?

Strykah6 karma

Don't know where you're from mate, but over here in Australia it's the 28th tomorrow.

Ferl744 karma

Here in the US it's the 28th tomorrow too.

mikkohypponen11 karma

Here in Finland it's the 28th tomorrow too.

Talkoman3 karma

I am a huge fan. Following you since you did the Quora session recently. Staying with one organization for such a long time is something, so are you partnered with F-Secure?

mikkohypponen6 karma

Yeah, it's my 26th year here at F-Secure, but it's not my company. I just like working here.

dofMark2 karma

Sorry to ask but is VPN can really protect my data?

mikkohypponen5 karma

VPNs can really protect your connections (encrypt them). It won't help with the security of your stored data.

myxsyx1 karma

Hi Mikko, thank you for taking the time to do this AMA. In a nutshell, will hackers always be two to ten steps ahead?

Taking Yahoo! as an example, one of many companies struggling to fend off hackers, keep our data safe and say no to any advertisers, is it even realistic to expect organisations to prevent cybercrime incidents effectively? There's a sense of false economies mattering more than security when it should be the reverse.

mikkohypponen2 karma

When attackers are creating their attacks, they can analyse how protection systems - like firewalls and antiviruses - work, then work around them. They have unlimited time to do this. Then when they release their attacks, the defenders have to be able to find the attacks and add defense against them very quickly. It's not a fair fight between the malware writers and malware fighters.

TalTheBest1 karma

What personalty type are you?

mikkohypponen2 karma

Supervillain.

nicolasap0 karma

  1. Is he symbol "ଙ" in your twitter name some kind of protest against twitter's VIP verification?

  2. Do you still hunt for security breaches as a hobby? I'm assuming this is not part of your job as a CRO and public speaker, but correct me if I'm wrong Edit: I'm stupid, it's right in the title of the AMA!

  3. Do you know Edward Snowden personally?

mikkohypponen2 karma

  1. I've tried getting Verified on Twitter many times over the years, but no luck. At the same time, accounts like these get verified: https://twitter.com/ret2libc (slow clap). But the ଙ symbol isn't about that. I just thought it looks neat.

  2. Yes

  3. No, I don't know Ed personally.