TIME Security

4 Things Every Single Person Can Learn From the Sony Hack

Most importantly: Never email your passwords

The massive cyberattack against Sony Pictures Entertainment that resulted in thousands of employees’ emails and personal data being posted online may have been the work of expert hackers with North Korean support—but that doesn’t mean we can’t all learn something from the incident.

Reporting around the Sony hack revealed the company and its employees did little to keep passwords and other sensitive data secure. Here are four things we can all learn about data security from the Sony hack.

Never open suspicious links

While some reports suggest the Sony hackers had inside help, it’s just as likely they accessed Sony’s systems after a hapless employee clicked a suspicious link in what’s called a “phishing” email. Those emails increasingly target specific employees with very personal messages that make it look like they’re from somebody you trust, but clicking the links they contain can result in malware hitting your computer, infecting your company’s network and leaving it vulnerable.

Learn more about phishing emails and how to detect them on this helpful Microsoft site.

Don’t email your passwords

Sony Pictures CEO Michael Lynton’s assistants emailed him unencrypted reminders of his passwords for email, banking and online shopping accounts, according to the Associated Press. How does the AP know that? Because those emails were leaked by the Sony hackers along with troves of other data, exposing Lynton to a serious personal security problem. All a hacker with Lynton’s emails had to do was search the cache for “password,” and voila, tons of access credentials.

If you have to communicate passwords with family members or coworkers, the safest solution is a secure password manager like 1Password or LastPass.

Encrypt your most sensitive data

Every business has sensitive files, like contracts or employees’ medical information. Encryption basically makes files look like a jumbled mess to anyone who doesn’t have the right decoding software, meaning it would have made it much harder for hackers and journalists to get anything useful from Sony’s documents.

Most people don’t go the extra mile and encrypt their private files, but the Sony hack shows we really ought to do that. Lifehacker has a good list of encryption tools here, though top tech companies have increasingly been making encryption the default, especially on mobile devices.

Make sure you’ve got an ace security team

This tip is more for corporate executives than rank-and-file employees, but it’s crucial that your company’s IT team is up to snuff. Sony Pictures CFO David C. Hendler complained about the company’s poor security policies as recently as October, according to emails leaked in the hack. The Sony hack would have caught many companies flat-footed, but having better security and IT practices might have helped Sony ward off the worst of it—and rebuilding after a hack is far harder and costlier than deflecting one to begin with.

TIME Security

Everything We Know About Sony, The Interview and North Korea

What we know, what we don't know, and how a movie got pulled

Sony Pictures Entertainment said late Wednesday that it’s pulling The Interview, a comedy about two journalists tasked with killing North Korean ruler Kim Jong Un. Sony’s move came a day after a cryptic message appeared online threatening attacks against theaters that played the film, and several weeks after hackers first breached Sony’s system and posted troves of private emails and other data online.

Shortly after Sony decided to scrub The Interview, a U.S. official confirmed to TIME that American intelligence officials have determined North Korea was behind the Sony hack, though no evidence has been disclosed.

Here’s everything we know for sure about the Sony hack, up until now.

What happened?

On Nov. 24, Sony employees came to work in Culver City, Calif., to find images of grinning red skulls on computer screens. The hackers identified themselves as #GOP, or the Guardians of Peace. They made off with a vast amount of data (reports suggest up to 100 terabytes), wiped company hard drives and began dumping sensitive documents on the Internet.

Among the sensitive information the hackers divulged: salary and personnel records for tens of thousands of employees as well as Hollywood stars; embarrassing email traffic between executives and movie moguls; and several of the studio’s unreleased feature films. More is likely to come, as Sony Pictures Co-Chair Amy Pascal said the hackers got away with every employees’ emails “from the last 10 years.”

MORE: The 7 most outrageous things we learned from the Sony hack

And the attack has already affected other companies: Secret acquisitions by photo-sharing app Snapchat, for instance, have been made public thanks to leaked emails from Sony Pictures CEO Michael Lynton, who sits on Snapchat’s board.

