Bio

David Harley

David Harley

Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

Articles by author

Fan Check Checks In Again?

PC World has reported that Janakan Arulkumarasan, the creator of Fan Check says it’s non-viral, safe and legitimate, in an interview with IDG News Service. The article quotes him as saying: “FanCheck is NOT a malicious app. Unfortunately, some malicious developers have been spreading a lie that it is — and encouraging people to download fake

SMB2 0‑Day update

Microsoft’s advisory on the SMB driver issue is now available. As expected, it includes some comments on mitigation, but they’re rather fluffy. It advocates “Firewall best practices and standard default firewall configurations”, which “can help protect networks from attacks that originate outside the enterprise perimeter,”  and suggests exposing a “minimal number of ports”. Well, duh… I’d expect any firewall

SMB2 zero‑day

Some traffic has crossed my radar concerning a 0-day exploit that apparently enables a remote attacker to crash a Vista or Windows 7 system with SMB enabled (and according to subsequent reports, Server 2008). The original post and exploit are claimed to demonstrate the possibility of a Blue Screen Of Death (BSOD) and (normally) an automatic reboot when

Pack up your troubles….

Somewhere back in the Dark Ages, I wrote some articles for Computer Weekly in the UK, as part of a series of articles called Security Zone. This is a regular series where the contributors are all members of (ISC)2, the International Information Systems Security Certification Consortium*. Some of those articles are accessible from the Computer

Fan Check: Fretting about Facebook

Update: Lysa Myers, of West Coast Labs, has confirmed that she knows of a number of people who’ve used the application and didn’t see anything fishy happening. It did offer to send emails outside Facebook but didn’t insist on it, so it’s hard to see where the messages from unapproved contacts are coming from. I’ll

(Win32/)Induc‑tive Reasoning

I was passed a query from a journalist in the UK about Win32/Induc.A, the Delphi infector both Randy and I have blogged about previously, asking whether ESET has figures supporting my contention that this “harmless” malware actually has the potential to cause significant damage, as he had seen no reports of “even minor disruption.” While

Fake Antimalware – Old Dogs, New Tricks

(1) Websense, our neighbour in San Diego, has reported a fake anti-malware scam centred on Labor Day social engineering. The scam uses malicious SEO (Search Engine Optimization) techniques, sometimes referred to as index hijacking or SEO poisoning, to misdirect potential victims. When the victim uses Google to search for Labor Day sales (apparently these are very

Septic Thumb Drive

The Register has reported that it cost Ealing Council, in London (UK) some £500,000 in lost revenue and repairs after a “virus infection” in May. According to El Reg’s John Leyden, the virus in question was Conficker-D, though because of differences in Conficker variant naming, it’s difficult to say exactly which variant that would refer to.

Mac Malware (again)

An interesting comment was made to my last blog on Snow Leopard, Mac malware and all that. I’ve approved the comment, but since people who read the blog earlier won’t necessarily go back to see what comments it’s attracted, I’ll answer it here, at more length. Mac User said that “Currently, the only way to get

AMTSO – the Next Generation

I’ve just returned from Canterbury in the UK. One of the reasons I was there was to present a paper on malware naming at CFET 2009 (3rd International Conference on Cybercrime Forensics Education & Training). It was an excellent conference, and I’ll have more to say about that later (and the paper will be available shortly

419 and Mac scams

I forwarded this to myself from another account yesterday because I thought it was one of the laziest 419 scam messages I’d ever seen. From: British Tobacco Company Sent: 27 August 2009 19:46 Subject: Contact Mr Paul Adams Congratulations! Your e-mail ID was among the selected lucky winners of £1,000.000.00 GBP in our BRITISH TOBACCO

Snow Leopard and Malware

Mac User has reported in a little more detail than I’ve seen elsewhere so far on the Trojan detection in Snow Leopard, quoting freelance OS X and iPhone developer Matt Gemmell. In fact, the meat of the story is Gemmell’s tweets, which state that:the system checks for only two known Trojans, RSPlug and iServices, and

Web Searches and Dangerous Ladies

I feel like the learned judge in the ’60s who asked, in the course of a trial, “What is a Beatle?” since until recently I couldn’t have given you an accurate answer to the question “What is a Jessica Biel?” In fact, I’d probably have said something like “”Wasn’t she in Flashdance?” (The answer is

Rogue Anti‑Malware Exploiting Athens Fire

Cristian Borghello, Technical and Education Manager at ESET Latin America, tells us that they’ve noted quite a few sites that pretend to provide information on the fire crisis in Athens, Greece, but actually download malware onto the user’s PC. (Mistakes in translation are down to DH!) The criminals are using Black Hat SEO (Search Engine

New White Papers

A number of new papers have been added to the white papers page: Cristian Borghello’s “Playing Dirty” is a translation of his original Spanish paper, available on the ESET Latin America web site, and describes in detail how criminals make money out of stealing online gaming credentials and assets. My paper Social Security Numbers: Identification is

Turkish Delight (2)

This is part two of a recent email interview with a Turkish web site, with part one made available here for the benefit of those of us who don’t speak Turkish.  I’ve done a little editing on parts one and two, primarily for cosmetic reasons. Question (4): What the golden rules for using the Internet with

…and Talking of Bratislava

This is a research blog, not a marketing blog. Not that there isn’t a place for marketing (that’s what pays our salaries, in a sense!) and marketing blogs, but my guess is that most of our readers here would get bored quite quickly if we spent too much time on press-release type material, our latest

(User) Education, Education, Education

Regular readers will be aware that, unlike many people in the security industry, people in this research team tend to be enthusiastic supporters of security education for end users, both inside and outside business: not as The Answer To Everything, not in terms of turning everyone who uses the Internet into a security expert, but

Turkish Delight

So, back in harness. I’ve been away for a couple of weeks: not on holiday as such, though I did take some days out, but concentrating on writing: it didn’t hurt that I didn’t have a full-strength internet connection to distract me, though. Before I left, I was interviewed by a Turkish security site. It

Twitter and the Corridors of Power

I was amused (and not the only one, either) to notice that the UK’s Cabinet Office has recently launched a “Template Twitter strategy for Government Departments”: I wonder if they’re thinking of reconsidering in view of the proven fragility and security-shakiness of Twitter, but I suspect not. I am tempted to make a cheap shot related