archives
November 2009

No Ifs or Bots: if only…

I came across a nice article today by Dennis Fisher on “The Root of the Botnet Epidemic”. It's the start of what looks like an interesting series on "the roots, growth and effects of the botnet epidemic" and the first aricle takes a historical overview of the situation around the turn of the century, looking

Password Practice Revisited

A few months ago Randy and I put together a white paper on password "good practice" (http://www.eset.com/download/whitepapers/EsetWP-KeepingSecrets20090814.pdf).  In it, I quoted the following table of The Ten Most-Used Passwords (sourced from http://www.whatsmypass.com): 1 123456 2 password 3 12345678 4 1234 5 pussy 6 12345 7 dragon 8 qwerty 9 696969 10 mustang  Today, I came

Shortened URLs

Now here's a useful link (thanks to Mikko Hypponen for the tweet that brought it to my attention). I've made the point several times here about being cautious about URLs shortened by bit.ly, tinyurl and the many others. Which is why when I flag our blogs and papers on twitter, I normally use tinyURL or

Paedophilia and the “Trojan Defence”

This is a follow-up of sorts to Jeff Debrosse's thoughtful post recently on the problem of possible conviction for the possession of illegal paedophiliac material of individuals who had no knowledge of its presence. More recently, a tweet by Bob McMillan drew my attention to an article by Geoff Liesik on "Authorities scoff at 'child porn

Whitelisting and the iPhone

The much reported/blogged iPhone worm does not affect all iPhones. Specifically it affects SOME iPhones that have been jailbroken. A significant part of the iPhone and iPod Touch security model is a technique called “whitelisting”. This is not new and is known to be a very effective security technology that can be used to prevent

Don’t be a Turkey!

Yes, the time is now here for Thanksgiving e-Cards. Before you click on a link to go get your eCard, make sure that your operating system is fully patched. Even if you use automatic updates, it’s a good idea to go to update.microsoft.com and make sure you’re fully patched. Next try out the Secunia vulnerability

Thanksgiving and Cyber Monday revisited

 With Thanksgiving and the start of the holiday shopping season almost upon us, I notice that quite a few sites are giving safe surfing advice. Since we already covered that a few days ago, I'll just post these pointers to those blogs. :) Is Cyber Monday the End of Shopping as We Know it? http://www.eset.com/threat-center/blog/2009/11/19/is-cyber-monday-the-end-of-shopping-as-we-know-it

Some Demographics of Cybercrime Risk

I wanted to share with you some more results from the cybercrime survey ESET commission and recently released. You can find the entire report at http://www.eset.com/company/CERC_Poll_2009_Oct.pdf. 57% of American computer owners now bank online, however the more money a person makes the more likely they are to bank online. 2/3rds of computer owners who earn

IBot revisited (briefly)

I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go)  on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3. So here are the update bits

Qinetiq Energy: A Patent Leathering

[Update: Michael St Nietzel also pointed out that there's an issue with installers that verify a checksum before installation. In fact, this is a special case of an issue I may not have made completely clear before: unless this approach is combined with some form of whitelisting, there has to be some way of reversing the modification

iBot Mark 2: Go Straight To Jail Do Not Pass Go

[Update, courtesy of Mikko: this worm targets at least one Dutch bank, and activates when users go to the online bank with an infected iPhone ] [Update 2, courtesy of Paul Ducklin: how to change the password of an infected phone. I could just tell you what the password is, but you might want to read

What if your Virusproof Computer Catches a Virus?

An Australian company claims to have launched a “virusproof” computer. They even say “ A fast, easy to use, computer that never gets viruses, EVER !” and then on the same page say “In the rare event that you manage to catch a virus on your virusproof computer, we will re-load both Zone 1 and

And talking of Cyber Monday…

Even in Europe, we have a rough idea of what Thanksgiving is about, though we don't celebrate it at the same time or in the same way. However, Black Friday and Cyber Monday are rather less well known outside the US. Since Randy has already blogged on Cyber Monday and its security implications at http://www.eset.com/threat-center/blog/2009/11/19/is-cyber-monday-the-end-of-shopping-as-we-know-it, I took the

Is Cyber Monday the End of Shopping as We Know it?

Cyber Monday is the Monday that follows Thanksgiving in the USA. This is said to be the busiest online shopping day of the year. Does that mean that there is more risk of cybercrime? The answer is yes and no. There is more risk simply because more people are shopping online so malicious web pages,

So, You Think You are Smart?

Recently I blogged (Once Upon A Cybercrime…) about a survey ESET commissioned which indicated that Mac users are victims of cybercrime as often as PC users. This finding was not the main point of the survey, but was an interesting finding. The survey is titled “Securing Our e-City National Cybercrime Survey” and was commissioned to

Great Hoax From Little Acorns…

I learned a new word today. "Glurge", according to snopes.com, an essential resource when checking the validity of dubious chain letters, glurge is the sending of inspirational (and supposedly true) tales … that often … undermine their messages by fabricating and distorting historical fact in the guise of offering a "true story". I came across

The Honour’s All Mine

(Much) earlier this year, Randy posted a blog on some email he received about his inclusion into the 2009/2010 Princeton Premier Honors Edition Registry (http://www.eset.com/threat-center/blog/2009/01/09/what-an-honor). I was reminded of it (yes, Randy, someone does read your blogs ;-)) when I got a couple of emails telling me I'd been nominated for an entry into the

Biting the Hand that Feeds You?

Verizon has just done something rather brave. The company has issued a report on "ICSA Labs Product Assurance Report" (http://www.icsalabs.com/sites/default/files/WP14117.20Yrs-ICSA%20Labs.pdf) that talks about the difficulties that most products have in meeting the requirements of ICSA Labs certification. Why is it brave? Because those companies provide ICSALabs with a healthy income, and might therefore be a

Cyberhype

Cyberwar, cyberterrorism, cybersigh…(gosh, that's almost a palindrome…) However, if you get past the cyberbuzzwords, there are some interesting articles around at the moment. On the Infosecurity Magazine, there's an article called "Cyberterrorism: A look into the future", contributed by the (ISC)2 US Government Advisory Board Executive Writers Bureau.  http://www.infosecurity-magazine.com/view/5217/cyberterrorism-a-look-into-the-future/. More thoughtful than you might expect from

No Mule’s Fool

After a few years in the security business, it's easy to get a bit too used to the background noise, and forget that not everyone is familiar with concepts like phishing (see Randy's recent blog at http://www.eset.com/threat-center/blog/2009/11/16/once-upon-a-cybercrime%e2%80%a6), or botnets ("whatever they are", as my brother said to me quite recently), or money mules. I've written

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
30 Nov 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.