Who did it?

That’s the million-dollar question. For a few reasons, suspicion has zeroed in on the North Korean government or a band of allied hacktivists. The hermit kingdom is apoplectic over The Interview, in which Seth Rogen and James Franco play journalists who land a face-to-face with Supreme Leader Kim Jong Un, only to be asked by the CIA to assassinate the reclusive leader. The comedy features graphic footage of the dictator’s death, which didn’t go over well in a country built on a hereditary personality cult.

From a forensic perspective, the hack had hallmarks of North Korean influence. The attackers breached Sony’s network with malware that had been compiled on a Korean-language computer. And the effort bore similarities to attacks by a hacking group with suspected ties to North Korea that has carried out attacks on South Korean targets, including a breach of South Korean banks in 2013. That group, which is alternately known in the cybersecurity community as DarkSeoul (after its frequent target) or Silent Chollima (after a mythical winged horse), often uses spear-phishing—a cyber-attack that targets a specific vulnerable user or department on a larger network.

MORE: U.S. sees North Korea as culprit in Sony attack

That does not necessarily mean the North Korean government, or even the same hacker collective, is responsible. In the world of cyberwarfare, hackers will often dissect and imitate successful techniques.

Even the clues that point toward Pyongyang could be diversions to deflect investigators. For example, the perpetrators could’ve manipulated the code or set the computer language to throw suspicion on a convenient culprit. Pyongyang has denied involvement.

Why did Sony scrub The Interview?

People who may or may not have been tied to the hackers posted a vague message Tuesday threatening 9/11-style attacks against theaters that chose to play the film. The U.S. Department of Homeland Security said there wasn’t any evidence of a credible threat against American movie theaters, but several major chains, including AMC and Regal, decided to play it safe—all told, chains that control about half of the country’s movie screens decided against playing The Interview. Sony then followed suit, pulling the movie entirely.

Were theaters really in danger?

It’s tough to say for sure. North Korea has made lots of bloviating threats toward the U.S. before, so anything that comes out of Pyongyang should be taken with a grain of salt. But again, no concrete proof has been made public yet that these attacks or the threat came from North Korea—or even that they came from the same person or group.

Will we ever get to see The Interview?

Probably. The movie cost about $44 million to make, according to documents leaked by the hackers. The ad campaign so far has cost tens of millions on top of that, although Sony has pulled the plug on further TV spots. A total loss on that investment would be a tough pill for Sony to swallow.

MORE: You can’t see The Interview, but TIME’s movie critic did

What will most likely happen is some limited release in the future when everything calms down, perhaps bypassing theaters and going right to Blu-Ray/DVD and on-demand services. There’s also a chance Sony could release the film online. That would eliminate pretty much any safety risk to viewers, but could further enrage whoever hacked Sony—assuming they actually care about The Interview and it’s not just a red herring. It would also let Sony capitalize on all the sudden interest in the film generated by the hack and threats. Don’t expect to see it soon: Sony said late Wednesday it’s not planning any kind of release. But it could, of course, be leaked online.

In an interview with ABC News on Wednesday, President Barack Obama called the hack against Sony “very serious,” but suggested authorities have yet to find any credibility in the threat of attacks against theaters.

“For now, my recommendation would be that people go to the movies,” Obama said.

How did the hackers do it?

We don’t know exactly. Cyber-security experts say the initial breach could have occurred through a simple phishing or spearfishing attempt, in which the hackers find a soft spot in the company’s network defenses. That can be a coding error or an employee who clicks on an infected link. These breaches occur all the time. FireEye, the parent company of the cybersecurity firm Sony hired to probe the hack, studied the network security of more than 1,200 banks, government agencies and manufacturers over a six-month period ending in 2014, and found that 97% had their last line of defense breached at some point by hackers.

“Breaches are inevitable,” says Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike. “But that just means they’ve gotten in the door. It doesn’t mean they’ll be able to walk out with the crown jewels or set fire to the building.”

