Perhaps I imagined it, but a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade
As I write this, Twitter, the popular social networking site is experiencing a distributed denial of service attack. I do not know where the attacks are originating from, or the reason, but it occurs to me there may be hell to pay. So what motives? Perhaps the bad guys are upset that Twitter has recently
As I previously pointed out http://www.eset.com/threat-center/blog/2009/08/04/calling-adobe%E2%80%99s-bluff, Adobe is at best deceptive about claims of the security and privacy of Flash. Even if you do not know what flash is or how to find it, you probably have it on your computer. If you open control panel and go to the “add or remove programs” application
Update. August 5th 1:30 PM PDT. I received an email from Mr. Carl Haugen, the president of BluePenguin Software who develop SPYzooka. According to Mr. Haugen the offending post was made by a former employee and has now been removed. I have verified that the post was removed. This is an encouraging sign. I will
There’s been a certain amount of buzz in the past couple of days about messages claiming to link to Wire Transfer information, but actually related to a Trojan commonly called Delf or Doneltart. ESET is detecting the examples we’ve been seeing as a variant of Win32/TrojanDownloader.Delf.OZG. The messages generally look something like this (at least,
We’ve been having some discussion internally about shortened URLs, with specific reference to pointing to web resources on Twitter, where you can’t actually avoid using shortened URLs, because an uncompressed URL is automatically shortened using bit.ly. You may remember that I discussed these issues before here, The main problem, of course, is that it’s all too
We’ve had reassuring responses from Slideshare about the recent problem with a malicious slide deck and the company’s timely removal of the malicious account. You can find these in the comments to the previous blogs on the subject, but as many people who saw the original blog won’t necessarily go back to check on comments,
Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit
Dear Adobe, It is time to put up or shut up. Your web site FAQ http://www.adobe.com/products/flashplayer/security/privacy_policy/faq.html has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash
The Wall Street Journal http://online.wsj.com/article/SB124932480886002237.html reported that Melissa Hathaway, the acting White House Cyber Security Czar, has resigned. The difficulty filling the position has been ongoing and is not limited to an administration or political camp. Richard Clarke at one time held a similar position in the Bush administration, Howard Schmidt was a cyber security
Further to yesterday’s blog at http://www.eset.com/threat-center/blog/2009/08/03/slideshare-used-to-spread-malware, I hear from Sebastián Bortnik that the account holder that posted those malicious slides to Slideshare has been banned, and the slide decks are no longer available. However, he (the black hat, not Sebastián!) had managed to post 2,473 slides with malicious links before he was stepped on: see
Over the weekend our colleagues at ESET Latin America found that Slideshare was being used to spread malware. As they haven’t found much information on the web about this, Sebastián Bortnik blogged today about what they found. (Errors in translation and interpretation should be attributed to David Harley!) I’ve added some thoughts and some content
According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these users are not using
Discussion has been rolling on in comments to a blog Randy posted some time ago (back in June, to be precise…) on Microsoft Essentials. Rather than go over exactly the same ground, I’d like to reiterate some points about free antivirus generally, but starting off from a question that was put in a comment to
Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is
