[UPDATE #1:  (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device.  Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide.  AG] December is upon us, and whether you have a Christmas tree, menorah,

On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,

News of SMS (text) phishing scams are nothing new to readers of this blog.  ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

Employee use of personally-owned computing devices for work-related purposes–known as Bring Your Own Device or BYOD–is not a new trend and security professionals have been concerned about it for some time, but there is a widely held view that the trend has been transformed of late. Why? Waves of mobile digital devices flooding into the

I have a theory that says improving information system security–the security of our operating systems, network connections, and applications–just means the bad guys will focus more attention on our endpoints, the digital devices we use to access the information and systems we need to do our work. Furthermore, as we improve endpoint security technology, the

Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, throwing in a law enforcement scare. In this latest scam, an official-looking banner appears on infected machines, purporting

Awhile back we posted findings of a Harris poll showing public perception of Internet security, with some interesting results. This time we take a look at whether respondents perceive the Government and/or their schools have an implicit responsibility, or whether it lands squarely on their shoulders in the end (or should). Both schools and government

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer

So who’s to blame? First and foremost, the victimizers. Well, persistent victims, yes. And anyone in the security industry who pushes the TOAST principle, the idea that all you have to do is buy Brand X and you never have to take responsibility for your own security. Though, of course, “who’s to blame?” is the wrong question: what matters is “how do we fix it?”