SSL: Threatened by a BEAST of Prey
SSL isn't hopelessly broken, but the widespread use of TLS 1.0 means that SSL cannot be regarded as fully "secure"
Education? Academic background in modern languages, social sciences, and computer science.
Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.
Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.
What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.
Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...
What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.
When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)
Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.
SSL isn't hopelessly broken, but the widespread use of TLS 1.0 means that SSL cannot be regarded as fully "secure"
David HarleyRóbert Lipovský and I put our heads together and posted a joint article to SC Magazine's Cybercrime Corner on "Dead Certs?"
David HarleyESET's August ThreatSense report is now available on the Threat Center page.
David HarleyAs you might expect, I don't by any means agree that AV is a dead parrot, though I'm not going to claim that it detects everything (or anywhere near that) either.
David Harley...the latest crop of malicious web pages to go up includes hooks such as "Bin Laden alive", "in depth details about the terrorist attack", "police investigation results" and "towers going down",...
David HarleySome of my favourite blog comments of the week: I’m surprised just how so many fish pedicure spas have sprung up in the uk without looking fully at the possible health risks to clients, or insuring against them. Yes, I've often thought the same thing, especially in the context of disclosure ethics and the issue
David HarleyI'm a believer in responsible disclosure. But...
David Harley…but it doesn't necessarily want you to be free. Since Cameron Camp and I have written here and here about the implications of the UK government's meditations on curbing civil unrest by curbing social media services, it's interesting to see that the estimable Kim Davis, who previously categorized UK Prime Minister David Cameron's pronouncements as bluster, has also
David HarleyYou may be aware that Cameron Camp and I regularly write articles for SC Magazine's Cybercrime Corner: here here's a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it'll give some idea of the range of content covered. Ten years later, still the same
David HarleyAryeh Goretsky's paper won't turn you into a business continuity specialist, but is an excellent primer on why, how and when to back up your data.
David HarleyDuring the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.
David Harley... people have been asking me about Google's interesting paper on Trends in Circumventing Web-Malware Detection...
David Harley...this is a phish mailed out indiscriminately in the hope of catching a Xoom customer...
David HarleyAryeh Goretsky interviewed, as his paper on Possibly Unwanted Applications is published.
David Harley...both articles are concerned with breaches of copyright and IP abuse...
David Harley'Tis the season to get ready for the autumn round of security conferences.
David Harley...you can probably guess what I think about the idea of an undetectable virus...
David Harley...I realize that it looks a little self-obsessed to keep writing about comment spam relating to your own blog...
David HarleyThere is some pretty interesting content in ESET's Threat Report for July.
David HarleyWe (AVIEN) devoted quite a lot of space to one Chinese operation, the NCPH group, in the “AVIEN Malware Defense Guide for the Enterprise”
David HarleyThere are some civilizations that revere their elders for their wisdom. Unfortunately, I don’t live in one of them. In others, old people are quietly abandoned on ice floes or the sides of mountains when they start to take more from the community than they contribute towards it. I guess I’m reaching the age where I should
David HarleyHere are one or two resources some of you might find useful and interesting. Infragard and the Center for Information Security Awareness have a Security Awareness in the Workplace program that looks worth a closer look. It consists of 14 separate lessons addressing key information security issues “that can impact in the workplace”. The free lessons
David HarleyI really ought to be concentrating on some writing deadlines, but I couldn’t ignore this item, flagged by Graham Cluley, Sophos blogger-in-residence and karaoke star. (I have to say that because I was rather rude about his singing at Infosec last month.) Graham and I both live in the UK, so the state of health
David HarleyIn previous blogs, I mentioned that some of the presentations from the CARO workshop a couple of weeks ago were likely to be made available publicly. Unfortunately for non-attendees, most of the presentations are only available to people who were there: however, some can be downloaded by the public from here. In case I didn’t
