Archives - May 2010

Please Rob Me: Blippy

Blippy recently had a small data breach which merely underscored the risks of a growing segment of social networks which showcases your toys… How a burglar or other thief sees Blippy: Securing Our eCity Contributing Writer

Facebook Changes… but not yet

Recently we blogged here about some new Facebook privacy controls. I decided to check and see if the new controls were rolled out. The first thing I noticed was that Facebook noticed I was not logging in from my normal location and wanted to ask me a few “security questions”. Hmmm, ok. The first security

Viral Implants (not what you think)

There was a bit of a stir today around a British scientist, Dr. Mark Gasson. In the BBC article Dr. Gasson was touted as the “First Human ‘Infected With a Computer Virus’”. I let this one stew around for a few seconds and I have to say that this isn’t what it’s cracked up to

Banking Fraud? Tell me and tell me quick!

In the survey, banks that were notifying consumers as quickly as possible or immediately across multiple channels performed well [and] they also improved cardholder confidence. Notifications over multiple channels were also significant.

New Facebook Privacy Controls Arrive on Wednesday

Mashable reports a halt to the insanity over privacy may be only a day away… On Sunday, Facebook CEO Mark Zuckerberg promised simplified privacy settings “in coming weeks.” It now looks like that timetable has been bumped up, with an executive at the social network revealing at an event in New York that new features

Carr’s Four Cyber Trends That Must Be Reversed Now

I’m not always in alignment with Jeffrey Carr’s point of view but in this he is spot on. Succinct and to the point, Jeffrey Carr addresses cybercrime, cyberwarfare rules of engagement and forecasts the United States’ rapid decline: Should these trends continue unabated, we will have no one to blame but ourselves as the economical

GoGo Gone

So, this is the first blog entry I have ever written and posted from an airplane. Until the end of July, Alaska airlines has free wi-fi on some of their flights. Not all of the planes are wi-fi enabled. The provider is called GoGo. One of the first things I noticed is that even though

Cyber‑crimefighters pwn

Brian Krebs, source of a lot of key research on the banking trojan focus on small to medium sized business, has reported that cyber-vigilantes have rattled the cage of a major carder site by posting their member’s passwords: Ironically, the anonymous authors of the e-zine said they were able to compromise the criminal forum because

Bricking your cell phone: Mayhem on a Massive Scale

What would happen if every single one of the four BILLION cell phones on this planet just went dark? Or most likely, what would happen if every single cell phone went dark in one country? One scenario is a combined DoS attack on the internet was combined with a DoS attack on the cellular phone infrastructure at the same time.

Debate Heating Up: Cybersecurity Act of 2010 S. 773

Forbes contributor Richard Stennion doesn’t like the Cybersecurity Act of 2010 very much. We know it around here as S. 773 and have been tracking it for some time. Mr. Stennion and I disagree on some key points. He says that S. 773: “…contains some pretty drastic measures that are going to be very disruptive,

DoD Cyber Command is officially online

According to the Navy Times today, the Cyber Command is up. “The nascent command charged with operating the nation’s military computer networks is now a reality, the Pentagon has confirmed.” “U.S. Cyber Command, a subordinate unit of U.S. Strategic Command, was launched Friday afternoon at Fort Meade, Md., in a status officials called an initial

Should I Stay or Should I Go?

I don’t really want to leave ESET, but IBM needs me. Several years ago Microsoft had a serious problem with viruses in its software. I was given the task of making it go away. It started with retail software. My job was to make sure none of the retail software Microsoft released was infected. Then

Painful Facebook Malware? Only When I Laugh.

Juraj Malcho, Head of Lab at Bratislava, reports: We've just encountered what appears to be a new Facebook scam in the wild. As of this moment we haven't seen any malicious content being served, but the content is changing even as I’m writing this post and it’s likely to serve malware soon. It spreads by adding

The World Cup is an Infectious Sporting Event!

Our research colleagues in South America have found that there is considerable effort by the bad guys to try to infect your computer when you search for information about the 2010 world cup games. Specifically, if you are searching for free tickets. The bad guys know that people searching for free tickets to the World

Autorun and Windows 7

Autorun and Windows 7. Long time readers know that I think autorun was Microsoft’s longest unpatched vulnerability. For Windows 7 Microsoft has made some serious improvements, but for older versions of Windows Microsoft has ignored the obvious vulnerability and only offered the patch as an optional download instead of making it a critical update, as

*My AIIM is – errr, about 50 miles off

OK, perhaps this is a grumpy old man moment… Today I received a magazine through the post that included a flyer for the AIIM 2010 roadshow. AIIM, formerly the National Microfilm Association and later the Association for Information and Image Management (hence AIIM) describes itself as "the community that provides education, research, and best practices

AMTSO, Standards, and Relevance

[I told you these links were cursed: thanks to Daniel Schatz for pointing out a further problem. Tip of the hat to Kurt Wismer for pointing out the issue on the AMTSO blog, and another to Julio Canto for alerting me to the story in the first place.] Danny Quist posted an interesting article at

Twitter Botnet Update

[Update: Alex Matrosov has posted screenshots of the Twebot update at and] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at