Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science. A Fellow of the BCS Institute (formerly the British Computing Society), Chartered IT Professional, Certified Information Security Systems Professional, BS7799/ISO27001 Lead Auditor.

Highlights of your career? Office administration, programming, and IT support at Royal Free Hospital, then with Human Genome Project. System administration and support, then security analyst at Imperial Cancer Research Fund (now Cancer Research UK). Wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming, security etc. I presented my first conference papers in 1997 (at Virus Bulletin and SANS), and soon after inherited the Mac Virus web site, which I still run as an independent security information resource. In 2001 I joined the UK’s National Health Service, where I ran the Threat Assessment Centre until 2006, acquired qualifications in computer security, security audit, and service management (ITIL), and was the go-to person nationally for issues related to malware. Viruses Revealed, published the same year by Osborne, wasn’t my first security book (I’ve written or contributed to about a dozen) but it was the first to make a real impact and was published in 2001: that, and the AVIEN Malware Defense Guide (Syngress), to which Andrew Lee also contributed, are probably the best known of my books.

Position and history at ESET? Senior Research Fellow at ESET N. America. I’ve worked with ESET since 2006, primarily as an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Essentially, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of the gangs behind phishing scams and banking Trojans, fake AV, 419s, support scams and so on, I can see that it’s easier to be honest in a relatively prosperous environment, if there is such a thing anymore, and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still play semi-professionally when time allows), songwriting, recording, listening to other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth. Even this adage.

When did you get your first computer and what kind was it? Amstrad PCW in 1986. It ran a version of CP/M and came with an integral printer, word-processing software and versions of BASIC and Logo. I moved on to an 8086 when I got my first job in IT. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse, articles). Artwork and digital photography.

More Info

XP-diency: beyond the end of the line

Can’t yet upgrade from XP? Recommendations are being made by Gartner and others for staying (relatively) safe.

Privacy, Social Media, and the Younger Generation

When parents post photographs and information about their children to social media, what are the privacy implications for those children when they’re grown? What happens on the internet tends to stay on the internet, and not necessarily in a good way.

The Internet of Things isn’t a malware-laced game of cyber-Cluedo… yet

Will the future be a murderous game of ‘smart device’ Cluedo, where Colonel Mustard meets his death at the hands of a Wi-Fi pacemaker, and Miss Scarlett is consumed in a Smart Home-ignited blaze. Not likely, says David Harley – where’s the profit motive?

Better Mac Testing: Static versus Dynamic Testing

Dynamic or on-access Mac testing of AV products is problematical with samples for which Apple has implemented signature detection.

Better Mac Testing? How OS security can make AV testing harder

As Mac malware increases in prevalence, testing security software that supplements OS X internal security gets more important and more difficult.

More Mystery Shopper Misery

‘Highly-paid’ mystery shopper assignments where you’re sent cashier’s checks upfront can end up costing you a lot of money.

Courier Scams – don’t give away your bank card

If someone rings you up to tell you that your bank card has been compromised, it may be because they want to get their own hands on it.

Netflix phish, tech support scam, same phrying pan

Yet another innovative tech support scam, using Netflix phishing to get remote access to the victim’s system.

Scams: Tech Support, Accident Insurance, PPI, Oh My My

It’s not just fake tech support: call centre cold-callers are operating various kinds of insurance scams, too.

Tax Scams, Malware, Phishing and a 419

A roundup of scam information, including a tax scams article, email with a link to malware, a phish, and the worlds laziest 419.

Wangiri Telephone Fraud – One Ring to Scam Them All

Missed a phone call? The Better Business Bureau says answering international telephone fraud calls looking like US calls might cost you more than you think.

419 Scams: Let The Seller Beware

419s are a well-known scam type, but some scams are more obvious than others. And sometimes it’s the seller who’s cheated not the buyer.

Tech Support Scams: Second Byte at the Cherry

Is there really anything new to be said about tech support scams? Unfortunately, the FTC tells us there is. Not only because people are still falling prey to this type of fraud, but because the scammers are still finding new approaches to harvesting their victims’ credit card details. Some quite interesting, sophisticated technical tricks are

2013: a View to a Scam

There are plenty of scams effective enough to rate a warning or three, in the hope of alerting potential victims to the kind of gambit they use. And so, even though much of ESET’s business is focused on the bits and bytes of malicious software, I’ve spent a lot of time writing on WeLiveSecurity and

Phishing for Tesco Shoppers

A phishing scam targeting Tesco bank customers puts on a festive party hat and pretends to offer something for nothing. Is this a topical trend?

The Death of Anti-Virus: conference paper

Death of a Sales Force: Whatever Happened to Anti-Virus? is a paper written by Larry Bridwell and myself for the 16th AVAR conference in Chennai, which was kindly presented by ESET’s Chief Research Officer Juraj Malcho, as neither Larry nor myself were able to attend the conference in the end. The paper is also available

Phear of Phishing

(All four blog articles in this series, of which this article is the last, are available as a single paper here: The_Thoughtful_Phisher_Revisited.) From the sort of ‘visit this link and update or we’ll cancel your account’ message that we saw in the previous blog in this series (The Less Thoughtful Phisher), it’s a short step

The Less Thoughtful Phisher

Less innovative than the scam mails described in my previous articles (Phish to phry  and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is

The Thoughtful Phisher II

In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some

Phish to phry: The Thoughtful Phisher Revisited…

[A much shorter version of this article appeared in the October 2013 Threat Radar Report as 'The Thoughtful Phisher'. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.