More Technical

White House to double jail time for hackers?

The Obama administration seems intent on pushing for stiffer sentences for hackers caught endangering national security to 20 years prison time, doubling the current sentence. A stiff penalty, to be sure, the latest in a series of volleys from D.C. to curb the flurry of recent high-profile attacks and restore confidence in the U.S. Government’s

LinkedIn Privacy: An Easy How-to Guide to Protecting Yourself

Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy

The Social Networking/Cybersafety Disconnect

Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%

419: UK lets the Good Times Roll

…It’s a 419 (Advance Fee Fraud) message, of course. Stripped of the pseudo-governmental flim-flam, the core of the message is that they want you to forward them this…

New your.brand domain names to increase phishing?

ICANN has just approved a new batch of individualized TLD’s (Top Level Domains), so now you can register your.brand, whatever yourbrand is, instead of the usual, .net, etc., if you can prove to ICANN you deserve it. The problem? Users tricked by similar looking domain names have long been a boon for phishing exploits,

#1 Bitcoin Exchange Data Breached

Mt. Gox, the most popular Bitcoin exchange, has had a database compromised and user information stolen, sparking rapid devaluation and temporary exchange freeze to halt the slide. According to a Mt. Gox breach notification e-mail sent to users on June 19th: “Our database has been compromised, including your email. We are working on a quick

Thank you, fans….

So, a (long) while ago I wrote about the Haiti earthquake, with some commentary about the intersection between natural disasters, Black Hat SEO, scare tactics for education in good security practice, plus some links relevant to the earthquake. Well, I'm certainly not ashamed of that blog, though I haven't thought about it for a long time,

Anti-Phishing Day

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,

Support Scams: Cold Calls, Cold Hearts

Here's a diagnostic window that your shouldn't panic over, certainly if some cold-calling scammer directs you to it by persuading you to run a diagnostic on your own system. But I'm getting ahead of myself. You might think I've blogged more than enough about support scams already – you know, where someone calls you out

The Good Virus: White Knight or Red Queen?

I encountered an old acquaintance today. Tip of the hat to Peter Radatti for pointing me towards an article by John Breeden II that proposes a very familiar idea: the Good Virus. (One that also often pops up in the form of the Good Worm, such as the various hues of Code that were proposed

Bitcoin “wallet” hacked – heisted $500K?

Old western cowboys beware, this heist didn’t happen with a stagecoach at gunpoint, it’s a new era out there. A user, going by the username allinvain reports he had 25,000 Bitcoins (BTC) stolen when his computer was infected. At the current BTC exchange rate, that haul would net about $500,000. Not too shabby for a

Got Hacked? You have 48 hours to fess up

Or so the current legislation being proposed in a U.S. House of Representative subcommittee would like it. A hearing scheduled for today at the House Energy and Commerce Committee’s Commerce, Manufacturing, and Trade Subcommittee centered around draft legislation proposed by Rep. Mary Bono Mack (R-Calif.) hoping to accomplish a security baseline companies must adhere to,

I Can Neither Confirm nor Deny

As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?” What do all of these links below have in common? You don’t have to read them, I’ll tell you..

TDL file system

@RedNose commented on the blog I put up recently about the tool my Russian colleagues have made available for dumping TDL's hidden file system: I'm going to respond here in case anyone else is confused about this. "I ran the tool and it did not show anything. Does it mean that TDSS is not present?"

The Next Stuxnet

…the ‘next Stuxnet’ probably won’t be any such thing, whatever we may choose to call it…

Why the IMF breach?

In the absence of any detailed information from the IMF itself, it’s not surprising that most of the surmise around the attack is based on internal IMF memos quoted by Bloomberg, and much of it is rather tenuous.


…if you’re a Facebook user, you might want to try the CTAC Facebook page. I’ve taken to posting links to CTAC output there at the same time as I tweet it…

The dollar cost of a data breach

Euro, pound, yen and yuan, no need to feel left out, no physical border has stopped the possibility of data breach so far. Still, here in the U.S. it’s a key factor in many technology budget/risk calculations. So just what does it cost to get hacked? A recent article from the Ponemon Institute has attempted

Fake Windows Updates Are Easy to Avoid

Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product. The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we

Like FireSheep? You Will Love FireTweet!

OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications

Follow us

Copyright © 2015 ESET, All Rights Reserved.