Following up on blog comments is part of the job for those of us contributing to the ThreatBlog. Well, I suppose it is: no-one else does it if we don’t. :-) Much of the time, comment handling involves dealing with the occasional comment spam that slips through our filters (there’s an interesting item on a novel

The estimable Dan Raywood, of SC Magazine, forwarded me an interesting example of a hoax email, knowing that I have an unhealthy interest in these "electronic ephemera" as Martin Overton calls them. In fact, I have an email address (hoaxchecker@gmail.com) that I use to offer a free service to people who want information on whether

SC Magazine included an interesting item today on security and confidentiality in the UK’s National Health Service. Anders Pettersson has suggested that the NHS is too busy to be harrassed over data protection/data leakage issues, and that the security industry should "come together to educate NHS Trusts and other organizations on simple measures to protect

The Research team in San Diego has several Twitter accounts that we use, both to follow other people and to keep people who follow us informed about hopefully useful stuff like blogs and new papers. http://twitter.com/esetresearch is the official team Twitter account, but we also post stuff to http://twitter.com/ESETLLC and http://twitter.com/ESETblog, which have more followers at

"Viruses Revealed", which I wrote with Robert Slade and Urs Gattiker, isn’t exactly my latest book. In fact, it was published by Osborne in 2001, and has been out of print for several years. Still, I have some fond memories of it: for a start, it was my first book in the security arena as one

We know that spam works: well, it works well enough for spammers to keep devoting time and money into pumping sewage into the arteries of the internet. The interesting question is why does it work? The Messaging Anti-Abuse Working Group (MAAWG), a global coalition of network operators and messaging providers who do some vital work

ESET in Bratislava have just issued a press release concerning Win32/TrojanDownloader.Bredolab.AA, which made the top ten threat listing in our June ThreatSense.Net® report, as mentioned here. While press releases aren’t always our biggest priority on the ThreatBlog, this is certainly a research issue, and one in which many people have expressed an interest. The lab tells

The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled "U.S. Enterprise Encryption Trends", has completed its fourth annual publication.  The data was directly obtained from

How secure is your Social Security Number? If your answer is "Very: I only ever give it to organizations who are entitled to know it", that may not be as safe as it sounds. Of course, there are a couple of fairly generic issues: some legitimate, convenient organizations may ask for it who are, nevertheless,

Sadly, I’m now back in not-so-sunny England, but one of my colleagues forwarded me an item about security breaches reported by healthcare organizations. On January 1st it became mandatory in California for such organizations to report incidents where non-anonymized patient data may be been intentionally or unintentionally disclosed to someone unauthorized. In the first five months,