Recently a security company was hired to test the security of a Credit Union. The security company (MSI) ran a penetration test and mailed a letter with a couple of CDROMS to the Credit Union. The letter appeared to come from a reliable source, but it was unexpected and the employee who received it was
I forwarded this to myself from another account yesterday because I thought it was one of the laziest 419 scam messages I’d ever seen. From: British Tobacco Company Sent: 27 August 2009 19:46 Subject: Contact Mr Paul Adams Congratulations! Your e-mail ID was among the selected lucky winners of £1,000.000.00 GBP in our BRITISH TOBACCO
Mac User has reported in a little more detail than I’ve seen elsewhere so far on the Trojan detection in Snow Leopard, quoting freelance OS X and iPhone developer Matt Gemmell. In fact, the meat of the story is Gemmell’s tweets, which state that:the system checks for only two known Trojans, RSPlug and iServices, and
I really ought to be working towards some really urgent deadlines, but I can’t resist a quick comment on the antimalware detection feature in Snow Leopard – darn, I’m going to have to upgrade to get a proper look at it – since several AV people, including our own Aryeh Goretsky have commented. I have
I feel like the learned judge in the ’60s who asked, in the course of a trial, “What is a Beatle?” since until recently I couldn’t have given you an accurate answer to the question “What is a Jessica Biel?” In fact, I’d probably have said something like “”Wasn’t she in Flashdance?” (The answer is
Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware. Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses
Microsoft has released the patches required to make autorun work with only CD and DVD drives. There is one little catch, a USB drive can be configured to look like a CD, but this patch definitely helps reduce risk. I highly recommend you install the patch so that you can connect most thumb drives, GPS
News came out today that Michael Jackson’s death has been ruled as a homicide. Expect to see spam and hoax emails coming around soon trying to exploit this news. It seems that Michael Jackson just can’t die. It’s a good thing we didn’t have the internet when Elvis died. If you get emails for pictures,
Cristian Borghello, Technical and Education Manager at ESET Latin America, tells us that they’ve noted quite a few sites that pretend to provide information on the fire crisis in Athens, Greece, but actually download malware onto the user’s PC. (Mistakes in translation are down to DH!) The criminals are using Black Hat SEO (Search Engine
Sebastián Bortnik, Security Analyst at ESET Latin America, has shared with me his translation of an FAQ written with Cristian Borghello, ESET Latin America'sTechnical and Educational Manager, about the malware ESET NOD32 detects as Win32/Induc.A. I've done a little cosmetic editing on the original and added quite a lot of material (so any mistakes and
A number of new papers have been added to the white papers page: Cristian Borghello’s “Playing Dirty” is a translation of his original Spanish paper, available on the ESET Latin America web site, and describes in detail how criminals make money out of stealing online gaming credentials and assets. My paper Social Security Numbers: Identification is
This is part two of a recent email interview with a Turkish web site, with part one made available here for the benefit of those of us who don’t speak Turkish. I’ve done a little editing on parts one and two, primarily for cosmetic reasons. Question (4): What the golden rules for using the Internet with
This is a research blog, not a marketing blog. Not that there isn’t a place for marketing (that’s what pays our salaries, in a sense!) and marketing blogs, but my guess is that most of our readers here would get bored quite quickly if we spent too much time on press-release type material, our latest
Regular readers will be aware that, unlike many people in the security industry, people in this research team tend to be enthusiastic supporters of security education for end users, both inside and outside business: not as The Answer To Everything, not in terms of turning everyone who uses the Internet into a security expert, but
So, back in harness. I’ve been away for a couple of weeks: not on holiday as such, though I did take some days out, but concentrating on writing: it didn’t hurt that I didn’t have a full-strength internet connection to distract me, though. Before I left, I was interviewed by a Turkish security site. It
Nowadays we see lots of malicious software that is designed to steal money and information. A new virus was recently discovered that seems to be all about proving a concept rather than blatant maliciousness. The Win32/Induc.A virus does not infect like most viruses do. Delphi is a programming language. Induc infected the Delphi IDE so
You may have seen a headline about a huge identity theft ring being busted. http://www.reuters.com/article/topNews/idUSTRE57G4GC20090817 There are a lot of things people can do to be safer online, but in this case it wasn’t about your computer being hacked. Whenever you use a credit card or a debit card there is information that can potentially
Some people are speculating that the motivation for the Twitter attack was to try to silence one person. There are really good signs that the attack against an individual was what took down Twitter, but still we really don’t know. I speculated that it might be a show of force to try to sell botnet
I was amused (and not the only one, either) to notice that the UK’s Cabinet Office has recently launched a “Template Twitter strategy for Government Departments”: I wonder if they’re thinking of reconsidering in view of the proven fragility and security-shakiness of Twitter, but I suspect not. I am tempted to make a cheap shot related
In the AV industry, we’re not unaccustomed to security scare stories met with a debunking response. For example, Peter Norton was quoted in 1988 in Insight as saying that computer viruses were an urban myth, like the alligators supposed to inhabit the sewers of New York. (He did change his mind around 1990 when he gave
