Two new papers have gone up on the ESET White Papers page at http://www.eset.com/download/whitepapers.php. (Strictly speaking, they're not altogether new: they include some material that has previously been blogged here.) The Internet Book of the Dead is a bit different from other papers you’ll find on the ESET white papers page. (Technically, it’s not actually

[Part 6 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Social Networks Can Be Very Anti-Social Don’t disclose sensitive information on websites like FaceBook or LinkedIn if you can’t be sure that you

I just received another request to follow me on Twitter on a protected account, so perhaps it's time I clarified what all those accounts that are and aren't in my signature are for. @dharleyatESET is a protected account largely for work purposes.  I only accept requests to follow from people who really need to know

I've read with interest the recent developments regarding the "Aurora" exploit code. As you are probably aware this code exploits a vulnerability in Microsoft's Internet Explorer. Microsoft recently released an out-of-band patch to close off this vulnerability. Very soon after, we are seeing reports that the first widespread attacks that attempt to exploit this vulnerability

I read a story today called “Give me your money, or your computer gets it” at http://redtape.msnbc.com/2010/01/turning-hijacked-computers-into-cash-is-still-hard-work-for-most-computer-criminals-theyve-got-to-trick-the-infected-pc-into.html. While the story does offer some practical advice, it misses some critical points and gets one thing a bit wrong. The story actually talks about a couple of different “ransom” attacks. There is the case where your data

At least as of this writing if you paste the following line into a Google search you’ll find something interesting… "2004 Honda Accord EX-V6" $3000 site:craigslist.org An ad with the title and price shows up on almost every Craigslist site in the country and in virtually all cases the ad has been flagged for removal.

As more information and discussion has come in on this, it now merits an update in its own right. It seems that there is at least one other unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing

I received a fax today. Now, that may not be worthy of noting on here, apart from the fact that I hardly ever receive faxes these days. But the interesting fact is that it was sent to my US based fax number and offered me a great deal on a "New Health Plan" for only

An online friend of mine from China once told me they loved the song “Amazing Negro”.  It only took a moment to realize “Amazing Grace” http://www.sumo.tv/watch.php?video=3451832 was the song they were referring to. The song is best known as a “negro spiritual” and so I can understand the mental mix up, especially for one whose

* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for