archives
May 2011

Anyone Fluent in L33t speak?

I went to verify some information to complete my account registration with an office supply store. The last item looked like this I initially thought that if it is a word, it must be l33t speak, but ahh, Google Translate to the rescue! I don’t know what 443xje5 means in French or English, but the

Hacking Sony for Fun and Profit (And Let’s Nail Your Company Too)

It’s been a really rough time for Sony. I have a hunch that in the past month “Sony CTO” has leapt past toilet cleaner on the list of least desirable jobs. Last month there was the massive Sony PlayStation/Qriocity breach that leaked more data than a Wall Street ticker leaks stock prices. Then a Sony

LinkedIn Security and The Rapture

What do these two topics have in common? More than you might think. The obvious is that neither has arrived yet. There is no proof of existence of either, you have to take it on faith. Neither will be here tomorrow… take my word for that. A story at http://www.reuters.com/article/2011/05/23/uk-linkedin-security-idUSLNE74M02820110523 explains how dreadfully poor security

Cybercrime corner

… I haven’t recently posted any pointers to our content on SC Magazine’s Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far…) …

Don’t they know it’s the end of the world?*

*http://en.wikipedia.org/wiki/Skeeter_Davis  Here in the UK it's just turned 6pm on the 21st May, which apparently means I'll shortly be either invited to a rapturous celestial street party or subjected to various unpleasant experiences starting with a giant earthquake and ending with a front seat at a subterranean bonfire on or before 21st October. Though according to

Dirty Rumors about Facebook and ESET

Perhaps you just read David Harley’s blog http://blog.eset.com/2011/05/20/facebook-gets-something-right. Now I am about to tell you about something else Facebook got right. With two accolades in one day dirty, unfounded rumors might start flying about Facebook buying ESET or infiltrating our blog with spies. To cast off such groundless speculation I’ll tell you about the part

Facebook gets something right

It seems a little strange to have the words "Facebook" and "privacy" in the same sentence in one of my blogs, yet it seems that Facebook CTO Bret Taylor testified at a Senate Commerce Committee hearing on mobile phone and internet privacy. But it turns out the story is about rather more than privacy: it's

No chocolates for my passwords please!

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a

AMTSO growing up?

It's been a busy few weeks. Last week I was in Krems, Austria for the EICAR conference. The week before, I was in Prague for the CARO workshop (where my colleagues Robert Lipovsky, Alexandr Matrosov and Dmitry Volkov did a great presentation on "Cybercrime in Russia: Trends and issues" – more information on that shortly),

Sony PlayStation – Rehacked reloaded?

In life one cannot reload a particular scene; however, in gaming one certainly can.  This is an unfortunate time for Sony PlayStation and customers due to the recent breach.  Anecdotal reports are now coming in that Sony PlayStation who opened up their gaming ecosystem recently has now potentially fallen to a password reset hack.  This

EICAR Schnapps-Shot

Well, the EICAR conference earlier this month was in Krems, in Austria, where I hear that they're not averse to the occasional brandy, but I was actually perfectly sober when I delivered my paper on Security Software & Rogue Economics: New Technology or New Marketing? (The full abstract is available at the same URL.) To conform with EICAR's

Android’s Anomaly?

There are reports coming out today about Google Android and how approximately 99.7% of its users are potentially open to compromise.  This news cycle started by the Ulm University publishing some information on the 13th of May showing some results.  I'm sure this story will develop and CTAC may follow-up to my blog with more details;

Securing Our eCity Cybersecurity Symposium

I'm a little late on this since I've been out of office for a few days, and only just picked up the relevant email. However, the Securing Our eCity Cybersecurity Symposium and IT Exec awards event is, I gather, happening right now and being tweeted live with the hashtag #SOEC . More information on the event

Obfuscated JavaScript: Oh What a Tangled Web

My colleague Daniel Novomeský alerted me to a problem he's observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space ("packing") or using a "protector" in order to make it

Is your ‘stalker ex’ still creeping your Facebook page?

Another day, another Facejack attack. We see a lot of these sorts of scams, alluringly titled posts – typically with a promise to show you who has been visiting your profile (or infamously, video of Osama Bin Laden's death) – that try to get you to click to see some special content. The latest one

Happiness is a Warm Smartphone*

…35% of iPhone/Android users in the US interact with their smartphones before they get out of bed…

Facebook’s Search and Destroy

An article came out yesterday from Clement Genzmer who is a security engineer at Facebook.  His tagline is "searching and destroying malicious links".  Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to

Will the Comcast “Constant Guard™ Security Service” work?

I received an email from Comcast (my ISP) announcing their “Constant Guard™ Security Service”. Basically, if Comcast thinks a customer is infected with a bot they will email the customer and offer to help clean up the computer. The Constant Guard service claims to do a lot more too, but Comcast is quite ambiguous about

AV Numbers Game

…I would suggest that you take any statement like “Grottyscan AntiVirus is best because it detects 200 million viruses” with a pinch of salt. Actually, a whole salt mine…

The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )

Our colleagues Aleksandr Matrosov and Eugene Rodionov are tracking the evolution of TDL4 (also known as Win32/Olmarik). The following is a report on the latest TDL4 update, released last week. In our previous blog post, we described how the latest Microsoft Security Update modified the Windows OS loader (winloader.exe) to fix a vulnerability that allowed

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
24 May 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.