Once inside, hackers will try to gain elevated security privileges to spread across the network. What made the Sony hack different was the fact that it wasn’t detected until large quantities of data had been swiped. And what stood out, several analysts say, was not the sophistication of the breach but the havoc the culprits sought to wreak. “The attack was very targeted, very well thought out,” says Mike Fey of the network-security firm Blue Coat Systems, who believes the hackers “planned and orchestrated” the attack for months.

What are investigators doing to find out who’s responsible?

Sony has brought in experts at Mandiant, a top security firm, to lead the probe of the hack. Their investigation, outside security experts say, will be similar in some ways to the forensic analysis that follow a murder: studying data logs, reviewing network communications, poring over code, matching clues to potential motives. It may involve probing bulletin boards on the Dark Web, where hackers sometimes go to seek advice on technical troubles.

“There’s a lot of detective work you can do,” says former Department of Justice cybercrime prosecutor Mark Rasch. “Are they native English speakers? What programming language do they use? The code will have styles, signatures and tells.”

And investigators are tracking the IP addresses from which the attack was launched, which in the case of the Sony hack included infected computers in locations ranging from Thailand to Italy.

What happens if it was North Korea?

It’s tough to say. It’s unprecedented for a state actor to conduct a cyberattack of this scale against a U.S. corporation. If that turns out to be the case, however the U.S. decides to respond will set the tone for a whole new kind of cyberwar.

Could the Sony hack happen to other companies?

It’s increasingly likely. Sony is unusual in large part because the attackers appear to have been driven by a desire to cause destruction, rather than financial motives. And the strange geopolitical overtones of the hack add a dollop of intrigue. “It’s a milestone because it’s such a large-scale destructive attack that is rooted in this bizarre political messaging,” says security researcher Kurt Baumgartner of Kaspersky Lab.

But cyber-warfare is a growing threat for which most companies are ill-prepared. Joseph Demarest, assistant director in the FBI’s cyber division, testified to a Senate panel earlier this month that the malware used in the Sony hack “probably [would have] gotten past 90% of the net defenses that are out there today in private industry.” Banks and government agencies tend to have better security, but in recent months major retailers like Target and Home Depot have been hit. When targeted by competent and persistent hackers, corporate defenses will often be outmatched. “This is a great wakeup call,” says Kevin Haley, a director at Symantec Security Response. “We need to get better at securing our organizations.”

-Additional reporting by Sam Frizell

Read next: You Can’t See ‘The Interview,’ but I Did

TIME Security

3 Reasons People Think North Korea Hacked Sony

And 4 reasons it might have been somebody else

It’s been more than three weeks since Sony Pictures employees arrived in their offices to find threatening messages accompanied by glowing skulls placed by hackers on their computer screens, but the embattled studio is still dealing with the fallout. Terabytes of Sony’s internal data has been leaked online. Sony’s been hit with multiple ex-employee lawsuits. Ominous warnings have been issued about attacks on movie theaters that play Sony’s upcoming The Interview.

But we still don’t know a basic question: Who hacked Sony?

The person or people claiming responsibility call themselves the “Guardians of Peace,” or GOP. Early reports suggested North Korea was behind the GOP, and there’s been some evidence of that. But North Korea has denied responsibility for the hack, and it’s equally possible the assailants planted clues leading to North Korea as a distraction.

Here’s why people think North Korea was involved:

The attack looks similar to hacks previously linked to North Korea, according to cybersecurity analysts. In a hack like the one against Sony, the attackers most likely found a way to infect Sony’s systems with malware, probably through an email. Once Sony’s system was infected, the hackers could use what’s called a command-and-control server to steal data. And, as it turns out, the malware being used against Sony communicates with at least one of the same command-and-control servers used in previous attacks attributed to North Korea.

It’s improbable that’s a coincidence, experts say. And the malware itself was developed and compiled on systems set to use the Korean language, another clue pointing to North Korea.

“It’s highly unlikely to see another piece of malware that carries strong similarity characteristics and uses the same command and control server,” Kaspersky Lab analyst Kurt Baumgartner says. “It’s a very unique indicator.”

