Spoof or SPOF? IT Security reportage veteran John Markoff reports in the New York Times that the attack on Google's intellectual property reported in January was even more interesting (and disquieting) than most of us realized. According to an unnamed source, some of the information stolen related to the company's password system, Gaia. Gaia is a

Aleksandr Matrosov, Senior Virus Researcher at ESET Russia, has brought to our attention an avalanche of reports of hacked Gmail accounts. While the exact nature of the hack isn't confirmed, it appears that spammers were able to access the victim's address books in order to send junk mail from the compromised accounts to their owner's

If you regularly follow my blogs, you'll know that while this my primary blogspot, it isn't the only site to which I post (see signature for full details). Here are a few recent blogs and microblogs that may be of possible interest. @Mophiee asked me about the ICPP Trojan on Twitter (where I'm @ESETblog or

I was asked whether I'd seen SEO (Search Engine Optimization) poisoning relating to the Icelandic eruption and the very widespread grounding of aircraft in Europe. Well, there were certainly attempts in March to exploit the earlier Eyjafjallajokull eruption in order to drive googlers interested in finding out more towards malicious web sites. So it would be naive

I've just read a news item about a nine year old boy who has been accused of hacking into his school's computer system. It seems police claim the nine year old hacked into the Blackboard Learning System used by his school to change teacher's and staff member's passwords, change and delete course content and change

The Boston Globe suggested  that changing passwords is a waste of time, based on their interpretation of an article by Herley Cormac. Cormac's paper – well worth reading, by the way - reinforces a point that has been made many times both by me and by the "user education doesn't work" lobby. While I don't believe that education is useless,

I find it hard to not be shocked at a headline like this… Then I remembered the recent top cybercrime city survey conducted by one of our competing software vendors which had Boston ranked the SECOND HIGHEST risk city in the entire United States. I’m also not one to simply lie down and let cybercriminals

Further to Pierre-Marc's blog yesterday about in-the-wild exploitation of the Java Development Kit vulnerability publicised by Tavis Ormandy, David Kennedy has brought to our attention a comprehensive article on the same topic published yesterday by FireEye's Atif Mushtaq.  You may remember that Atif exchanged thoughts and info with us a while ago in relation to

Old joke: how can you tell a lousy drummer is at your front door? The knocks keep slowing down. Tempo of operations are similar in that if you can keep a fast, sustained rhythm outpacing the adversary, you’ll keep the initiative. If your side knows when the tempo is supposed to speed up or slow

Craig Johnston recently posted a blog about steganography. It is interesting to me that I have known for years how to get data out of a company on a CD or a DVD with virtually no chance of detection. There are large areas in CD and DVD images that are not supposed to contain data,