Author
David Harley
David Harley
Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

More Info

Irish Ransomware Report

Well, that was a little unexpected. The Irish Times has reported the discovery of the “first Irish language virus“. (Further checking suggests that the story may have originated with the Donegal Daily.) Actually, it sounds less like a virus – there’s no indication of whether it self-replicates – than the kind of ransomware that we’ve

ATM Security? Don't bank on it.

The odds against losing money may be better with cash machines than fruit machines, but why neglect simple, obvious precautions?

Finfisher and the Ethics of Detection

AV companies obey the law and cooperate actively with law enforcement. That doesn’t mean they turn a blind eye to government spyware.

Support scams and Quervar/Dorifel

More information about how tech support scammers have been using the Quervar/Dorifel outbreak to trick Netherlanders into giving them access to their systems and credit cards.

AMMYY warning against tech support Scams

Ammyy is eager to disassociate its service from Indian tech support scammers misusing it, and has some good advice for victims and potential victims.

Carbon Dating and Malware Detection

Carbon Black assert that if an AV company doesn’t detect malware within six days of its being flagged on Virus Total, it probably won’t after a month. Is that as dangerous as it sounds?

Bad password choices: don't miss the point

Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of

Dorifel/Quervar: the support scammer's secret weapon

The threat of the Dorifel/Quervar malware spreading in the Netherlands is being used by telephone scammers to trick local PC users into paying for ‘protection’.

Support Scammer Anna’s CLSID confusion

Scammer Anna claims to be from Global PC Helpline, and certainly that site seems to be confused about what it is and where it operates from.

Misusing VERIFY (and other support scam tricks)

After Event Viewer, ASSOC, INF, PREFETCH and Task Manager, it seems that VERIFY is the latest system utility to be misused by PC tech support scammers.

Rakshasa hardware backdooring: the demon that can't be exorcized?

Jonathan Brossard describes an ‘undetectable, unremovable’ attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn’t convinced.

The Tech Support Scammer's Revenge

Giving a support scammer access to your PC can give you more problems than any imaginary virus, especially if you refuse to pay for his ‘service’.

Passwords of Plenty*: what 442773 leaked Yahoo! accounts can tell us

If a service leaks your credentials, your options are limited, but changing all your passwords to something harder to guess/break is never a bad idea.

DNSChanger: lies, damn' lies and telemetry statistics

First the panic, then the accusations of hype. Can we really estimate the impact of DNSchanger yet?

DNSChanger mini-FAQ

Some brief answers to questions about the server shutdown that will affect tens/hundreds of thousands of DNSChanger victims on 9th July.

Support scams: social engineering update

More cold-call/support scam information.

Support Scammer Update: Misrepresenting Task Manager

David Harley describes a support scam that uses a slightly different twist, misrepresenting the output from Windows Task Manager.

ZeroAccess? Much too much access…

Why the ZeroAccess rootkit family modifications are important to the end user.

Sharing versus Security: Driving without Brakes

Does the enterprise still have a choice about sharing information?

Passwords and PINs: the worst choices

It’s important to know the worst password choices, but also the worst choices for numeric passcodes.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.