Author
Stephen Cobb
Stephen.Cobb
Stephen Cobb
Senior Security Researcher
Go to latest posts

Education: CISSP (1996)

Highlights of your career? The Stephen Cobb Guide to PC and LAN Security (1992); The first anti-spam router (2001); Privacy for Business (2002)

Position and history at ESET? Joined ESET: 2011. Current title: Senior Security Researcher

What malware do you hate the most? State sponsored.

Favorite activities? Reading and writing, and some arithmetic.

What is your golden rule for cyberspace? Don’t put anything on the Internet you wouldn’t want your mother to see.

When did you get your first computer and what kind was it? 1982 KayPro II portable computer with dual floppy drives, weighing 26 lbs or 12 Kg.

Favorite computer game/activity? Reading Wikipedia.

Tax Identity Theft Awareness Week in the US

As Tax Identity Theft Awareness Week in the US gets underway, ESET’s Stephen Cobb offers expert advice on how to protect yourself from fraudsters.

What does Fitbit hacking mean for wearables and IoT?

Wearable activity tracking devices like those made by Fitbit were one of the hottest gifts this past holiday season and it appears criminal hackers were paying attention, ESET’s Stephen Cobb reports.

Wearables: where’s the security risk?

At a recent conference on “the future of wearables” I was asked to speak about security. I think my presentation surprised some people because I didn’t focus on the security of wearable devices themselves. This article summarizes what I said, with a link to my slides and some free resources you might find helpful. For

The great car hacking debate

Can cars be hacked remotely or is the idea of remotely hackable cars still only a hypothetical threat? Evidence is presented to help answer this question.

Viruses, bulletins, surveys, and gender: hashtag #VB2015

Virus Bulletin 2015 in Prague could be the biggest ever, a great place to discover the latest developments in malware protection and information security, and address issues like the infosec skills gap.

An Ashley Madison response plan: does your company have one?

The Ashley Madison data breach has created fresh cybersecurity threats for all organizations. A company response plan is needed. Here’s what you need to know.

NICE news about the cybersecurity skills shortage (and a call for papers)

The cybersecurity skills gap is a security problem and in the US the National Initiative For Cybersecurity Education (NICE) is seeking to reduce that gap.

Black Hat 2015: What to watch out for, besides cars and guns

It’s not all about crashing cars and hacking guns: what’s hot at Black Hat 2015 USA (#BHUSA) and how to get the most from the event.

Hacking Team and other breaches as security lessons learned

Recent aggressive hacks on companies underline the need for good risk analysis, situational awareness, and incident response. Just ask AshleyMadison, Hacking Team, and Sony Pictures.

Cybersecurity and manufacturers: what the costly Chrysler Jeep hack reveals

As the cost of fixing security mistakes in Jeep Chrysler Dodge vehicles mounts, so does the need for manufacturers to weigh cybersecurity risks in the product development process, alongside features and benefits.

Cybercrime update: take downs, arrests, convictions, and sentences

Information security could use some good news right now, something to offset the string of bad news about data breaches and system vulnerabilities; so how about this: “Cyber Criminal Forum Taken Down, Members Arrested in 20 Countries”.

What I learned at Cyber Boot Camp (Instructor Edition)

Teaching computer security to highly motivated students at Cyber Boot Camp reveals a lack of basic computer science education in California Schools.

What I learned at Cyber Boot Camp this summer: 7 lessons

The annual Cyber Boot Camp in San Diego aims to develop the skills, mindset, and moral code required defend networks against criminal abuse. Here are just seven of the many lessons students learned at this year’s event.

Cyber Boot Camp: a head start for tomorrow’s cyber workforce

Every June, a select group of students from high schools and middle schools in San Diego County, California, get five days of intense education in the art of defending computer systems.

Batman v Superman: Dawn of Cybercrime Justice?

The fight against cybercrime could use some superheroes, but who would do a better job: Batman or Superman?

Cyber risk analysis, assessment, and management: an introduction

Risk analysis is the first step towards managing risks, particularly when it comes to cyber risks. This recorded webinar introduces and explains key concepts, with links to several useful risk assessment tools.

The wider world of security research output: webinars

Security research is published in many forms. For example, there are live and recorded webinars that cover a range of cybersecurity topics.

National Small Business Week: a cybersecurity survival guide

It’s National Small Business Week in the U.S. and, because properly protecting the digital assets of your small business could be vital to its success, here’s a cybersecurity survival guide.

OFAC! An acronym that cybersecurity professionals need to know

OFAC will soon be enforcing economic and trade sanctions against individuals and groups outside the United States that use cyber attacks to threaten U.S. foreign policy, national security or economic stability.

RSA Conference 2015: too much technology and not enough people?

Major themes of the 2015 RSA Conference: the degree to which the deployment of digital devices is outpacing our ability to deploy humans with the necessary skills and knowledge needed to secure data and systems.

What’s behind the rise in cybercrime? Find out from this recorded presentation

Home Depot says it was hacked to the tune of 56 million payment cards. What is behind the current wave of cybercrime? This recorded presentation offers answers and some defensive strategies for organizations at risk.

The state of healthcare IT security: are Americans concerned enough?

The privacy and security of medical records is a matter of concern to many Americans now that most are now stored electronically, but is there cause for concern? And who is most concerned?

Malware is called malicious for a reason: the risks of weaponizing code

The risks of using government use of malicious code in cyber conflict are examined in this paper by Andrew Lee and Stephen Cobb: Malware is called malicious for a reason: the risks of weaponizing code.

Could latest NSA revelations further impact online behavior, denting the economy?

Internet surveillance by America’s National Security Agency (NSA) has been further exposed by two new developments: the analysis of leaked NSA surveillance reports and the XKeyscore targeting code. Will these stories increase the number of Internet users who say they are inclined to reduce their online engagement due to the activities of the NSA and GCHQ.

Facebook may face FTC fines over research into users’ emotions

With EPIC filing an FTC privacy complaint against Facebook, which is already the subject of a Consent Order due to a previous privacy settlement, the social network could be facing a hefty fine for emotion-based manipulation of the Newsfeed for research purposes.

Follow us

Copyright © 2016 ESET, All Rights Reserved.