North Korea has a motive. The leaders of the reclusive nation are furious about Sony’s upcoming release of Seth Rogen and James Franco comedy The Interview, which revolves around an assassination plot against North Korean leader Kim Jong-un. North Korea has called the movie an “act of war.”

The hackers are doing whatever they can to stop people from seeing The Interview. On Tuesday, the hackers or somebody claiming to be associated with them threatened to attack movie theaters that screen The Interview. At least one theater chain has already decided not to show the movie.

But there are reasons to doubt North Korea’s involvement:

North Korea has denied the hacks. The government officially claimed it wasn’t responsible, but praised it as a “righteous deed.” American law enforcement is investigating any possible North Korea links, but so far hasn’t found evidence of one.

It’s easy enough to buy and sell malware. There’s a big black market for malware, and a lot of it is simply traded, repackaged and used again. So the similarities between the Sony attack and earlier hacks linked to North Korea may not be so telling.

The North Korea clues and theater threats could be a red herring. North Korea was making vague threats over The Interview long before Sony was hacked. If random hackers attacked Sony because they found an exploitable weak point, they might have left clues pointing to North Korea and made threats to keep attention squarely on Pyongyang.

It could just be random hackers. Sony has long been a favorite target of hackers around the world. Its PlayStation Network, for instance, has repeatedly been hit by disabling attacks. That’s at least in part because back in the mid-2000s, Sony put software on millions of music CDs that, when put in a computer, would automatically install software meant to make it harder to illegally copy those albums. Sony’s software, however, installed itself without users’ knowledge and exposed users’ machines to security vulnerabilities. Many in the hacker community have not forgiven Sony for the practice, which it ended in 2007.

Read next: These Are the Theaters That Have Pulled ‘The Interview’ After Threat

TIME Security

Delta Says Boarding Pass Hack Had No Impact on Flight Safety

US-TRANSPORTATION-AVIATION-DELTA
A Delta Airlines jet takes off from Fort Lauderdale-Hollywood International Airport February 21, 2013 in Ft. Lauderdale, Florida. Karen Bleier—AFP/Getty Images

The flaw was discovered Monday

Delta Airlines said Tuesday that a security vulnerability on its mobile boarding passes has been fixed without causing any “impact to flight safety.”

The boarding pass vulnerability was first found Monday by a BuzzFeed intern who also runs a site about technologists. In a post on Medium, Dani Grant detailed how she was able to access other passengers’ boarding passes simply by changing a single digit in her pass’ URL. She was also able to log in to Delta’s site as those other passengers, from which point she could’ve changed their seating assignments or accessed other details about them.

Grant was also able to access boarding passes belonging to non-Delta passengers, most likely because airlines share some technology that powers mobile boarding passes.

“After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring,” Delta spokesperson Paul Skrbec said Tuesday afternoon. Delta is still investigating the problem, but Skrbec’s statement added that Delta is “not aware of any compromised customer accounts.”

It’s unlikely that the flaw could have posed a threat to aviation safety. While Grant suggested on Twitter that it would have been possible to take advantage of the vulnerability for nefarious purposes, airport safety procedures should have prevented any security lapses.

TIME Security

Sony Asks Media to Stop Covering Hacked Emails

US-ENTERTAINMENT-SONY-CYBER-ATTACK
Pedestrians walk past an exterior wall to Sony Pictures Studios in Los Angeles on Dec. 4, 2014. Frederic J. Brown—AFP/Getty Images

Sony says it "will have no choice but to hold [media outlets] responsible for any damage or loss”

Sony Pictures Entertainment demanded Sunday that media outlets stop reporting on the leaked emails and stolen documents obtained by hackers through the recent cyberattack on the studio.

“We are writing to ensure that you are aware that SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use of the stolen information,” attorney David Boies wrote in a Dec. 14 letter that was sent to news outlets including New York Times and Bloomberg, Businessweek reports. If journalists refuse Sony’s request, the company said it “will have no choice but to hold you responsible for any damage or loss.”