David HarleyGreetings, friends, fans and foes. I know it’s been a while, but I’ve been travelling, with intermittent connectivity: first the Infosecurity expo in London, then the CARO and AMTSO workshops in Budapest, then the EICAR conference in Berlin. This week I’ve been at the Channel Expo in Birmingham (the one in the UK, that is)
David HarleyAfter my last blog, I was asked what other EICAR papers would be of interest to people in the testing industry. In fact, quite a few of this year’s papers were focused on anti-malware testing and/or detection, and the abstracts for the industry papers are available here, and that may give you a start on
David HarleyYes, I’ve used that pun before, but I can’t resist using it again now that I’m back from the EICAR conference. I actually got back a couple of days ago, but I was sidetracked by some urgent administrivia and dental treatment. I’m having bacon and eggs for breakfast, my first pet’s name was Stuart Little
David HarleySo the CARO workshop came and went (and very good it was too): unfortunately, because of the nature of the event, I can’t tell you too much about it. However, at least some of the presentations are expected to be made available soon, and we’ll pass on that information when we have it. After a
David HarleySome of us are currently enjoying some excellent presentations at a CARO workshop in Budapest on exploits and vulnerabilities. Hopefully, some of them will eventually be made public, so that we’ll be able to include pointers to specific resources. While there’s been a great deal of technical detail made available that has passed me by
David HarleyEver since Adobe’s recent updates to Acrobat and Reader, I’ve been irritated by the fact that every time I open a PDF, I’m prompted to re-enable JavaScript, which I disabled while we were all waiting patiently for those patches to the last round of vulnerabilities. “This document contains JavaScripts. Do you want to enable JavaScripts
David HarleyIn a comment to a previous post, Finjan have confirmed that Win32/Hexzone.AP is just one of the malicious programs downloaded to machines infected by the unnamed bot behind the 1.9 million PC botnet they reported: it isn’t the bot itself. While I think we’d pretty much established that (especially after some very useful input from Atif
David HarleySome more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.
David HarleyI haven’t commented on the recent flurry of interest in the Mac botnet issue, having already mentioned it a few weeks ago here. It’s not as though anyone has shown much interest in the technical aspects, such as the interesting use of the Authorization Services APIs to trick the victim into authorizing installation. Just one of
David HarleyWell, Mikeyy may not be the only security problem Twitter has right now, but the Hoodied Bore does seem to be doing an excellent job of exhausting everyone’s patience, including that of The Register’s John Leyden, who described him as “increasingly annoying”. It appears that Mr. Mooney did take responsibility for at least the first
David HarleySome of you may have noticed that I’ve been uncharacteristically quiet the past few days. That’s because I really needed to do catch up with other things. Sad though I am to have missed the opportunity to jeer at Mikeyy the Worm and his new employer (though I may come back to them shortly, just
David HarleyI’m guessing that you’ve probably heard about the worm attacks on Twitter over the Easter weekend. Even I did, and I was doing my best to take some time out from work, with rather more success than usual. According to one Michael – sorry, Mikeyy – Mooney, a bored 17-year-old, he was responsible for the
David HarleyLarry Seltzer, one of the better commentators on malware issues, has picked up on the disparity between ESET’s naming of the latest variant and Symantec’s – they call it W32.Downadup.E. Richard Adhikari (who also seems to pretty clueful) also picked up on the naming issue when we exchanged emails a few days ago. This issue
David HarleySo now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost certainly be down to my faulty interpretation!) The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in
David HarleyIf you just got here looking for my blog on Conficker and “blended hoaxes”, I’m afraid I just pulled it (temporarily at least) in the light of new data that’s come in since last night: I don’t want to mislead anyone, as it seems that the new Conficker stuff is a lot more active and
David HarleyWell, hopefully my power sockets are not leaking computer viruses and keyloggers, but who knows? Quite a few news outlets have picked up on a story in the Wall Street Journal claiming that spies from China and Russia have “penetrated the U.S. electrical grid”. Scary… A little too scary and not enough detail to convince some
David Harley