Education? Academic background in modern languages, social sciences, and computer science.
Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.
Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.
What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.
Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...
What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.
When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)
Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.
As an earlier article here noted, the recent report from the Commission on the Theft of American Intellectual Property shows a great deal of concern about the “scale of international theft of American intellectual property” which it estimates to be “hundreds of billions of dollars per year.” However, there’s also been a certain amount of
Recently we realized that from time to time when people find a live link in one of our blogs, they click on it to see where it goes, even though the context might suggest that the link could be malicious. So we thought it might be a good idea to set up a link so
Stop me if you’ve heard this before… While I was in London recently for the InfoSec exhibition and some other meetings, my wife received a call from a lady with a heavy Indian accent, who told her that she had errors on her computer caused by viruses, and offering to remove them for her. For a fee, of course…
The new ESET blog format must be striking a real chord with people. At any rate, job offers are just pouring in. Except that they don’t seem to be jobs for security bloggers, or for web developers like the team that maintains this site.
Below, you can see the textual part of a bank phishing email I received today (it also contained a Smile logo, which was the only graphical content). Here’s the message text from the phishing email: Dear Account Holder, Do you know that with Smile Internet banking, you can eliminate the cost of receiving and transferring
Issues with malware are always with us. There may or may not be a current media storm, or companies hoping for a slice of the anti-malware pie by proclaiming the death of antivirus in a press release, but AV labs continue to slog their way every day through tens of thousands of potentially malicious samples.
Correct identification of an individual using a computer or service is important because it represents the accountability of the person identified. If you know my username on a computer system, you can check on what I do on that system through an audit trail, and I can therefore be held accountable for those actions. However,
[Update 2: a note for Mac users in Turn off that Java Lamp. And Brian Krebs notes that Oracle Ships Critical Security Update for Java] [Update to a link at java.com offering more information on disabling Java in web browsers.] This is a quick pointer to blogs posted by our colleagues in Spain and in
Apparently we posted 235 blogs here in 2012, just a fraction under 20 blogs per month on average. So this would be a perfect moment to produce one of those summaries of the year’s activities that wordpress.com provides, telling you how many people viewed your blog site and how many times they’d go round the
Apache modules are add-on code taking advantage of the Apache module API to extend the functionality of the standard Apache distro. In this case, the binary’s functionality was malicious, but there is no exploitation of a known Apache vulnerability in this case.
If sensitive information is stored on your hard drive (and if you don’t have -something- worth protecting on your system, you’re probably not reading this blog…), protect it with encryption. Furthermore, when you copy or move data elsewhere, it’s usually at least as important to protect/encrypt it when it’s on removable media, or transferred electronically.
[Update info moved to new blog post on 6th January] In deference to all those old enough to get a panic attack when reminded of how bad pop music was capable of being in the 1970s, I’ll try to overcome by the urge to mention “Chirpy Chirpy Tweet Tweet”. Anyway, to business. Having all the
Speaking of SANS, the Internet Storm Center has more than once talked about problems with digital photo frames, and at Xmas did so again with reference to the well-publicised Samsung incident. The San Francisco Chronicle came up with a story a couple of days ago that was even more alarming, and not only in the volume
Don’t disclose sensitive information on public websites like FaceBook or LinkedIn. Even information that in itself is innocuous can be combined with other harmless information and used in social engineering attacks. Rather than expand on that point, for now, I’m going to point to another “10 ways to protect yourself” resource: the more good advice
Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance, so that email appears to come from someone other than the real sender (who/which may in any case be a spam tool rather than a human being). Basic SMTP (Simple Mail Transfer Protocol) doesn’t validate the sender’s
Use different passwords for your computer and on-line services. Also, it’s good practice to change passwords on a regular basis and avoid simple passwords, especially those that are easily guessed. As Randy pointed out in a recent blog, it’s debatable whether enforced frequent changes of hard-to-remember passwords are always constructive (they can force the user to write down
Log on to your computer with an account that doesn’t have “Administrator” privileges, to reduce the likelihood and severity of damage from self-installing malware. Multi-user operating systems (and nowadays, few operating systems assume that a machine will be used by a single user at a single level of privilege) allow you to create an account
Further to my post of 25th December about the withdrawal of the CastleCops services, there’s a blog at Darkreading that includes more information, including some quotes from Paul Laudanski, who was, with his wife Robin, the driving force behind the organization: also quotes from our own Randy Abrams, David Ulevitch of PhishTank, and Garth Bruen
Lots of fuss was made about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5
Here’s the second instalment of the “ten ways to dodge cyberbullets” that I promised you. Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product update sections on their web sites. This point is particularly relevant right now, given the escalating volumes of Conficker that we’re
It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published
I’ve just picked up a comment to a previous blog that pointed to what I presumed to be a malicious URL. We’re grateful for all such information, but for obvious reasons, we won’t approve comments that point to malicious code! You can find information here about how to forward malware samples, malicious URLs or false positive
This is a sad item for Christmas Day morning. Castlecops have been making considerable efforts to fight crime on the Internet in many areas (surviving many an attack from the bad guys in the process) for a long time, but seem to have suspended the service on 23rd December. I hope there’s nothing more sinister
I promised you some more thoughts on the AVAR conference. Randy Abrams and I put together a paper on user education for the conference (it should be up on our White Papers page quite soon) about the argument between the two main camps in security thinking on the topic. You could sum it up as
It probably isn’t news to you that there’s been an issue with Internet Explorer and a recently-discovered vulnerability that exposes users of the application to a range of attacks. Certainly we’ve been getting lots of enquiries about our ability to detect it, and I suspect other vendors are getting the same barrage of questions. Of
Given our recent attempts to keep the blog flow more consistent, you might have noticed that we’ve been very quiet for the past couple of weeks. That has a lot to do with the fact that Randy Abrams and I have been in India for a meeting in Chennai, followed by the AVAR (Association of
December’s Virus Bulletin includes a comparative test for a number of products on the Windows Vista x64 platform, giving us our 53rd VB100 award. To get a VB100, a product needs to detect all “In the Wild” viruses on-demand and on-access, with no false positives. Note that “In the Wild” here refers to replicative malware
You may be aware that in addition to our semi-annual global threat trends reports, we also do a monthly report. Much of this report is trend analysis based on data from our ThreatSense.Net threat tracking system. ThreatSense.Net® is an advanced threat tracking system which reports detection statistics from tens of millions of client computers around the
Round here, we’re mostly concerned with the malicious and programming kinds of bug. But as an avid watcher of Spooks*, I couldn’t resist sharing with you an item in the Telegraph about a samovar presented to the British Royal Family about twenty years ago. Apparently, after a surveillance sweep of the Queen’s estate at Balmoral, the
Retrospective or “frozen” testing involves testing the ability of one or more products to detect threats proactively, using techniques such as advanced heuristics rather than signature detection.
Sign up to our newsletter
The latest security news direct to your inbox
Add this code to your site