Author
Stephen Cobb
Stephen Cobb
Senior Security Researcher

Education: CISSP (1996)

Highlights of your career? The Stephen Cobb Guide to PC and LAN Security (1992); The first anti-spam router (2001); Privacy for Business (2002)

Position and history at ESET? Joined ESET: 2011. Current title: Senior Security Researcher

What malware do you hate the most? Reveton.

Favorite activities? Reading and writing, and some arithmetic.

What is your golden rule for cyberspace? Don’t put anything on the Internet you wouldn’t want your mother to see.

When did you get your first computer and what kind was it? 1982 KayPro II portable computer with dual floppy drives, weighing 26 lbs or 12 Kg.

Favorite computer game/activity? Reading Wikipedia.

More Info

Privacy and Security in the Consumer Cloud: The not so fine print

The consumer cloud expanded again this week with the addition of Google Drive to more familiar brands like Dropbox, Microsoft SkyDrive, Apple iCloud, and Amazon Cloud Drive. Unfortunately, most of these cloud-based file storage services come with privacy and security caveats, often involving language such as "You give us the right to access, retain, use

QR Codes and NFC Chips: Preview-and-authorize should be default

What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is bound to be abused, if not already, then sometime soon. This happens to every new means of communication; QR and

Will of the WISP: Your company’s Written Information Security Program

Does your company have a written information security program? If not, you could be an easy target for cybercriminals AND end up on the wrong side of the law, regardless of where your company is located or what size it is. Which law? Something they passed about two years ago in the Commonwealth of Massachusetts,

Mac Flashback Trojan: If you use Java the time to patch your Mac is now

If you are a Mac user and you have Java installed on your Mac, then right now would be a good time to run Software Update… from the Apple menu to make sure you have installed the latest Java for Mac OS X update. Installing this update will help protect your Mac from a malicious

BYOD Infographic: For security it's not a pretty picture

The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data. As we first reported here on the blog a few weeks ago, ESET commissioned a

Saturday Night Backup Fever, Internet Apocalypse Now

If you use a computer and/or the Internet you might want to think twice about heading to the disco or the movies or whatever else you had planned for this Saturday night and spend the evening backing up your data instead. Why? Three reasons, starting with the fact that today is World Backup Day. Sure,

Spring Brings Tax-related Scams, Spams, Phish, Malware, and the IRS

Spring is here and that means scam artists are thinking about income taxes and the IRS. Not that scam artists pay income taxes, they just know taxes and any mention of the IRS is a good way to get your attention, which explains a steady stream of deceptive emails targeting tax-paying Americans who now have

Facebook logins toxic for employers, violate security and privacy principles

Attention CEOs and HR Managers: Facebook login credentials belonging to current or prospective employees are not something that any employer should request, use, or posses. Why? Apart from the violation of security and privacy principles? The risks far outweigh any benefit you imagine you could gain by logging into a social media account that does

Google's data mining bonanza and your privacy: an infographic

Do you use Google? These days the question sounds almost absurd. If you use the Internet, or an iPhone, or an Android phone, or a Kindle or an iPad, then of course you use Google in some shape or form. And if you take a keen interest in how your personal information is used, you

Changing how people see the malware threat: images can make a difference

This is a just a short post to make available the security awareness slides that I was using at the RSA Conference in San Francisco last week. Several people asked me for copies to use in their own awareness efforts and I am more than happy to oblige. I believe these slides can be effective

Information Security Disconnect: RSA, USB, AV, and reality

The world's largest information security event, the annual RSA Conference, is over for another year. Most of the more than 18,000 people who attended the 2012 gathering are probably back home now, getting ready to go into the office. What will be top of mind for them, apart from "How did I manage to survive

Security awareness, security breaches, and the abuse of "stupid"

Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better. Consider the

Cookie-stuffing click-jackers rip off Victoria's Secret Valentine's giftcard seekers

Thinking of going online to get a Victoria's Secret giftcard for your Valentine? Be careful where you look! Some Google search results are rigged, especially image results. And some innocent-looking links are part of fraudulent activities such as cookie-stuffing and click-jacking. Below is a short video that shows what happens when you click on one

Endpoint Security Webinar: Protecting your network at the sharp end

I have a theory that says improving information system security–the security of our operating systems, network connections, and applications–just means the bad guys will focus more attention on our endpoints, the digital devices we use to access the information and systems we need to do our work. Furthermore, as we improve endpoint security technology, the

Valentine's Day Scams: For the love of money

Scam artists and cybercriminals are looking to turn romance into profit now that Valentine's Day approaches, possibly taking over your computer in the process. According to ESET researchers in Latin America, we can expect the quest for love to be leveraged as an effective social engineering ploy to enable the bad guys to infect unsuspecting

How to improve Facebook account protection with Login Approvals

Privacy and security issues have generated a lot of criticism of Facebook in the past, some of which has been published here on the ESET Threat Blog. So it is only fair that we give Facebook credit for positive steps it has taken on the security front. One security measure that has impressed me recently

Tricky Twitter DM hack seeks your credentials, malware infection, and more

When a direct message pops up on Twitter stating that other people are saying bad things about you, please think twice before clicking on any links in that message. Why? Because the links are likely to take you to malicious websites that are out to steal your Twitter password. They may also try to infect

Facebook’s timeline to fraud-a-geddon?

If you use Facebook you’ve probably heard of Timeline, a “new” feature that replaces the “traditional” profile page. However, you may be confused by Timeline–I know I am–and confusion could make you the target of a growing number of Timeline-related scams. As of January 3rd, the watchful folks at Inside Facebook were reporting 16 Timeline-related

Latest round of hacktivism highlights questions at the heart of hacking

Hacktivism, the hacking of information systems to advance a social or political agenda, was clearly a major trend in 2011, which is why hactivism was noted several times in our cyberthreat predictions for 2012 (in other words, we think you're going to see more of it). That prediction was underlined by the news on Christmas

2012 Malware and Cybercrime Predictions: The video version

Exactly how people will abuse digital technology for their own ends is difficult to predict, but organizations must plan ahead to protect data and systems. That's why we have been posting our "best guess" cybersecurity predictions on the Threat Blog this month. Today we present 9 of the most important predictions in the form of

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.