Bypassing code signing policy: welcome to the (Eko)party

ESET researchers Aleksandr Matrosov and Eugene Rodionov just gave a talk on Defeating x64: Modern Trends of Kernel-Mode Rootkits

SSL: Threatened by a BEAST of Prey

SSL isn’t hopelessly broken, but the widespread use of TLS 1.0 means that SSL cannot be regarded as fully “secure”

Facebook Privacy: An Easy How-to Guide to Protecting Yourself

Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook.  Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government.  When many people use a service such as this, it

English Version of HTTPS video

As promised earlier (see an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at  Those earlier blogs again:   Thanks, Sebastián! David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC ESET Threatblog (TinyURL with preview enabled): ESET Threatblog notifications on Twitter:

HTTPS revisited – Spanish video

Further to our blogs on HTTPS and SSL certificate issues – see and – Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS. If your Spanish is better than mine, you can check it out here. However, we’ve been working on an

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register ( of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Truth, Fiction and HTTPS

Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only

Follow us

Copyright © 2015 ESET, All Rights Reserved.