Archives - August 2009

Firefox: More Security, Less Privacy?

Perhaps I imagined it, but a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade

Who Flipped the Bird?

As I write this, Twitter, the popular social networking site is experiencing a distributed denial of service attack. I do not know where the attacks are originating from, or the reason, but it occurs to me there may be hell to pay. So what motives? Perhaps the bad guys are upset that Twitter has recently

Adobe Flash Settings

As I previously pointed out, Adobe is at best deceptive about claims of the security and privacy of Flash. Even if you do not know what flash is or how to find it, you probably have it on your computer. If you open control panel and go to the “add or remove programs” application

Lies, Damned Lies, and SPYzooka

Update. August 5th 1:30 PM PDT.  I received an email from Mr. Carl Haugen, the president of BluePenguin Software who develop SPYzooka. According to Mr. Haugen the offending post was made by a former employee and has now been removed. I have verified that the post was removed. This is an encouraging sign. I will

A Matter of Life and Delf? Malware on the Fiddle

There’s been a certain amount of buzz in the past couple of days about messages claiming to link to Wire Transfer information, but actually related to a Trojan commonly called Delf or Doneltart. ESET is detecting the examples we’ve been seeing as a variant of Win32/TrojanDownloader.Delf.OZG. The messages generally look something like this (at least,

Shorteners/Redirectors: short of ideas

We’ve been having some discussion internally about shortened URLs, with specific reference to pointing to web resources on Twitter, where you can’t actually avoid using shortened URLs, because an uncompressed URL is automatically shortened using You may remember that I discussed these issues before here, The main problem, of course, is that it’s all too

Slideshare Responses

We’ve had reassuring responses from Slideshare about the recent problem with a malicious slide deck and the company’s timely removal of the malicious account. You can find these in the comments to the previous blogs on the subject, but as many people who saw the original blog won’t necessarily go back to check on comments,

Ditch Adobe?

Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible.  Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit

Calling Adobe’s Bluff

Dear Adobe, It is time to put up or shut up. Your web site FAQ has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash

Security Cyber “Czar” Steps down

The Wall Street Journal reported that Melissa Hathaway, the acting White House Cyber Security Czar, has resigned. The difficulty filling the position has been ongoing and is not limited to an administration or political camp. Richard Clarke at one time held a similar position in the Bush administration, Howard Schmidt was a cyber security

Slideshare update

Further to yesterday’s blog at, I hear from  Sebastián Bortnik that the account holder that posted those malicious slides to Slideshare has been banned, and the slide decks are no longer available. However, he (the black hat, not Sebastián!) had managed to post 2,473 slides with malicious links before he was stepped on: see

SlideShare used to spread malware

Over the weekend our colleagues at ESET Latin America found that Slideshare was being used to spread malware. As they haven’t found much information on the web about this, Sebastián Bortnik blogged today about what they found. (Errors in translation and interpretation should be attributed to David Harley!) I’ve added some thoughts and some content

Potentially Abandoned Conficker Grows

According to an article at the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these users are not using

More Free Lunches

Discussion has been rolling on in comments to a blog Randy posted some time ago (back in June, to be precise…) on Microsoft Essentials. Rather than go over exactly the same ground, I’d like to reiterate some points about free antivirus generally, but starting off from a question that was put in a comment to

ThreatSense.Net® Report for July

Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is