archives
September 2010

From sci-fi to Stuxnet: exploding gas pipelines and the Farewell Dossier

In researching today’s SC Magazine Cybercrime Corner article “From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier”, I came across this ‘Damn Interesting’ article which showcases the successful cyberwarfare compromise of a SCADA / pipeline control system nearly thirty years ago, an event which I had heard stories about in Navy circles but

Who Wants a Cyberwar?

The short answer is the media wants a cyberwar. Cyberwar is a dark, sexy, mysterious headline that sells and so each time something nefarious happens on the internet that potentially involves two or more countries, security experts are besieged with the question “Is this cyberwar”? Let’s look back to the 1989 book by Clifford Stoll

Images are not always what they seem

So what we really have is a file with a filename extension that looks like a jpg image, but which really acts as a container for a file with a deceptive double extension.

What’s the Difference Between Facebook Security and Bigfoot?

The difference is that there have been reported sightings of Bigfoot. The keynote address at the Virus Bulletin conference today was given by Nick Bilogorskiy, a member of the security team at Facebook. To start with, I have known Nick for several years and I can tell you that he is very intelligent and a

Yet more Stuxnet

Just in case you haven’t heard enough from me on the topic of Stuxnet, the Security Week article I mentioned in a previous blog is now up at http://www.securityweek.com/stuxnet-sux-or-stuxnet-success-story. ;-) David Harley CITP FBCS CISSP ESET Senior Research Fellow

Tell Me Your Secrets

An Associated Press release http://news.yahoo.com/s/ap/20100927/ap_on_hi_te/us_internet_wiretaps today indicates that the Obama administration is drafting legislation that would require companies to make it technically possible to intercept all electronic communications in the US. This would affect all of the US telephone companies, Skype, and also companies, such a RIM (Blackberry) that are based outside of the US.

Iran Admits Stuxnet Infected Its Nuclear Power Plant

While the defining research on the Stuxnet topic doesn’t go this far, Forbes writer Trevor Butterworth went out on a limb to name names along with detailing the warfare aspects: As I noted last week – and as the news media have only begun to grasp – Stuxnet represents  a conceptual change in the history

Cyberwar, Cyberhysteria

I guess I wasn’t forceful, or controversial, or sensationalist, or ungeek enough to rate any column inches. So I’m going to give you a sneak preview … in the light of all the speculation today on whether Stuxnet is an attack by Israel on Iran.

Is Disney Flashing Minors?

Recently a lawsuit was filed against Walt Disney’s internet subsidiary and some of its partners as well. http://www.theregister.co.uk/2010/08/17/flash_cookie_lawsuit/ At issue is the use of a special kind of cookie that is used in conjunction with Adobe Flash. These “supercookies” are called Local Shared Objects or LSOs for short. LSOs are not deleted when you use

ESET Stuxnet Paper

…we have just published a lengthy analysis that considers many of these questions, as well as discussing some of the characteristics of this fascinating and multi-faceted malicious code. The report is already available here, and will shortly be available on the ESET white papers page.

Your Fantasy, A Criminal’s Dream

Fantasy sporting leagues have become very popular. A good friend of mine is into fantasy car racing teams. Other friends are into fantasy soccer (football elsewhere in the world). In the US a lot of people are into the fantasy NFL (National Football League –not soccer). Recently a researcher, Gary Rios, joined an ESPN sponsored

Facebook Competitor Faces Criticism – Is Diaspora DOA?

Really – should any Alpha version be fed through a chipper-shredder like Diaspora has? The basics are simple: The basic premise behind Diaspora is that it will allow users to have social networking functionality similar to that offered by Facebook, but with far greater control over personal data. Diaspora was born earlier this year largely

MouseOver, Game Over

In some computer programming languages there is an event called “mouseover”. This command is used to determine what happens when a user put the mouse over a specific object. When you put the mouse over a hyperlink and see where that link will take you, that is a “mouseover” command at work. When you place

Social Media: 5 Unexpected Threats

…a piece at Discovery News about 5 Unexpected Threats of Online Social Networking…

Privacy? Who Cares?

In the security industry, we’re sometimes over-ready to be over-prescriptive, seeing security and privacy concerns as paramount where others see them as a distraction. And we’ve become used to the mindset that computer users will always prefer convenience to security.

Scareware and Legitimate Marketing

Kurt Wismer posted a much-to-the-point blog a few days ago about the way that purveyors of scareware (fake/rogue anti-virus/security products) mimic the marketing practices of legitimate security providers. You may remember that a while ago, I commented here about a post by Rob Rosenberger that made some related points. If you’re a regular reader of

You Can’t Do That

So much of the time we security bloggers write about what you are not supposed to do, or try to tell you what you should do. This time it is different. This post is not about security it is about what one amazing individual can do and what you can do too, if you wish

New Papers and Articles

Here are a few papers and articles that have become available in the last week or two.

Strong passwords: deja vu all over again

Since never changing your password isn’t generally a realistic option, and some sites actually prevent you from using good passwords and, even better, passphrases, we’ve produced a number of articles and papers on the topic to help make it easier to follow good practice, even when your provider seems set on preventing it. Here they are as a list, to make it easier to follow.

Privacy is not in the Cards

I decided to download the card game Solitaire (by ZenTech Labs) on my Android based phone. Being a free app it is paid for by advertising. When you play the game there is always a banner ad at the bottom of the screen. One of the ads caught my eye. It said “Leslie2088 is .7

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

7 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.