I suppose I could make this a really short blog and simply say “Do it like the TSA does”. It would be accurate, but perhaps doesn’t explain enough. In case you don’t know, TSA is said to stand for "Transportation Security Administration", but I tend to think it means Terrorist Support Agency, as they do

We interrupt our – well, my - scheduled programming to bring to your attention an article in "The Register" that I think deserves your attention. I put up what was intended to be a brief pointer on the AVIEN blog (http://avien.net/blog/?p=253), but I found myself kind of warming to the subject, to the extent that I

OK, so I lied about not doing a top ten. Twice. For a paper that's going through the publication process at the moment, I revisited some of the ideas that our research team at ESET LLC came up with this time last year for a top ten things that people can do to protect themselves

1. Every security blogger in the world will mark the transition from 2009 to 2010 with at least one top ten something-or-other article. Except me, of course.  2. There will be headlines about the death of anti-virus, and a famous security guru will state that anti-malware only catches malware that's already been identified and analysed, that

The BBC has reported (http://news.bbc.co.uk/1/hi/technology/8429233.stm) that Karsten Nohl has published details of the encryption algorithm used to encrypt mobile phonecalls made using GSM technology. The topic has inspired much discussion following a talk at the Chaos Computer Congress in Berlin. The GSM Association seems, according to the BBC report, to be a little ambivalent about the

Well, I'm pretty sure I've been seeing spam for a bit more than ten years, as has CAUCE (Coalition Against Unsolicited Commercial Email) in its various incarnations. However, the blog by Neil Schwartzman that was put up yesterday at http://www.cauce.org/archives/155-This-Decade-in-Spam.html#extended covered only the notable events of the last decade. Which was indeed eventful enough. In fact, it turns

The Hype-free blog at http://hype-free.blogspot.com/2009/12/congratulation-to-av-comparatives.html yesterday mentioned the latest AV-Comparatives round of test reports, including: The whole product dynamic test at http://www.av-comparatives.org/comparativesreviews/dynamic-tests The December 2009 performance test at http://www.av-comparatives.org/comparativesreviews/performance-tests The summary reports at http://www.av-comparatives.org/comparativesreviews/main-tests/summary-reports I have a pretty jaundiced view of testing organizations in general: after all, I see some pretty awful tests proclaimed by the

There are times that malicious software actually results in innocent people being accused or even convicted of crimes they did not commit. There are times, however where malware is not to blame. Today I read a story at http://www.theregister.co.uk/2009/12/09/palin_hack_spyware_defence/ where the lawyers for David Kernell, the man accused of hacking Sarah Palin’s Yahoo email account,

I'm not exactly taking time off for the holiday: I have too many deadlines to meet. Let's hope the bad guys will be taking some time out to sing carols (or maybe pirate shanties) around the Christmas tree, though. (A forlorn hope: on another screen, I see I have a lengthy list of today's Zeus

I read an article on the Newsweek Blog today http://blog.newsweek.com/blogs/techtonicshifts/archive/2009/12/22/antivirus-under-attack-from-polymorphic-threats-and-you.aspx In the blog the author states “Individuals and corporate users are storing less data on their hard drives and more in the cloud — remote servers, operated by giants like Google and Amazon. With less valuable data on individual PCs, the need for virus protection