Unlike Windows XP service pack 2, which included significant security updates, or Windows XP service pack 3 which is required for support from Microsoft, Windows 7 service pack 1 does not have any significantly compelling updates for most users. If you do not regularly use automatic updates to keep your operating system up to date,
Archives - February 2011
...there are reports of scammers spamming out solicitations for contributions to fake disaster relief funds, in the wake of the recent earthquake in New Zealand...
...Ontinet has been noticing lots of emails with links to forums. Following the links leads to a forum full of spam products, from replica watches to viagra...
Before I started today's flurry of blogs, I was uncharacteristically quiet: first I was at an AMTSO event in San Mateo, then at RSA in San Francisco...
If you found my recent post on Public Access PCs Booby-Trapped of any use, you may also find a follow-up article by SC Magazine's Dan Raywood of interest. The article on Keyloggers found plugged into library computers quotes some further thoughts I sent him in a subsequent exchange of email, and also quotes Wilmslow police inspector Matt
Links added today to the Stuxnet resources page...
Really, all you have to do is talk someone into giving you their iPad, but you’re not going to get one if you fall for the spam that has been going around on Facebook recently. There have been many of the spam scams over the years. Usually the spam is sent from a hijacked account,
...keyloggers were found to have been attached to PCs used by members of the public...
[Update: the BBC Radio 6 issue is now confirmed by WebSense (apologies for misattributing it earlier!), who have more detail here, and note that areas of the BBC 1Xtra radio station Web site are also affected.] I hear from ESET colleagues in the UK that the BBC's Radio 6 homepage (one of the Beeb's music stations) is
Links to two Stuxnet-related stories have been added to the resources page at /2011/01/23/stuxnet-information-and-resources-3/. Kim Zetter, in Wired's "Threat Level" column Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant, summarizes the latest update to Symantec's Threat Dossier. Symantec researchers now believe that Stuxnet targeted five organizations in Iran as staging posts
Today kicks off the RSA conference in San Francisco. This is the 20 anniversary for the RSA conference. RSA stands for Rivest, Shamir and Adleman, who invented RSA encryption. The RSA conference and trade show has grown from an encryption focused conference to one which includes virtually every aspect of digital security. As has been
...I know that Facebook has various countermeasures for dealing with the even more various types of fraud that Facebook users are subjected to. Does it really believe that those measures are so effective, no fraudulent message can ever get through?
On Thursday I will be participating in a cloud computing security discussion. The virtual event is free and you can register for it at http://techweb.com/iwkcloud. The entire agenda for the event can be found at https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1002827&K=MAA9&tab=agenda. Do note that the times listed are EST. I will be participating between 2:45 and 3:30 PM EST. Even
Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook :) Little privacy, but a whole lot of settings! Check it out at http://blog.eset.com/2011/05/25/facebook-privacy Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face
...the conclusion does support what does appear to be the official Iranian line that this was an attack against Iranian nuclear operations, but that it wasn't successful...
Added to the Stuxnet (3) resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3.
Zeus-associated malware (and that includes SpyEye and "SpyZeuS") isn't supernaturally difficult to detect. It is, however, pretty adaptive and has introduced, from time to time, some innovative counter-detection techniques.
Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often. As it turns out, it was once my job to make sure that Microsoft did not release infected software. Initially
People place way too much trust in technology. We see that time and time again as phishing attacks and rogue security programs proliferate. Identity theft can be one of the more extreme results of believing a computer that told you the email came from a friend, but another technology can cause death if you trust
In recent months there has been a lot of discussion in the US about an Internet kill switch. The real idea behind the kill switch is not to protect the infrastructure as claimed, but rather for political control such as has been recently observed in Egypt and other countries. Proponents of the Internet kill switch