If you’re going to be attending RSA in San Francisco next week, stop by our booth (#1751) and say hi! ESET bloggers Jeff Debrosse, David Harley, and I will be there. Jeff and I will take turns presenting “Security’s Rosetta Stone: Translating security to human behavior”. You can also enter a drawing to win some
Ahhh that was a coworker’s favorite saying each time administrators would make idiotic decisions because they weren’t in the trenches to see the effects of their decisions. There is a result from the National Cyber Security Alliance survey that I find specifically interesting. First, let me preface this by saying the thing you learn most
The NCSA (National Cyber Security Alliance) just released the detail of a survey of educators and technologists concerning both cybersecurity and cyberethics education in the schools. Cyberethics is prevention. It attempts to decrease cybercrime by teaching that it really is still crime and not very nice. Cybersecurity is teaching defense. If I covered the whole
A report was recently released which examined the accuracy of the information within the WHOIS system. WHOIS services are intended to provide free public access to information about the registrants of Internet domain names. This report was commissioned by ICANN, the body that oversees the allocation & registration of Internet domain names. Probably the most
So how bad was the roll out of Google Buzz? Let’s start with a little bit of history first. Either before or after you read this blog, I would appreciate your impressions of how Google rolled out buzz. I have a survey up at http://www.surveymonkey.com/s/JSS79XJ Several years ago, Microsoft initiated their SDL, Security Design Lifecycle
Two new white papers have been posted on the white papers page at http://www.eset.com/download/whitepapers.php. (1) "Ten Ways to Dodge CyberBullets" by David Harley Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worst-dressed French poodles, the 10 most embarrassing political speeches and
[Part 10 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is also available shortly at http://www.eset.com/download/whitepapers.php as a white paper.] Don’t be a Crackhead Don’t use cracked/pirated software. Such programs provide an easy avenue for introducing malware into (or exploiting weaknesses in) a
[Part 9 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is now available as a white paper at http://www.eset.com/download/whitepapers.php.] Be Wireless, not Careless Don’t connect to just any “free Wi-Fi” access point: it might alter your DNS queries or be the “evil twin” of
Some of you may be aware that some users have recently encountered problems with one of Microsoft's security updates. Some user's systems would crash with a "Blue Screen Of Death" (BSOD) after installing Microsoft's latest batch of security updates. The problem has been narrowed down to the MS10-015 update. It seems that systems that have
I came across an interesting side effect of Google forcing Gmail to be a social networking site. A young lady in middle school replied to a Buzz about what you think about Buzz. Her response? “I am just getting the hang of Buzz right now too. I don't really go on blogging websites since my
http://www.computerworld.com/s/article/9158858/Google_slapped_with_class_action_lawsuit_over_Buzz?taxonomyId=84 This is not a surprise. Google made an egregious privacy error when they published people’s private contacts without consent. In a recent blog entry at the official Gmail blog http://gmailblog.blogspot.com/, Google claims to have rolled out the improvements they had promised. The feedback is that the improvements are not working and Google continues to
Further to an earlier blog about the "broken" Chip & PIN credit card security system (strictly speaking, the primary problem described is with EMV), it's noticeable that, as John Leyden puts it, "Industry groups [have] leap[t] to Chip and PIN's defence." In fact, the response has been a bit more mixed than that. But there
Yesterday I recorded a podcast for The Malware Report with guest Ira Victor of Data Clone Labs Inc. Ira also co-hosts the radio show “The Cyber Jungle” which you can find at www.thecyberjungle.com. The podcast should be up in the next week or so. During the show Ira mentioned the website http://www.PleaseRobMe.com. This site takes
Urban Schrott, IT Security & Cybercrime Analyst at ESET Ireland, reports seeing more e-mail pretending to be from Microsoft is circulating, "warning" computer users that "Conflicker" is again spreading rapidly. ESET's ThreatSense engine identifies the malware as Win32/Kryptik.CLU trojan, and running it would result in further malware infections. Here's an example Urban quotes of one
We seem to have pointed out rather often recently that giving away lots of information on Facebook, Twitter and other social network sites isn't a good idea. PleaseRobMe claims, somewhat amusingly, to be a resource for burglars, saving them the trouble of searching through Twitter and Foursquare for information on whose house is currently unoccupied. In
Eveline Goy commented on a previous blog on "When is a hoax not a hoax?", and I thought it was too good a comment to let it lie unnoticed. Dear Mr Harley You might be interested to know that the MISSING GIRL email re Rachelle Marie Smith is now being distributed in Australia. Of course
* http://math.boisestate.edu/gas/mikado/webopera/mk105a.html Kevin Townsend posted a blog in response to a piece by Mike Rothman at Securosis. Mike’s piece on “The Death of Product Reviews” makes some pretty good points about security product reviews in general. Kevin’s piece is more specific to anti-malware. He too makes some useful discussion points about the value or otherwise
While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries
The Survey is closed and I had a whopping 28 total responses :) The questions were 1. How often do you connect your iPhone to a computer with iTunes running? 2. Have you owned your iPhone for at least 6 months? 3. How did you learn of this survey? Five people did not respond to
Here's a little more information about the CD that caused the trouble described at http://www.eset.com/threat-center/blog/2010/02/16/infected-drivers-cd, It came with a motherboard bought by the customer from Newegg. They say that when they called Newegg and told them about the CD, they sent links to download clean drivers. It's may be, therefore, that the problem lies with Newegg rather
