Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science. A Fellow of the BCS Institute (formerly the British Computing Society), Chartered IT Professional, Certified Information Security Systems Professional, BS7799/ISO27001 Lead Auditor.

Highlights of your career? Office administration, programming, and IT support at Royal Free Hospital, then with Human Genome Project. System administration and support, then security analyst at Imperial Cancer Research Fund (now Cancer Research UK). Wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming, security etc. I presented my first conference papers in 1997 (at Virus Bulletin and SANS), and soon after inherited the Mac Virus web site, which I still run as an independent security information resource. In 2001 I joined the UK’s National Health Service, where I ran the Threat Assessment Centre until 2006, acquired qualifications in computer security, security audit, and service management (ITIL), and was the go-to person nationally for issues related to malware. Viruses Revealed, published the same year by Osborne, wasn’t my first security book (I’ve written or contributed to about a dozen) but it was the first to make a real impact and was published in 2001: that, and the AVIEN Malware Defense Guide (Syngress), to which Andrew Lee also contributed, are probably the best known of my books.

Position and history at ESET? Senior Research Fellow at ESET N. America. I’ve worked with ESET since 2006, primarily as an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Essentially, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of the gangs behind phishing scams and banking Trojans, fake AV, 419s, support scams and so on, I can see that it’s easier to be honest in a relatively prosperous environment, if there is such a thing anymore, and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still play semi-professionally when time allows), songwriting, recording, listening to other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth. Even this adage.

When did you get your first computer and what kind was it? Amstrad PCW in 1986. It ran a version of CP/M and came with an integral printer, word-processing software and versions of BASIC and Logo. I moved on to an 8086 when I got my first job in IT. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse, articles). Artwork and digital photography.

More Info

Responsible Disclosure and Fish Pedicure

Some of my favourite blog comments of the week: I’m surprised just how so many fish pedicure spas have sprung up in the uk without looking fully at the possible health risks to clients, or insuring against them. Yes, I've often thought the same thing, especially in the context of disclosure ethics and the issue

Putting your money where your pancreas is…

I’m a believer in responsible disclosure. But…

Social media: information wants to be free…

…but it doesn't necessarily want you to be free. Since Cameron Camp and I have written here and here about the implications of the UK government's meditations on curbing civil unrest by curbing social media services, it's interesting to see that the estimable Kim Davis, who previously categorized UK Prime Minister David Cameron's pronouncements as bluster, has also

Cybercrime Corner Revisited

You may be aware that Cameron Camp and I regularly write articles for SC Magazine's Cybercrime Corner: here here's a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it'll give some idea of the range of content covered. Ten years later, still the same

Backup Basics

Aryeh Goretsky’s paper won’t turn you into a business continuity specialist, but is an excellent primer on why, how and when to back up your data.

Hasta La Vista, Bootkit: Exploiting the VBR

During the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.

Malware De-Cloaked

… people have been asking me about Google’s interesting paper on Trends in Circumventing Web-Malware Detection…

Philosophical Phish

…this is a phish mailed out indiscriminately in the hope of catching a Xoom customer…

PUAs: ESET’s Most Unwanted List

Aryeh Goretsky interviewed, as his paper on Possibly Unwanted Applications is published.

Proudhon and the Social Media

…both articles are concerned with breaches of copyright and IP abuse…

Warming up for the Autumn Conferences

‘Tis the season to get ready for the autumn round of security conferences.

Urban Myth in the Making

…you can probably guess what I think about the idea of an undetectable virus…

Comment Spam: what’s in a name?

…I realize that it looks a little self-obsessed to keep writing about comment spam relating to your own blog…

ESET July Threat Report

There is some pretty interesting content in ESET’s Threat Report for July.

Shady Business

We (AVIEN) devoted quite a lot of space to one Chinese operation, the NCPH group, in the “AVIEN Malware Defense Guide for the Enterprise”

Win32/Hodprot: Hot off the Press

A week or so ago we promised you a full paper expanding on our Hodprot is a Hotshot blog. That paper is now available.

Hacktivism: not a get-out-of-jail card?

What we’re lacking here is a clear differentiation between types of “hacktivist” or, indeed, “activist”: much of the commentary that’s around at the moment seems to assume that all hacktivists are the same.

Stuxnet and the DHS

In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.

Manga Management and Malware

…one Yasuhiro Kawaguchi was arrested yesterday on suspicion of “saving a virus on his computer,” though the story suggests distribution of malware too…

Support desk scams: CLSID not unique

…the scammer doesn’t need you to edit the registry to find the CLSID he’s looking for. He simply has to persuade you to run the ASSOC command…

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.