MORE: Meet the Sony executive at the center of the worst corporate hack ever

The massive hack on Sony, through which hackers obtained information about salaries, celebrity email addresses and even medical records, was made public in late November. In addition to revealing news about upcoming projects, the emails obtained by the hackers reveal damaging conversations among Sony executives, including some racist exchanges between Sony Pictures co-chair Amy Pascal and producer Scott Rudin that television producer Shonda Rhimes slammed on Twitter.

Oscar-winning screenwriter Aaron Sorkin also spoke out about media coverage of the cyberattack, writing in a New York Times op-ed that reporters writing about information revealed in the leaked documents are “morally treasonous and spectacularly dishonorable.”

[Businessweek]

TIME Security

Leaked Sony Emails Reveal How Much Movie Studios Hate Google

Google
The Google logo is seen at the company's offices on August 21, 2014 in Berlin, Germany. Adam Berry—Getty Images

They codenamed Google "Goliath"

It’s no secret that some big movie and music companies hate Google, which they have long accused of making it easy for users to find pirated content online. But newly leaked emails reveal just how far movie studios are willing to go in their battle against online piracy, and, by extension, Google.

A group of lawyers from Sony, six other studios and the Motion Picture Association of America have been coordinating a legal and technical plan to fight online piracy, according to Sony Pictures emails leaked by hackers and analyzed by The Verge. The studios have been discussing how to get state prosecutors to go after Google—which they codenamed “Goliath”—for offering links to pirated content (or sites that then link to pirated content) in its search results.

The report also found the movie studios are looking at ways to partner with Internet providers like Comcast to block sites found to host infringing content, a strategy that’s already being used in other parts of the world.

Read more at The Verge

Read next: Who Is Amy Pascal? Meet the Exec Tangled Up in Sony’s Leaked Emails

TIME Security

Hackers Sent Sony Employees a Terrifying New Message

Sony Hack
Sony logo. Koichi Kamoshida—Getty Images

The hackers might still have access to Sony systems

A hacker group calling itself the “Guardians of Peace,” or #GOP, sent an ominous new warning to Sony Pictures Entertainment employees on Thursday, causing the scary message to flash upon computer screens.

An unnamed individual familiar with the situation told TheWrap that several Sony employees received the message and most felt “disturbed.” Another source said the threat promised to do more damage if the #GOP’s demands aren’t met.

It’s been almost three weeks since hackers calling themselves the Guardians of Peace first broke into Sony’s systems before posting unreleased films and company documents online. The new warning is evidence the hackers still have access to the company’s network.

Sony executive Amy Pascal, meanwhile, told TheWrap that the hackers have “everyone’s emails in this company for the last 10 years.”

The identity of the hackers who targeted Sony is unknown. Some believe they’re tied to the North Korean government, which is furious over an upcoming Sony comedy about an assassination plot against the country’s leader.

[TheWrap]

Read next: The 7 Most Outrageous Things We Learned From the Sony Hack

TIME Smartphones

9 Steps to Make Your Smartphone Totally Hacker-Proof

smartphone
Getty Images

Don't use public Wi-Fi networks that aren't password protected, for instance

If you use an iPhone, your days of lording its security features over Android users are numbered.

When it comes to the seemingly endless head-to-head showdowns between the two operating systems used by 94% of Americans, Android’s major selling point is also its Achilles heel. Its customizability means Android users can download apps from anywhere, increasing the risk of infection via malware that can skim sensitive info, send spam messages, or freeze the phone until the owner coughs up a ransom.

Spyware is still far more prevalent for Android devices than iPhones due to Apple’s tight vetting of apps before they make it onto the App Store. Android’s greater market share has a lot to do with it, too, as cyber-criminals can attack more Android phones with a single infusion of malicious code.

But a recently discovered piece of malware called WireLurker attacked iOS devices through a compromised computer, indicating that not only are malware creators increasingly focusing on mobile, but that Apple may soon represent as good a piece of game as Android.

