The Dynamic Duo for Securing your Android: Common Sense and Security Software

On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,

.ASIA domain name scams still going strong

Today I received the following message in my inbox, claiming to be from the Asian Domain Registration Service and warning me that the eset brand was in danger of being registered by a third-party.   Here is the message I received, which I’ve included in its entirety, except for a few bits: Received: from mail.umail168.cn4e.com

SMSmishing Unabated: Best Buy targeted by fake gift card campaign

News of SMS (text) phishing scams are nothing new to readers of this blog.  ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen

Guarding against password reset attacks with pen and paper

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

Security awareness, security breaches, and the abuse of "stupid"

Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better. Consider the

More Cybersecurity Awareness: Webinars, symposium, contest, and more

Cybersecurity Awareness Month is rolling on and I wanted to share some updates, from a free cybersecurity webinar series to a one-day symposium and a YouTube video contest (with great prizes, of course). Now in its eighth year, Cybersecurity Awareness Month takes place every October in the U.S. and I think it's finally getting the

LinkedIn Privacy: An Easy How-to Guide to Protecting Yourself

Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy

Anti-Phishing Day

Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,

Why the IMF breach?

In the absence of any detailed information from the IMF itself, it’s not surprising that most of the surmise around the attack is based on internal IMF memos quoted by Bloomberg, and much of it is rather tenuous.

An ethical dilemma

Update: It seems like the initial article is inaccurate and that Paul Rellis never made any such comments about a 14 year old breaking into the X-Box live servers and have not offered to mentor him http://kotaku.com/5805742/microsoft-is-helping-an-xbox-live-hacker-develop-his-talent TekGoblin reports (http://www.tekgoblin.com/2011/05/27/14-year-old-call-of-duty-hacker-hired-by-microsoft/) that a teenager who broke into the Call of Duty Modern Warfare 2 gameservers last

No chocolates for my passwords please!

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a

Comment Spammers Welcome

…one interesting trend in blog comment spam that I’ve noticed in recent months is that a number of comments are obviously intended to push a product or site, but contain content that is actually relevant…

What are Heuristics?

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as

What’s the Difference Between Facebook Security and Bigfoot?

The difference is that there have been reported sightings of Bigfoot. The keynote address at the Virus Bulletin conference today was given by Nick Bilogorskiy, a member of the security team at Facebook. To start with, I have known Nick for several years and I can tell you that he is very intelligent and a

Cybercrime and Cyberwarfare: Warnings Unheeded?

Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when

Please do not change your password – The Boston Globe

I find it hard to not be shocked at a headline like this… Then I remembered the recent top cybercrime city survey conducted by one of our competing software vendors which had Boston ranked the SECOND HIGHEST risk city in the entire United States. I’m also not one to simply lie down and let cybercriminals

Facebook Newbie | Good Practices

Since our April ESET news has already been dominated by Facebook and Koobface an updated Facebook best practices wrapup seemed in order. Facebook Newbie? Read This First While most of us involved with this blog are old hands at implementing security, sometimes it’s hard for others to process the do’s and don’ts. Michelle Green contributed

Senate Bill 773: What it means for Cyber Security and Cybercrime

Allow me to frame the threat of cybercrime that we all face by quoting from Jeff Debrosse’s 2009 Cybersecurity Review white paper: Cybercriminals are global and often well organized. They are smaller and more maneuverable than most corporations. Some are sheltered by certain G8 economic countries’ policies and laws. Their thefts fuel their home country’s


The NCSA (National Cyber Security Alliance) just released the detail of a survey of educators and technologists concerning both cybersecurity and cyberethics education in the schools. Cyberethics is prevention. It attempts to decrease cybercrime by teaching that it really is still crime and not very nice.  Cybersecurity is teaching defense. If I covered the whole

So, You Think You are Smart?

Recently I blogged (Once Upon A Cybercrime…) about a survey ESET commissioned which indicated that Mac users are victims of cybercrime as often as PC users. This finding was not the main point of the survey, but was an interesting finding. The survey is titled “Securing Our e-City National Cybercrime Survey” and was commissioned to

Follow us

Copyright © 2015 ESET, All Rights Reserved.