Author
David Harley
davidharley copy 2
David Harley
Senior Research Fellow
Go to latest posts

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

SQL Injection Attack Alert

I've already mentioned this on the AVIEN blog, as it was an AVIEN member who first drew it to my attention, but a fairly dramatic SQL Injection attack has been flagged by the Internet Storm Center: it appears to resemble the lizamoon attack which was reported as affecting around a million sites earlier in the year.

Facebook Worm: ZeuS is not your (FB) Friend

CSIS have reported a worm that really does spread through Facebook…but it’s unsafe to use VirusTotal to compare product detection.

Support-Scammer Tricks

Information and resources regarding tricks used by coldcall/support desk scammers

Facebook Christmas Tree Virus: it’s Still a Hoax

“Old hoaxes never die”: last year’s Christmas Tree App Facebook “virus” warning is circulating again.

Facebook Invitation and the Olympic Torch

Old hoaxes never die. They just get transplanted to Facebook.

IRISSCERT, ESET Ireland and the Luck of the Irish

The IRISSCERT conference in Dublin has drawn attention to Irish cybercrime statistics since January 2011.

Evolution of Win32Carberp: going deeper

This month we discovered new information on a new modification in the Win32/TrojanDownloader.Carberp trojan family.

SOPA-rific: House Judiciary Committee gets a rude awakening

SOPA: Homeland Security weighs in, MPAA is reticent. Clearly, the House Judiciary Committee needs some authoritative, neutral advice on the mechanics and implications of DNS filtering.

Agony Column for Comment Spammers

Today we hand over the blog to Ms Letitia Teaspoon, ESET’s Agony-Aunt-in-Residence.

SOPA Opera

We all have our concerns about piracy and violations of intellectual property, but the discussion taking place at the moment behind closed doors seems pretty one-sided.

Facebook, offensive content, and terse responses

I have yet to see any direct advice to Facebook users on the “Facebook Known Issues” page or the “Facebook Security” page.

Infosecurity Conference APTitude Adjustment

If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A  (and the other panel sessions from the conference). Register here. Here are the details for that keynote session, chaired by Steve Gold,

Facebook video scam: 15 seconds? Don’t watch it at all

[Update: For more articles about Facebook security click here. To help you protect yourself on Facebook and Twitter, ESET provides a free social media scanner.] One of my Facebook friends drew my attention today to a fast-spreading link. I’m pleased to say that he knew better than to look at it, but I figured it was

Facebook Likes and cold-call scams

Many companies and sites offering support are basing their appeal to visitors to their web sites on bona fides that are pretty difficult to verify.

Stolen password checking: a question of trust

How do you know a service is legitimate and safe? We all have to trust by proxy sometimes, but it just doesn’t feel right to encourage people to accept reassuring statements as gospel.

Virtualization & Conferencing

David Harley is taking part in the keynote session (11.00-12.00 EST) on “APT: Real Threat or Just Hype” at US Infosecurity’s Virtual Conference on November 8th.

Facebook Sympathy Hoax: No Surprises

No, Craig Shergold doesn’t need a heart transplant. Others do, but Facebook sharing isn’t the best way to accomplish that.

Win32/Duqu analysis: the RPC edition

ESET Researchers have investigated Win32/Duqu’s RPC mechanism.

Win32/Duqu: It’s A Date

For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis of

Gaddafi search poisoning

Here’s an example of search poisoning somewhat similar to that predicted by Stephen Cobb. It uses the death of Gaddafi as a hook, as noted by our colleague Raphael Labaca Castro.

Follow us

Copyright © 2016 ESET, All Rights Reserved.