What about Windows Phone and BlackBerry, which make up just 5.9% of US smartphone users combined? “These haven’t attracted the same kind of attention from malware authors that Android has,” says Jeremy Linden, Senior Security Product Manager at Lookout security firm.

However, as our smartphones become our go-to devices for everything from shopping to business, it’s likely that the tiny computer in your hand – no matter which operating system it runs – will increasingly become a target for cybercriminals.

Here are nine things you can do to ensure the security of your device now:

1. Log out after banking and shopping

Using online banking on your smartphone browser should be as safe as using it with a desktop browser, assuming the bank implements the appropriate security measures, says Linden.

Just make sure you log out when you’re done. Signing out from your account prevents cyber-offenders from viewing your personal financial data if your smartphone is hacked. The same goes for shopping sites, where your credit card info may be visible to anyone snooping on the transaction.

Or use your bank’s official app. “Banking apps are set up to be encrypted and protect your information even if the network you’re using has been compromised,” Linden says. Ensure you’ve downloaded the real app and not a malicious copy. Earlier this year, Lookout found a clone of the app for Israel-based Mizrahi Bank, designed to steal customers’ login credentials.

2. Only use public Wi-Fi hotspots that require passwords

Use public Wi-Fi only on secure networks requiring a password to access, ideally only from providers you trust such as the coffee shop you’re at, a city’s official Wi-Fi or a telecommunications operator. Unsecured networks allow hackers to view all web traffic over the network, including passwords and even the contents of unencrypted email (that is, most people’s email).

If you’re planning to connect to public Wi-Fi a lot — for example, while traveling abroad — use an encryption app such as Freedome (Android or iOS) that can secure your connection to any Wi-Fi network so that your data is unreadable. The app also blocks tracking while you’re surfing the web.

3. Set a password on your lock screen

The humble password can prevent an even more insidious crime: allowing someone you know to install spyware onto your device.

Last year, Lookout found that 0.24% of the Android phones it scanned in the United States included spyware designed to target a specific person. That’s tens of thousands of people whose calls, messages and photos were being monitored by someone close enough to access their phones.

No matter what type of smartphone you use, a good password is also your first line of defense against the most basic security issue: losing your phone. As long as you don’t pick an easily guessed combo like 1111, a password can hold off a would-be thief long enough for you to locate and remote-erase your device via the Android Device Manager, Find My iPhone or Windows Phone sites. (BlackBerry users need to have previously downloaded the BlackBerry Protect app, unless the device uses the BlackBerry Enterprise Server.)

4. Check permissions requested by new apps

According to Lookout, adware is the most common security risk with apps. While ads help app makers turn revenue, some contain adware that may collect personal details or usage habits without your consent, send messages with links to buy fake products or force your device to send premium-rate SMS text messages.

Before downloading an app, read through what permissions it requests from you. If a Flappy Bird clone wants access to your contacts and call history, for example, it’s probably best to cancel that download.

If you suspect you’ve already downloaded adware (based on symptoms such as a deluge of pop-up ads or in-app messages asking you to click on a link), uninstall the app that is delivering the aggressive advertising.

5. Get a security app

If you don’t know which app is the culprit or if you simply want to check your phone’s bill of health, a free security app such as Lookout (Android or iOS) or Avast Free Mobile Security (Android or iOS) can scan the apps on your phone for malware including adware, spyware and viruses. If malware is detected, the security app will remove it.

These apps can also locate your device if you lose it, sound an alarm or message it in case someone has found it, back up your contacts online and remote-erase everything if all hope of getting your phone back is lost.

Check out our comparison of free and paid security apps for more information.

6. Review your download habits

“Non-jailbroken iOS devices are less likely to download malware,” says Linden. (The same goes for Windows and BlackBerry phones.) But if you’ve performed tech surgery to rid your iPhone of its limitations or if you use an Android phone, Linden recommends avoiding downloads from third-party app stores, where malware is much more prevalent. Install a security app that can alert you to suspected malware.

