Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science. A Fellow of the BCS Institute (formerly the British Computing Society), Chartered IT Professional, Certified Information Security Systems Professional, BS7799/ISO27001 Lead Auditor.

Highlights of your career? Office administration, programming, and IT support at Royal Free Hospital, then with Human Genome Project. System administration and support, then security analyst at Imperial Cancer Research Fund (now Cancer Research UK). Wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming, security etc. I presented my first conference papers in 1997 (at Virus Bulletin and SANS), and soon after inherited the Mac Virus web site, which I still run as an independent security information resource. In 2001 I joined the UK’s National Health Service, where I ran the Threat Assessment Centre until 2006, acquired qualifications in computer security, security audit, and service management (ITIL), and was the go-to person nationally for issues related to malware. Viruses Revealed, published the same year by Osborne, wasn’t my first security book (I’ve written or contributed to about a dozen) but it was the first to make a real impact and was published in 2001: that, and the AVIEN Malware Defense Guide (Syngress), to which Andrew Lee also contributed, are probably the best known of my books.

Position and history at ESET? Senior Research Fellow at ESET N. America. I’ve worked with ESET since 2006, primarily as an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Essentially, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of the gangs behind phishing scams and banking Trojans, fake AV, 419s, support scams and so on, I can see that it’s easier to be honest in a relatively prosperous environment, if there is such a thing anymore, and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still play semi-professionally when time allows), songwriting, recording, listening to other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth. Even this adage.

When did you get your first computer and what kind was it? Amstrad PCW in 1986. It ran a version of CP/M and came with an integral printer, word-processing software and versions of BASIC and Logo. I moved on to an 8086 when I got my first job in IT. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse, articles). Artwork and digital photography.

More Info

Quicktime,malicious movies and Angelina Jolie

…criminals are making use of the fact that Quicktime Player 7.6.6 allows movie files to trigger file downloads…the volume of reports picked up our ThreatSense.Net® telemetry suggests the likelihood of significant prevalence, though by no means an epidemic right now…

Incidents on Facebook

My Spanish colleague Josep Albors has also commented on recent Facebook security issues. Mistakes in translation and interpretation are, as always, mine. The world's largest social network is a nearly inexhaustible news source: not only because it has reached 500 million users, or because it's the subject of a forthcoming film. It is also making

Facebook Losing More Than Face

Despite all those people who honoured May 31st 2010 as Quit Facebook Day – well, 31,000 people, maybe not an enormous dent in the 500 million users Facebook recently claimed – Facebook marches on. Clearly they're doing something right. But what? It's probably not the personal charm of founder Mark Zuckerberg, who when he's not

False Positives and Apportioning Blame

All this is potentially frightening and inconvenient (or worse) for a home user. And if it happens in a corporate environment, it can be very, very expensive to remedy. So while some of the public comments we see in the wake of such incidents may seem over the top, “FP rage” is certainly understandable.

More LNK exploiting malware, by Jove!*

Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK exploit used by Win32/Stuxnet. We also predicted that “…more malware operators will start using this exploit code in order to infect host systems and increase their revenues.” Well, that was a pretty safe bet.

Win32/Stuxnet: more news and resources

Perhaps you're getting as tired of this thing as I am (though with the information still coming in, I'm not going to be finished with this issue for a good while, I suspect).  But without wishing to hype, I figure it's worth adding links to some further resources. There's a very useful comment by Jake

There’s Passwording and there’s Security

Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of

Fake AV support scams

I’ve been banging on various forums for a while about the misuse of the ESET brand (among others) by fake support centres cold-calling victims and telling them they have “a virus” and charging them hefty fees to fix the “problem.”

Yet more on Win32/Stuxnet

Our colleagues in Bratislava have issued a press release which focuses on the clustering of reports from the US and Iran, and also quotes Randy Abrams, whose follow-up blog also discusses the SCADA-related malware issue at length. The Internet Storm Center has, unusually, raised its Infocon level to yellow in order to raise awareness of

(Windows) Shellshocked, Or Why Win32/Stuxnet Sux…

…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…

Aryeh’s Mousing Memoirs

“Written in the form of a personal retrospective, this paper compares the earliest days of PC computer viruses with today’s threats, as well as provides a glimpse into the origins of the computer anti-virus industry.”

Blog Makeover

You may have noticed that the blog has undergone some changes. While some may think that all the extra mugshots of yours truly are a bit over the top, I hope you approve of the somewhat livelier presentation. My thanks to everyone who worked on it. David Harley CITP FBCS CISSP ESET Senior Research Fellow

AMTSO in the Media: the Prequel

As I mentioned here yesterday, I launched a new AMTSO in the Media page on the AMTSO blog page yesterday. Since then, Pedro Bustamente has kindly sent me a whole bunch of links relating to events leading up to the launch of AMTSO in 2008, so I’ve created a separate sub-page incorporating those links out

A gentle reminder…

…that this blog is not the place to ask for help with product installation and maintenance (even our products). Please contact your supplier or check the Support and Contact pages on the main ESET web site (http://www.eset.com): we simply aren't generally the best people to give you product advice. And while we appreciate appreciative comments,

AMTSOspheric* Pressure

Who would have thought that an initiative aimed at increasing the accuracy and relevance of anti-malware testing would be quite so controversial? Well, it was to be expected that AMTSO (the Anti-Malware Testing Standards Organization) would generate a certain amount of controversy: clearly, the organization is not going to get everything right first time. And

Testing and Accountability

No-one believes that AMTSO has all the answers and can “fix” testing all by itself, but it has compiled and generated resources that have made good testing practice far more practicable and understandable. The way for testers (and others) to improve those resources is by talking to and working with AMTSO in a spirit of co-operation: the need for transparency is not going to go away.

I AMTSO confused….

…Somewhere in this welter of misinformation, well-meant but muddled thinking, and black propaganda, there are some issues that need clarifying… Watch this space for further information. And while you’re waiting, you might want to check the documentation and other resources at the AMTSO web site to see what the organization really proposes and what it is really trying to achieve…

Adobe, Make My Day Too….

Adobe, when I disable JavaScript, STOP SILENTLY RE-ENABLING IT WHEN YOU UPDATE….

Crimeware Across the Globe

…time to share it here: not only for its insights into the Latin American crimeware scene, but even more so as a neat summary of the way in which global crimeware is distributed regionally…

Tidy TDSS (TDL3) Paper

…Aleksandr Matrosov, Senior Virus Researcher, & Eugene Rodionov, Rootkit Analyst, … have allowed us to share a long and comprehensive report on the TLD3 rootkit…

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.