archives
December 2009

How to Get Security All Wrong

I suppose I could make this a really short blog and simply say “Do it like the TSA does”. It would be accurate, but perhaps doesn’t explain enough. In case you don’t know, TSA is said to stand for "Transportation Security Administration", but I tend to think it means Terrorist Support Agency, as they do

The out-of-control decade

We interrupt our – well, my – scheduled programming to bring to your attention an article in "The Register" that I think deserves your attention. I put up what was intended to be a brief pointer on the AVIEN blog (http://avien.net/blog/?p=253), but I found myself kind of warming to the subject, to the extent that I

Ten Ways to Dodge Cyber-Bullets (Part 1)

OK, so I lied about not doing a top ten. Twice. For a paper that's going through the publication process at the moment, I revisited some of the ideas that our research team at ESET LLC came up with this time last year for a top ten things that people can do to protect themselves

Top Ten Trite Security Predictions

1. Every security blogger in the world will mark the transition from 2009 to 2010 with at least one top ten something-or-other article. Except me, of course.  2. There will be headlines about the death of anti-virus, and a famous security guru will state that anti-malware only catches malware that's already been identified and analysed, that

Party Line – GSM Eavesdropping

The BBC has reported (http://news.bbc.co.uk/1/hi/technology/8429233.stm) that Karsten Nohl has published details of the encryption algorithm used to encrypt mobile phonecalls made using GSM technology. The topic has inspired much discussion following a talk at the Chaos Computer Congress in Berlin. The GSM Association seems, according to the BBC report, to be a little ambivalent about the

Ten Years A-Spamming

Well, I'm pretty sure I've been seeing spam for a bit more than ten years, as has CAUCE (Coalition Against Unsolicited Commercial Email) in its various incarnations. However, the blog by Neil Schwartzman that was put up yesterday at http://www.cauce.org/archives/155-This-Decade-in-Spam.html#extended covered only the notable events of the last decade. Which was indeed eventful enough. In fact, it turns

A Thought or Two about Testing

The Hype-free blog at http://hype-free.blogspot.com/2009/12/congratulation-to-av-comparatives.html yesterday mentioned the latest AV-Comparatives round of test reports, including: The whole product dynamic test at http://www.av-comparatives.org/comparativesreviews/dynamic-tests The December 2009 performance test at http://www.av-comparatives.org/comparativesreviews/performance-tests The summary reports at http://www.av-comparatives.org/comparativesreviews/main-tests/summary-reports I have a pretty jaundiced view of testing organizations in general: after all, I see some pretty awful tests proclaimed by the

Grasping at Straws – Did Malware Hack Palin’s Email Account?

There are times that malicious software actually results in innocent people being accused or even convicted of crimes they did not commit. There are times, however where malware is not to blame. Today I read a story at http://www.theregister.co.uk/2009/12/09/palin_hack_spyware_defence/ where the lawyers for David Kernell, the man accused of hacking Sarah Palin’s Yahoo email account,

Seasonal Gratings

I'm not exactly taking time off for the holiday: I have too many deadlines to meet. Let's hope the bad guys will be taking some time out to sing carols (or maybe pirate shanties) around the Christmas tree, though. (A forlorn hope: on another screen, I see I have a lengthy list of today's Zeus

Some People Just Don’t Get It

I read an article on the Newsweek Blog today http://blog.newsweek.com/blogs/techtonicshifts/archive/2009/12/22/antivirus-under-attack-from-polymorphic-threats-and-you.aspx In the blog the author states “Individuals and corporate users are storing less data on their hard drives and more in the cloud — remote servers, operated by giants like Google and Amazon. With less valuable data on individual PCs, the need for virus protection

The New Cyber Security Coordinator

Today it was announced that Howard Schmidt will become the Cyber Security Coordinator for the White House. First off, it’s about time the press stopped calling the position “Czar”. I met Howard Schmidt when he and I both worked at Microsoft. It was right after I had spent a little time teaching helpdesk how to

What Does The World Know About You?

Social networking sites have become living biographies of people and may set them up for social engineering attacks. From time to time I enjoy looking to see what I can find out about people who send question to me using the AskESET@eset.com address. I won’t ever name names, but I wanted to share one example.

The Curious Art of Anti-Malware Testing

I recently made a presentation to  the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly better known as the British Computer Society). The PDF version of the slide deck is now up at: http://www.eset.com/download/whitepapers/Curious_Act_Of_Anti_Malware_Testing.pdf The presentation outlines some of the problems with anti-malware testing and summarizes the mission and principles of

Hounded by 419s

And it's a big hello to Lisa Presley. Or, at least, Lisa the owner of an English bulldog called Presley, who even has his own web site (in fact, at least two). Not, I presume, LIsa Marie Presley, formerly associated with assorted defunct rock stars.    Sorry to hear about your recently deceased husband, dear

Anniversaries Galore

Following my blog at http://www.eset.com/threat-center/blog/2009/12/18/a-trojan-anniversary, I came across a blog by Kurt Wismer that picked up the theme. As it happens, though I don't think we've ever met, Kurt and I have corresponded from time to time for quite a few years (fourteen, apparently), so I guess it's not so surprising that he also dates

PDF – Pretty Darned Fatal

Adobe PDF files were supposed to be a safe alternative to Microsoft Word documents in a time when Microsoft offered no effective protection against macro viruses and had virtually no security model in Office at all. Times change. Microsoft Word documents rarely spread macro viruses and have not for a long time if you are

A Trojan Anniversary

I don't suppose anyone remembers my mentioning this before, or cares much anyway, but the 19th of December marks what I consider to be the 20th official anniversary of my entry into the anti-virus/security field. Nowadays, viruses (and, in general, worms) have declined in importance and now constitute a fairly small proportion of the totality

Upgrade or Die

OK, it isn’t quite that dire, but if you are using Windows XP Service Pack 2, support for that version of the operating system will end in July 2010. If you plan to stay with Windows XP a while longer then it’s a good time to upgrade to service pack 3 if you have not

(Fake) Videos of Berlusconi attack

It is public knowledge that the Italian Prime Minister Silvio Berlusconi was hit in the face which left him with facial injuries, a broken nose and several broken teeth. The video of the attack is circulating on the Internet but at this time, if you search for them on any search engine it is possible

Que Sera Sera – A Buffet of Predictions for 2010

I was recently asked to share some predictions about what 2010 will bring in the security space. I asked some colleagues from ESET Research to share their thoughts as well -Randy Randy Abrams Director of Technical Education Social Engineering attacks will continue to grow in prevalence. As operating systems and eventually applications become more secure,

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.