[Part 6 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Social Networks Can Be Very Anti-Social Don’t disclose sensitive information on websites like FaceBook or LinkedIn if you can’t be sure that you
As more information and discussion has come in on this, it now merits an update in its own right. It seems that there is at least one other unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing
* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for
[Update: There's been quite a lot of discussion and extra information coming in on this. It seems to me that there is at least one unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing an application when
You may have seen the news that Facebook is teaming up with McAfee to improve security. Frankly, providing users with McAfee’s product is not likely to do much in terms of improving security. Facebook users all over the world have access to free and paid solutions, so this isn’t likely to make a big difference.
Social networking sites have become living biographies of people and may set them up for social engineering attacks. From time to time I enjoy looking to see what I can find out about people who send question to me using the AskESET@eset.com address. I won’t ever name names, but I wanted to share one example.
[Update: I had a couple of machine crashes while I was writing this, and only just realized that a pointer to Allan Dyer's excellent article at http://articles.yuikee.com.hk/newsletter/2009/12/a.html hadn't survived to the final version. Which is a pity, because it's very relevant, and well worth reading.] Over the weekend, I posted a blog on the AVIEN site
This blog is a bit of an oddity. ESET UK were approached by Dan Damon, a reporter putting together a piece about “the complications of a digital world when someone passes away”, asking if there was someone at ESET who would be interested in being interviewed for BBC1 radio on the subject. The request got
TheJournal of West Virginia reported yesterday that 19-year-old Jonathan G. Parker was charged on Tuesday with felony daytime burglary. He’s alleged to have stolen two diamond rings worth more than $3,500, but to have taken some time out to access his Facebook account on the victim’s laptop. If the report is correct, it seems that no
Update: Lysa Myers, of West Coast Labs, has confirmed that she knows of a number of people who’ve used the application and didn’t see anything fishy happening. It did offer to send emails outside Facebook but didn’t insist on it, so it’s hard to see where the messages from unapproved contacts are coming from. I’ll