Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

More Info

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

AVIEN and Testing

Some readers will be aware of my long-standing connection with the Anti-Virus Information Exchange Network (AVIEN) at http://www.avien.net (I hold the title of Chief Operations Officer there). AVIEN has now instigated a member’s blog at http://www.avien.net/blog, and I’ve put up a couple of blogs today on testing to help kick it off (Andrew Lee, my former

Truth, Fiction and HTTPS

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

VB 2009: Another View

Greyware: Trust Me, I’m a Lawyer

Since I’ve just spent several days at a major conference, you might have expected a flurry of blogs about it. And indeed, there’s a lot more I hope to say about VB 2009, but I’ve been beset by a number of other issues that have demanded my attention, in and out of the blogosphere.  I did rather hope

Microsoft Security – Essential?

People keep asking me about Microsoft’s newly released Security Essentials free anti-malware (formerly known as Morro). Randy and I both blogged about it at some length back in June – see http://www.eset.com/threat-center/blog/category/microsoft-security-essentials and http://www.eset.com/threat-center/blog/2009/08/03/more-free-lunches, for instance – but there’s still a lot of interest in the impact that the product is likely to have on ESET

Making Malware

McAfee Avert Labs has been advertising a "Malware Experience" session for the "Focus 09" security conference, which offers attendees the chance to "to work with a Trojan horse, commandeer a botnet, install a rootkit and experience first hand how easy it is to modify websites to serve up malware." Actually, this text has been modified: it

Postcard from Geneva

Virus Bulletin 2009 is now in full swing, though meetings and other issues have kept me from seeing as much as I’d like. Still, excellent opening and keynote speeches, and a very interesting talk on cyber-insurance from Pascal Lointier. (A bit of a first for me: though I’ve been attending VB most years since 1996 and

Genial Geneva and a note for Francophones

Bonjour mes amis! Well, I am in Switzerland, and very close to the French border, for the Virus Bulletin conference – perhaps the most eagerly anticipated event in the anti-malware researcher’s calendar. How sad is that? I also thought you might like to further extend your French skills on an article here, about a presentation

That BT Scam Again

A few days ago, I mentioned an email chain letter that’s going round in the UK about a scam where where "the bad guy poses as a telephone company operative and threatens to cut off service unless the panicked recipient of the call immediately pays an allegedly unpaid bill. Faced with a sceptical potential victim,

Hold the jemmy a second, I need to check Facebook

The Journal of West Virginia reported yesterday that 19-year-old Jonathan G. Parker was charged on Tuesday with felony daytime burglary. He’s alleged to have stolen two diamond rings worth more than $3,500, but to have taken some time out to access his Facebook account on the victim’s laptop. If the report is correct, it seems that

Yahoo! Group Spam Handling

So, in case you were wondering about the progress of my abuse report to Yahoo!, I did indeed get a response within 48 hours, thanking me for my communication, assuring me that they’d investigate, and informing me that they wouldn’t be letting me know about the outcome of that investigation, as they don’t disclose information about

Yahoo Group Spam

There’s nothing particularly new about Yahoo! group spam (no, wait, don’t go yet!) and I haven’t wasted much time on it so far, as what I’ve seen is pretty crude But I’ve been noticing an increasing number of emails to one of my most visible accounts welcoming me to groups with random names: stuff like

Risk Report – Should Try Harder

SC Magazine has reminded me today of a new report on the top current security risks, jointly published by SANS, TippingPoint, who provided the attack data, and Qualys, who provided vulnerability data. With impressive modesty and finely-tuned understatement, Alan Paller of SANS describes it as the "best risk report ever". Well, with added analysis and educational

CFET paper added to White Papers Page

We’ve just added my paper "The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic" to the White Papers page at http://www.eset.com/download/whitepapers.php. This paper follows up on "A Dose By Any Other Name", which Pierre-Marc and I presented at Virus Bulletin last year and goes some way towards explaining (I hope…) why sample glut

Fake ICE and Hot ICE

Randy’s post yesterday about putting an "In Case of Emergency" (ICE) prefix in front of one or more entries in the contact list on your cellphone rang a particular bell (sorry!) with me. I first came across the idea around 2005, when the idea was first launched by the East Anglian Ambulance NHS Trust in

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

9/11 – Nothing Is Sacred to Scammers

Here in the UK we’ve seen quite a lot of media attention (TV movies and documentaries and so on) relating to the 9/11 attacks, so I’m sure there’s a lot more happening in the US, today of all days. Sky News (http://news.sky.com/skynews/Home/World-News/September-11-Terror-Attacks-New-Video-Of-Plane-Crashing-Into-South-Tower-9-11-Memorial-And-Museum/Article/200909215379149) has published an article that includes a link to a video clip of the

Not all Mac users are naive about security

I’m often exasperated by blinkered mindsets in the Mac community, of the security-related kind that Randy highlighted in a recent blog. You might have picked up a certain irritation in some of my blogs around the end of last month relating to Snow Leopard and malware detection, too. So it was refreshing to come across a light

Fan Check Checks In Again?

 PC World has reported that Janakan Arulkumarasan, the creator of Fan Check says it’s non-viral, safe and legitimate, in an interview with IDG News Service.  The article quotes him as saying: "FanCheck is NOT a malicious app. Unfortunately, some malicious developers have been spreading a lie that it is — and encouraging people to download fake

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.