Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

More Info

My Back Pages* – Virus Bulletin papers and articles

I recently completed my 14th Virus Bulletin conference paper, co-written with Intego’s Lysa Myers, on “Mac hacking: the way to better testing?” to be presented at the 23rd VB conference in October, in Berlin. The paper itself won’t be available until after the conference, but the abstract is on the Virus Bulletin conference page here.

The London Scam and the Londonderry Air

My colleagues at ESET Ireland, report that an all-too-familiar scam is currently hitting Irish mailboxes. I’ve talked about it at some length here previously – for instance here and here – but here’s a quick summary. Someone, apparently someone you know (a friend or a family member) contacts you to tell you that they’ve been

Darkleech and the Android Master Key: making a hash of it

I made a comment recently that was subsequently quoted in a recent ESET blog – Android “master key” leaves 900 million devices vulnerable, researchers claim – and it appears that comment may have confused one or two people. What I actually said was this: “Security based on application whitelisting relies on an accurate identification of

The Fresh Prince of Bel-Where? – Academic Publishing Scams

[A shorter version of this article was originally published - without illustrations - on the Anti-Phishing Working Group’s eCrime blog.] Phishing attacks targeting academia aren’t the most high-profile of attacks, though they’re more common than you might think. Student populations in themselves constitute a sizeable pool of potential victims for money mule recruitment and other

Social Engineering, Management, and Security

A BYOD dissonance between economic imperative and loss of central control? Discontented staff susceptible to social engineering? David Harley reflects on aspects of Business Reimagined, a new book by Dave Coplin, chief envisioning officer at Microsoft UK, interivewed by Ross McGuinness in Metro.

Support Scams: we don’t really write all the viruses…

…and nor are we responsible for fake AV/scareware and (more recently) ransomware, though I did suggest in a paper I presented at EICAR a couple of years ago that the bad guys who do peddle that stuff are all too proficient at stealing our clothes, and that maybe some security companies were making it easier

Intellectual property protection and good badware

As an earlier article here noted, the recent report from the Commission on the Theft of American Intellectual Property shows a great deal of concern about the “scale of international theft of American intellectual property” which it estimates to be “hundreds of billions of dollars per year.” However, there’s also been a certain amount of

Phishing: the click of death

Recently we realized that from time to time when people find a live link in one of our blogs, they click on it to see where it goes, even though the context might suggest that the link could be malicious. So we thought it might be a good idea to set up a link so

Support scam cold-calling: the next generation

Stop me if you’ve heard this before… While I was in London recently for the InfoSec exhibition and some other meetings, my wife received a call from a lady with a heavy Indian accent, who told her that she had errors on her computer caused by viruses, and offering to remove them for her. For a fee, of course…

Job Scams: Nice Work If You Can Get It

The new ESET blog format must be striking a real chord with people. At any rate, job offers are just pouring in. Except that they don’t seem to be jobs for security bloggers, or for web developers like the team that maintains this site.

Win32/Cridex: Java pushes Cyprus into a Blackhole

Banking crisis in Cyprus is now being used in a spam campaign promoting the Blackhole exploit kit and the Win32/Cridex Trojan.

Phishbait: not so much a Smile as a rictus

Below, you can see the textual part of a bank phishing email I received today (it also contained a Smile logo, which was the only graphical content).  Here’s the message text from the phishing email:  Dear Account Holder, Do you know that with Smile Internet banking, you can eliminate the cost of receiving and transferring

Hundreds of thousands of Facebook likes can certainly be wrong

Issues with malware are always with us. There may or may not be a current media storm, or companies hoping for a slice of the anti-malware pie by proclaiming the death of antivirus in a press release, but AV labs continue to slog their way every day through tens of thousands of potentially malicious samples.

Scam conference invites: a tale of several cities

An invite to a conference in California proves to be a scam, and a very similar spam claims the very same conference is taking place in New York in March.

Who goes there? Identity and multiple authentication factors

Correct identification of an individual using a computer or service is important because it represents the accountability of the person identified. If you know my username on a computer system, you can check on what I do on that system through an audit trail, and I can therefore be held accountable for those actions. However,

Free AV and relying on the luck of the Irish

ESET Ireland’s Urban Schrott has blogged recently that “Research reveals nearly half of all Irish computers depend on free antivirus for protection”.

It’s a wonderful hoax

In a world where nothing seems to be constant but change, it’s good to know that there are, in fact, some things that change fairly slowly. Unfortunately, readiness to believe and spread hoaxes is one of them.

Mystery shopper scam: misery shopping

Money for nothing? Don’t believe it: a variation on the Mystery Shopper scam that misuses the Pinecone Research brand.

More on that Java vulnerability

  [Update 2: a note for Mac users in Turn off that Java Lamp. And Brian Krebs notes that Oracle Ships Critical Security Update for Java] [Update to a link at java.com offering more information on disabling Java in web browsers.] This is a quick pointer to blogs posted by our colleagues in Spain and in

2012 malware Top Ten and revisiting 2012’s Threatblog

Apparently we posted 235 blogs here in 2012, just a fraction under 20 blogs per month on average. So this would be a perfect moment to produce one of those summaries of the year’s activities that wordpress.com provides, telling you how many people viewed your blog site and how many times they’d go round the

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.