archives
January 2010

Millennium Falcon: Crash & Burn Revisited

I originally posted this on the AVIEN blog site at http://avien.net/blog/?p=286, but in view of the increasing volume of "Y2.10k" date-related bug reports, I'll re-post it here with an updated list. (Thanks to Mikko Hypponen for posting a couple of links I hadn't seen.) Windows Mobile/SMS bug (Welcome to 2016!) http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/ http://www.wmexperts.com/y2016-sms-bug Bank Bugs: http://www.theregister.co.uk/2010/01/04/bank_queensland/ http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/?ocid=twitter]

Dark Reading and Crystal Balls

Apparently it's not just me that's sceptical about the value of security crystal ball-gazing. Tim Wilson of Dark Reading takes us (the security industry) to task for being "subjective" and inconsistent in our predictions for the coming year. Strangely, although he does quote an ESET blog (an observation of Randy's) in his selection of predictions he

Ten Ways to Dodge Cyber-Bullets (Part 3)

[Part 3 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Do You Need Administrative Privileges? Included for completists, though I don't think I've added anything here to the original blog. I think it's

Adobe, Javascript, and the CVE-2009-4324 Exploit

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the

Heuristic Detection Techniques

I recently received a few questions about heuristics and thought the answers may be of broader interest than just to the person asking. 1- What is the difference between the detection by generic signatures and passive heuristic? Aren't they the same? 2- In this thread: http://www.wilderssecurity.com/showthread.php?t=261904 I can't understand Marcos's replay: 'it's heuristic detection coupled

Advance Fee Fraud: Another Aspect

When we think Advance Fee Fraud (AFF) we usually think in terms of the 419-type scams often associated with Nigeria, though similar frauds actually come from all over. You know the sort of thing: the banker, or the wife or son or daughter of a defunct dictator or benevolently inclined millionaire plane-crash victim wants to share their

Ten Ways to Dodge Cyber-Bullets (Part 2)

[Part 2 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Catch the Patch Batch Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.