Even if apps are on the official app market, only download from trusted developers, and check the reviews for complaints.

7. Disable app downloads from unknown sources (Android only)

Lookout recently identified a piece of malware called NotCompatible.C that allows your phone to be used without your permission. For example, ticket scalpers could use the malware to route bulk ticket purchases through a group of infected phones, thus hiding their identity and location.

NotCompatible is downloaded secretly onto Android phones from sites harboring it; links to such sites have been found in phishing emails. To avoid similar sneaky malware downloads, disable app downloads from unknown sources, found in the Settings/Security menu.

In general, it’s best to avoid clicking on links in emails from unknown senders or, according to Lookout, clicking on shortened URLs like bit.ly, since you can’t see the domain it leads to.

8. Don’t grant apps administrator access (Android only)

Back in July, an intimidating type of Android malware made the rounds. The so-called FBI ransomware froze infected phones, popping up a message that the FBI had locked the phone because the owner had violated federal law by visiting illegal sites including child pornography websites. To access the phone (and its data), victims were asked to pay several hundred dollars.

Ransomware may also request administrator rights at installation, giving the wayward app the ability to lock the phone, read notifications and remote-wipe your data. Once given, you may never be able to retract the access, as in the case of the trojan Obad.a, which hid itself and set to work scraping users’ info, spamming contacts and downloading more malware.

“When ransomware is downloaded to a phone from a malicious website, it takes the form of an APK (Android application package), often disguised as an anti-virus app,” Linden says. “Or it may in some way trick you into launching the app. To avoid this, do not grant applications administrator access unless the app is reputable.”

If you must travel off the beaten path for apps, only download non-app store apps from trusted third parties.

9. Install OS and app updates

Finally, the obvious but biggest way to protect your smartphone security: Download software updates for your phone and its apps whenever they’re available. Updates are designed to patch bugs and vulnerabilities.

This article was written by Natasha Stokes and originally appeared on Techlicious.

More from Techlicious:

Researchers Develop a Smartphone Screen that Corrects for Vision Problems
Amazon Now Lets You “Make an Offer”
1.2M Smartphones Stolen in 2013, Thefts Down in 2014
Colleges Using Big Data to Track At-Risk Students

TIME Security

Here’s How Sony Is Hacking Back to Defend Itself

Sony Hack
The Sony Corp. logo is displayed outside the company's showroom in Tokyo on Oct. 30, 2013 Bloomberg/Getty

Denial of service attacks allow Sony to slow the leak of its data

Sony is reportedly turning to defensive hacking to prevent its breached files from spreading after it was hit by hackers who leaked unreleased movies and employee data last month.

First, the company is flooding websites hosting stolen files with dummy content, unnamed sources told Re/code. That move makes it harder for users to know if they’re downloading real leaked Sony files. But that technique is nothing new — media companies often used it in the early days of file sharing to dissuade piracy in the dial-up era, when illegally downloading a movie was an hours-long affair.

The more interesting claim in re/code’s report is that Sony is using Distributed Denial of Service (DDoS) attacks against websites hosting stolen Sony files. Those attacks send bogus Internet traffic to a target server in hopes of slowing other users’ connections to a standstill.

DDoS attacks are easy from a technological standpoint. A hacker who wants to conduct one only needs control over a large number of computers, which they typically get from sneaking malware onto unsuspecting users’ machines. Still, that Sony could be attacking servers hosting its stolen stuff is significant in terms of understanding the company’s damage control strategy.

A recondite group of hackers that some have linked to North Korea have already published Sony Pictures Entertainment financial information, salaries, internal emails and feature films on file-sharing websites.

[Re/code]

MONEY

Supreme Court Says Amazon Doesn’t Have To Pay Workers For Waiting In Security Lines

The Supreme Court hands down a ruling which says warehouse temp agencies hired by companies like Amazon, CVS, and TJ Maxx do not need to pay their employees for waiting in line for security screenings.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser