Virtualization & Conferencing
David Harley is taking part in the keynote session (11.00-12.00 EST) on "APT: Real Threat or Just Hype" at US Infosecurity's Virtual Conference on November 8th.
Education? Academic background in modern languages, social sciences, and computer science.
Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.
Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.
What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.
Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...
What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.
When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)
Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.
David Harley is taking part in the keynote session (11.00-12.00 EST) on "APT: Real Threat or Just Hype" at US Infosecurity's Virtual Conference on November 8th.David Harley
No, Craig Shergold doesn't need a heart transplant. Others do, but Facebook sharing isn't the best way to accomplish that.David Harley
ESET Researchers have investigated Win32/Duqu's RPC mechanism.David Harley
For the last few days, much malware research time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this kind of malware particularly interesting is that it very closely resembles Stuxnet, one of the most sophisticated worms of recent years. Last year we performed in-depth analysis ofDavid Harley
Here's an example of search poisoning somewhat similar to that predicted by Stephen Cobb. It uses the death of Gaddafi as a hook, as noted by our colleague Raphael Labaca Castro.David Harley
ESET researchers have noticed a new phase in the evolution of the TDL4 botnet.David Harley
Recently I've been collecting examples of comment spam. Essentially, this is for a research project that is somewhere fairly low on my to-do list. However, it does have a more positive aspect: whenever I feel at a loss for words and losing faith in my own wordsmithing ability, I scroll down to see what niceDavid Harley
Symantec's transient false positive detection of Facebook as a malicious site leads to serious thoughts about Facebook and privacy...David Harley
The slides from an AMTSO-oriented presentation by Larry Bridwell and myself at this year's Virus Bulletin conference, on "'Daze of whine and neuroses (but testing is FINE)" are now available on the Virus Bulletin site are now available here (along with some other excellent presentations). The paper on which the presentation is based is on the ESET white papersDavid Harley
...I've been seeing quite a few scrawny, toothless piranha mailed from email addresses that are often spoofed but invariably dubious like google.phishing.team@a_latvian_mail_provider.com...David Harley
...this isn't lawful interception, and it's not surprising that the AV industry has seen no reason to avoid detecting it...David Harley
A new conference paper, two conference presentations, and an article for SC Magazine.David Harley
Virus Bulletin's annual conference is really one of the highlights of the year for the research communityDavid Harley
...the finding that 52% of respondents felt that increased use by their employees of social media had resulted in an increase in attacks from malware seems to me both interesting and significant...David Harley
You may have noticed a lot of excitement about Facebook's latest attempts to prune your privacy, and you'll probably see more commentary on this blog. Here's something a little different: a good old-fashioned chainletter that seems to be flourishing despite all its logical flaws. The story is at SC Magazine's Cybercrime Corner, to which IDavid Harley
ESET researchers Aleksandr Matrosov and Eugene Rodionov just gave a talk on Defeating x64: Modern Trends of Kernel-Mode RootkitsDavid Harley
If Tanji'sarticle makes you more sceptical of those of us who pollute the blogosphere with our own opinions, that's a Good Thing.David Harley
I notice there's a flurry of articles around the "Stuxnet anniversary" and "After Stuxnet" themes...David Harley
...I didn't think I could let the recent flurry of publicity on Microsoft's disavowal of one of its Gold Partners because of their alleged implication in cold-calling scams...David Harley
One of the recurring themes of the past few years in the UK is data lost by the public sector on USB drives, CDs and so on.David Harley
Sadly, I’m now back in not-so-sunny England, but one of my colleagues forwarded me an item about security breaches reported by healthcare organizations. On January 1st it became mandatory in California for such organizations to report incidents where non-anonymized patient data may be been intentionally or unintentionally disclosed to someone unauthorized. In the first five months,David Harley
Full Disclosure (the concept, not just the mailing list): apparently, it’s all the fault of the security industry. Well, most things are. Still, this is a bizarre little story. (Tip of the hat to the entirely normal Rob Slade for calling my attention to it.) Apparently an individual or group calling itself The Anti-sec Movement replaced every imageDavid Harley
I’m still getting the occasional request to follow on my most obscure Twitter account, which is protected (meaning that I have to approve requests to follow me on there). Sorry, but if I don’t know who you are, you won’t get approved on that one. Even if I do know who you are, you won’tDavid Harley
SC Magazine in the UK picked up on our Global Threat Report for June, based on statistics that derive from our ThreatSense.Net® threat-monitoring technology. Thanks, Dan: when you do as much writing as I do, it’s comforting to know that someone is reading it. ;-) I thought, though, I’d develop some thoughts on a topic arisingDavid Harley
[Since the owner of the blog described below interpreted this blog as a personal attack and marketing BS, I’ve removed information that identifies his blog. Which is a pity, because his blogs on the topic actually include useful information. I’m not withdrawing the whole blog, because it isn’t marketing and it isn’t about our product:David Harley
I’d like to thank the City of San Diego for welcoming me with a firework display last night. It was just what I needed after 22 hours in planes and airports. :-) Maybe just a little quieter next time? (London did much the same thing to me with its Millennium celebration.) It did look prettyDavid Harley
We’ve just finished working on our monthly Threat Report. There aren’t many surprises in the top ten threats for June. Conficker has taken over the “top spot”, relegating INF/Autorun to second place. It’s difficult to say for sure what the significance is, given the relatively small percentage point involved: minor fluctuations in proportions from monthDavid Harley
Having worked quite a lot in recent years in the public sector in the UK, I’m not at all surprised that RIM (Research in Motion) is bullish about being assessed by CESG as suitable for use with restricted government data. However, it’s not altogether clear from the documentation published by RIM what this actually means.David Harley
I’ve just been observing a slightly bizarre email thread about the whatdoestheinternetthink?net site, which is apparently aiming to be the place to go if you want a global enquiry tool to find out what the online world thinks about any given subject. You enter a search term, it submits to one or more search engines, and itDavid Harley
It’s often claimed that men think about sex very seven seconds. Sorry, where was I? Oh yes… I’m not sure where that pseudo-statistic comes from: apparently not from the Kinsey report as is often claimed, and a more recent poll, while reflecting perhaps more liberated views about sexuality than could be admitted to in theDavid Harley
I really didn’t think that Microsoft’s beta AV product would necessitate three blogs: it is, after all, just a beta release. However, I was surprised just now to read an article by Mark Mayne of SC Magazine that claims the product is “going head-to-head with a range of AV vendors, from Symantec and McAfee throughDavid Harley
Alex makes a couple of interesting points in his comment on Randy’s blog yesterday about Microsoft’s “Security Essentials” antivirus (as does Randy, of course, but there’s no surprise there.) Alex is suggesting, I think, that Security Essentials isn’t so much a freebie as a value-add to something you’ve already paid for (i.e. Windows). That’s a pretty interesting,David Harley
The estimable Gadi Evron has posted an article at DarkReading about a dialogue he was caught up in on Facebook. One of his contacts popped up in a Facebook Chat window and told him how she’d been been held at gunpoint and robbed in London, losing her credit card, cash and mobile phone. Well, havingDavid Harley
I’d like to say thanks to Sean, who commented on my first blog on Orbasoft blog spam (don’t miss the later blog!) as follows: “These people are still not telling the truth. This software has been tested several times in the last few days and has been verified as a Rogue. It is on average detectingDavid Harley
Many thanks to Jens in Denmark, who commented on my previous blog about Orbasoft comment spam. Jens says: “Orbasoft is a real company, situated in Denmark. But they hired an Indian company to spam blogs with comments on their products (“search engine optimization”)…[they] wrote 300 positive comments – for the price of $900. ” Well,David Harley
There’s been some media interest in an alert from WebSense about something they call Nine Ball (he, said, trying to keep his sense of humour in check). It has some pretty interesting characteristics. I’d like to pick up, though, one point that the reports I’ve seen have rather overstated. WebSense mentioned that vendor detection is low onDavid Harley
Comment spam is one of those nuisances that career bloggers see a lot of: at least, we would if we didn’t use filters to control most of it before it gets to us. In general, these either overtly advertize something which has nothing whatsoever to do with the blog topic, or say something that addDavid Harley
OK. No dubious metaphors about clouds and stormy weather. Maybe. We all know, because we’ve been told so many times, that cloud computing, whatever that is, is going to be the salvation of not only the anti-malware industry, but the rest of the software industry. NIST (National Institute of Standards and Technology, whose Computer Security DivisionDavid Harley
When I first went to university at the end of the 1960s (yes, I really am that old, though not quite old enough to be of that generation that only remembers that decade through a haze of psychedelic phenomena), my choice of social sciences was regarded as somewhat fluffy. It was the age of “theDavid Harley
Data protection in the UK and Europe may mean something a little different to the way most Americans would understand it. The UK’s Data Protection Act is, like other local legislation in EC countries enacting the EU directive Data Protection Directive 95/46/EC, concerned less with the security mechanisms you use (or don’t use) to protect yourDavid Harley