[I told you these links were cursed: thanks to Daniel Schatz for pointing out a further problem. Tip of the hat to Kurt Wismer for pointing out the issue on the AMTSO blog, and another to Julio Canto for alerting me to the story in the first place.] Danny Quist posted an interesting article at

As you can see from this photo from the Infosecurity Europe show, my sessions down at the gym are really starting to pay off. :) As I mentioned previously, the update process on the monthly ThreatSense Report continues, and the April report is now available here. While the usual look at the top ten security

  Some of us are currently busily preparing for the AMTSO workshop in Helsinki on the 24th and 25th May 2010, just before the CARO workshop on 26th and 27th May (for which registration closes on 12th May). Before the Helsinki events, though, the EICAR conference in Paris includes some interesting testing-related material before and during the main conference.

If you regularly follow my blogs, you'll know that while this my primary blogspot, it isn't the only site to which I post (see signature for full details). Here are a few recent blogs and microblogs that may be of possible interest. @Mophiee asked me about the ICPP Trojan on Twitter (where I'm @ESETblog or

Just a quick note to draw your attention to a couple of new documents that have just become available. "AMTSOlutely fabulous" (sorry – it seemed like a good idea when I wrote it…) is a review of what the Anti-Malware Testing Standards Organization has achieved so far and what it might achieve in the future. It's

We're not really set up to use the ThreatBlog as a full strength Questions and Answers resource, but we got so many questions after my blog yesterday about April 1st hoaxes that I feel obliged to try to answer some of them. There is no truth in the rumour that the eCity of San Diego

AMTSO (the Anti-Malware Testing Standards Organization) has published its review analysis of the Endpoint Security Test that was published by NSS Labs on September 8, 2009. The Review Analysis published on March 17, 2010 compared AMTSO’s Fundamental Principles of Testing to the NSS Labs report and found that it doesn’t comply with two of the nine AMTSO

There was an AMTSO (Anti-Malware Testing Standards Organization) panel session here at RSA, where Larry Bridwell, Righard Zwienenberg, Andreas Marx, Roel Schouwenberg and Neil Rubenking talked about AMTSO and what it does (and what it hopes to do). And I added to my list of qualifications for being involved with the organization: current vendor representative,

Greetings, friends and fiends. I've been uncharacteristically quiet for the past couple of weeks, due to the AMTSO workshop last week in Santa Clara. There was, as usual, some lively discussion: though no papers were approved at the meeting, some are close enough to finished to be voted on shortly. (See also the AMTSO blog

* http://math.boisestate.edu/gas/mikado/webopera/mk105a.html Kevin Townsend posted a blog in response to a piece by Mike Rothman at Securosis. Mike’s piece on “The Death of Product Reviews” makes some pretty good points about security product reviews in general. Kevin’s piece is more specific to anti-malware. He too makes some useful discussion points about the value or otherwise