David Harley
davidharley copy 2
David Harley
Senior Research Fellow
Go to latest posts

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

Tech Support Scams: Top of the Pop-Ups

Support scams and fake alerts are still big business. We look at scammer psychology and a little parapsychology.

ESET Presentations at Virus Bulletin 2015

Some of the good things in store for those attending Virus Bulletin 2015.

Criminals, linguistics, literacy and attribution

Linguistics and some form of textual analysis can be helpful in analysing malware and scams. Regional attribution, though, still requires caution.

Support scams, malware and mindgames without frontiers

Introduction It might not have escaped your notice that I write quite a lot about support scams, an issue in which most commentators in the security industry take only sporadic interest and tend to regard as of only niche interest. (As when a scammer is damaging their brand or product in some way, for instance

Signatures, product testing, and the lingering death of AV

Is it time to revalue the role of anti-malware? Maybe, but uninformed or intentionally misleading mutterings about signatures are not where to start.

Support Scammers and Self-Justification

Support scammers: old twisters, new twists, and scammer psychology.

Spoofed URLs: Homograph Attacks Revisited

How homograph attacks can present a spoofed, malicious link, and a case where a secure connection doesn’t guarantee a safe site.

Phone Scams: Increasing Numbers, Wider Scope

There’s a lot more to phone scams than tech support, giving rise to an escalating number of complaints. Here’s what two recent reports tell us.

(More) Confessions of a Support Scammer

David Harley examines the latest confessions of a support scammer to appear on the web, this time from a Reddit Q&A.

Phish Phood for Thought

In 2007, David Harley and Andrew Lee suggested at Virus Bulletin that poorly-designed phish quizzes did more harm than good. Has the picture changed much?

Smartphone Authentication: the Passing of the Passcode?

Smartphone authentication: is biometric technology ready to replace PINs and passwords?

Accident Scam Waiting to Happen

Beware of that accident scam call or text: losing money isn’t the only risk.

Tech Support Scammers with Teeth

Some support scammers and their assassination threats may seem dumb, but they’re no joke.They can cause serious damage as we discuss it in this article.

SEO Scams and Semi-Scams

Search Engine Optimization: it’s an essential component of internet marketing strategy, I guess, but one with a bad public image, especially in the wake of years of abuse of optimization techniques by purveyors of malware and other bad actors (Black Hat SEO, or BHSEO).

Heimdal blog, 19 Experts, 50+ Security Tips

Heimdal asked a range of security experts for their essential security tips. 19 experts (including David Harley) offered over 50 tips.

Operating System Vulnerabilities, Exploits and Insecurity

iOS and OS X the most vulnerable operating systems? Don’t confuse vulnerabilities with exploits, or patch frequency with insecurity.

Census Scams and ‘Grandparent Scams’

Two phone scams of a type that might be new to you: fake surveys asking dangerous questions, and a Londoning scam that seems to target seniors.

Phish Allergy – Recognizing Phishing Messages

While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.

Trust, Truth and Hoaxes in Social Media

Social networks are fun, but can also spread misinformation and worse. We discuss myths about your contract with Facebook, and whether British politicians are interested only in their own salaries.

Virus Bulletin and AVAR: a conference paper is for life

ESET conference papers from the 2014 Virus Bulletin and AVAR conferences are now available.

4Chan: destructive hoaxes and the Internet of Not Things

The media have associated a number of destructive hoaxes with 4chan: people need some historical perspective on how the site actually works.

Anyone want to know my Social Security Number?

Your home may be your castle, but on social networks, your friends are your perimeter. Will they enclose and protect your personal data?

Shaggy Dogma: Passwords and Social Over-Engineering

Given the ‘nightmare’ that is password management, is Microsoft right to say that it’s sometimes OK to re-use the same memorable password on several sites?

Support Scam: Old Racket Still in Service

One of the support scam sites used to mislead victims may be down, but the scam definitely isn’t about to go away.

Chip & PIN & Signature, Magstripes and EMV Go-Faster Stripes

The US is still perceived as a hotspot for card fraud: what difference will the ongoing roll-out of Chip & Signature EMV make?

Follow us

Copyright © 2015 ESET, All Rights Reserved.