David Harley
davidharley copy 2
David Harley
Senior Research Fellow
Go to latest posts

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

Facebook video scam: 15 seconds? Don’t watch it at all

[Update: For more articles about Facebook security click here. To help you protect yourself on Facebook and Twitter, ESET provides a free social media scanner.] One of my Facebook friends drew my attention today to a fast-spreading link. I’m pleased to say that he knew better than to look at it, but I figured it was

Facebook Likes and cold-call scams

Many companies and sites offering support are basing their appeal to visitors to their web sites on bona fides that are pretty difficult to verify.

Stolen password checking: a question of trust

How do you know a service is legitimate and safe? We all have to trust by proxy sometimes, but it just doesn’t feel right to encourage people to accept reassuring statements as gospel.

Virtualization & Conferencing

David Harley is taking part in the keynote session (11.00-12.00 EST) on “APT: Real Threat or Just Hype” at US Infosecurity’s Virtual Conference on November 8th.

Facebook Sympathy Hoax: No Surprises

No, Craig Shergold doesn’t need a heart transplant. Others do, but Facebook sharing isn’t the best way to accomplish that.

Win32/Duqu analysis: the RPC edition

ESET Researchers have investigated Win32/Duqu’s RPC mechanism.

Win32/Duqu: It’s A Date

For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of

Gaddafi search poisoning

Here’s an example of search poisoning somewhat similar to that predicted by Stephen Cobb. It uses the death of Gaddafi as a hook, as noted by our colleague Raphael Labaca Castro.

TDL4 rebooted

ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.

A little light relief

Recently I've been collecting examples of comment spam. Essentially, this is for a research project that is somewhere fairly low on my to-do list. However, it does have a more positive aspect: whenever I feel at a loss for words and losing faith in my own wordsmithing ability, I scroll down to see what nice

Facebook, Privacy, and Defence in Depth

Symantec’s transient false positive detection of Facebook as a malicious site leads to serious thoughts about Facebook and privacy…

Testing presentation slides: old whine in new bottle

The slides from an AMTSO-oriented presentation by Larry Bridwell and myself at this year's Virus Bulletin conference, on "'Daze of whine and neuroses (but testing is FINE)" are now available on the Virus Bulletin site are now available here (along with some other excellent presentations). The paper on which the presentation is based is on the ESET white papers

Google Eye Phish: Bait Me A Hook In The Morning

…I’ve been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like…

Government, Public Interest and Trojans

…this isn’t lawful interception, and it’s not surprising that the AV industry has seen no reason to avoid detecting it…

New white paper & presentations, and an SC Mag article

A new conference paper, two conference presentations, and an article for SC Magazine.

Virus Bulletin 2011: Here at Last!

Virus Bulletin’s annual conference is really one of the highlights of the year for the research community

Not all Facebook threats are hoaxes…

…the finding that 52% of respondents felt that increased use by their employees of social media had resulted in an increase in attacks from malware seems to me both interesting and significant…

Facebook, the natural home of the hoax

You may have noticed a lot of excitement about Facebook's latest attempts to prune your privacy, and you'll probably see more commentary on this blog. Here's something a little different: a good old-fashioned chainletter that seems to be flourishing despite all its logical flaws. The story is at SC Magazine's Cybercrime Corner, to which I

Bypassing code signing policy: welcome to the (Eko)party

ESET researchers Aleksandr Matrosov and Eugene Rodionov just gave a talk on Defeating x64: Modern Trends of Kernel-Mode Rootkits

Soup, Security Expertise and the Hypocritical Oath

If Tanji’sarticle makes you more sceptical of those of us who pollute the blogosphere with our own opinions, that’s a Good Thing.

Follow us

Copyright © 2015 ESET, All Rights Reserved.