ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Is Disney Flashing Minors?

Recently a lawsuit was filed against Walt Disney’s internet subsidiary and some of its partners as well. http://www.theregister.co.uk/2010/08/17/flash_cookie_lawsuit/ At issue is the use of a special kind of cookie that is used in conjunction with Adobe Flash. These “supercookies” are called Local Shared Objects or LSOs for short. LSOs are not deleted when you use

Your Fantasy, A Criminal’s Dream

Fantasy sporting leagues have become very popular. A good friend of mine is into fantasy car racing teams. Other friends are into fantasy soccer (football elsewhere in the world). In the US a lot of people are into the fantasy NFL (National Football League –not soccer). Recently a researcher, Gary Rios, joined an ESPN sponsored

Facebook Competitor Faces Criticism – Is Diaspora DOA?

Really – should any Alpha version be fed through a chipper-shredder like Diaspora has? The basics are simple: The basic premise behind Diaspora is that it will allow users to have social networking functionality similar to that offered by Facebook, but with far greater control over personal data. Diaspora was born earlier this year largely

MouseOver, Game Over

In some computer programming languages there is an event called “mouseover”. This command is used to determine what happens when a user put the mouse over a specific object. When you put the mouse over a hyperlink and see where that link will take you, that is a “mouseover” command at work. When you place

You Can’t Do That

So much of the time we security bloggers write about what you are not supposed to do, or try to tell you what you should do. This time it is different. This post is not about security it is about what one amazing individual can do and what you can do too, if you wish

Privacy is not in the Cards

I decided to download the card game Solitaire (by ZenTech Labs) on my Android based phone. Being a free app it is paid for by advertising. When you play the game there is always a banner ad at the bottom of the screen. One of the ads caught my eye. It said “Leslie2088 is .7

How Do You Find 200,000 Unique Samples a Day?

I recently received a couple of questions about signatures from a reader. 1- You said that ESET receives around 200000 unique malware samples daily, so does ESET detect most of them or detect only the malwares that their signatures are listed here: http://www.eset.com/threat-center/threatsense-updates ? 2- Nowadays why signatures are written? Are they written to detect

MotoSpeak and Sing and Run Random Apps?

In addition to recently getting a Droid 2, I purchased a Motorola H17txt Bluetooth headset. When used with a Blackberry or an Android based phone you can download and install an application called MotoSpeak that will read text messages and emails through the H17TXT. Before you go looking for such a headset be warned, there

You Have to be a Real Cool Cat!!!

You have to be a real cool cat to get into the Cambridge Who’s Who registry. A few months ago I received a spam message from whoswhopublication@gmail.com.  A legitimate Who’s Who organization is very unlikely to be using a Gmail address and they wouldn’t have sent the email to AskESET. Here’s the email: You were

Open Source Malware Fingerprinting – Free Tool

In my ever-widening circle of anti-cybercrime methodology this particular approach to attribution of the criminals looting the free world makes me particularly gleeful and I can’t wait to spread the good news: Security company HBGary today released an open source tool to digitally fingerprint malicious code and help identify the source of the malware. The

Share Your Password, Spam Your Friends

Time and time again security experts warn you not to share your password with anyone, yet sites like Facebook are always encouraging you to give them the password of an account that is not a Facebook account… your email account. You’ve probably seen the screen shot below on your Facebook friends page. It is asking

The Strange Case of the Droid 2 Password Lock

When I first got my Droid I went to set up my security. The first thing I do with a new mobile phone is set it up to require a password to unlock the device. I also set a timeout so that after a few minutes of inactivity the phone will automatically lock itself. If

Android Application Security

Installing an application on an iPhone is a bit different than installing an application on an Android based system. With the iPhone you go to the App Store, select your application (and pay if required) then download and install it. For the Android based phones you go to the Android Market, select your application, download

I’m Picking Up Good Vibrations

As I previously blogged, there is a serious security flaw in the way that the Android 2.2 OS is implemented, at least on the Motorola Droid 2. If you want to require a password to unlock the phone, and you hit the lock key, it takes at least two minutes before unlocking the phone will

Facebook Friending Gets A Guy Some Jail Time

Believe it or not, this cybercrime has some twists reminding all of us to beware the estranged techie ex who decides to hack email or instant messaging accounts and then escalate to Facebook friending. Enter Harry W Bruder. This handsome devil is in his mid fifties, proving that not every Facebook user is a college

Will France Spy on You?

Apparently France has some new legislation surrounding pirated software. I applaud reasonable approaches to combating piracy, but it appears that France may be ready to make public the answer to the question “Will Anti-virus ignore government Trojan horse programs?” I first saw the story at http://yro.slashdot.org/story/10/08/05/152255/Tech-Specs-Leaked-For-French-Spyware and the story was picked up from http://www.techdirt.com/articles/20100804/04205910492.shtml. If

Inter‑Species Marriage

This old dog is learning some new tricks, and no, I am not talking about animal husbandry or bestiality. In the past few months I got a MacBook Pro, switched from Windows XP to Windows 7 and now I have a Droid 2 attached to my hip, so technically I am not married to an

When Hell Freezes Over!

I received an email today that was funny to me, but not to someone who is unsuspecting. I’ll let you read it. —–Original Message—– From: Ann Price [mailto:ann.price@topspot-promotions.net] Sent: Thursday, August 12, 2010 7:14 AM To: AskESET Subject: Placing advertisements on blog.eset.com Greetings, Topspot-Promotions, an established advertising company, would like to pay you for placing

How to Screw Up and Skew a Test

Even as AMTSO attempts to bring some qualified and competent guidance to testing methodologies, and individuals with an agenda or paranoia invent stories about why it is not good, we see more completely incompetent testing. I refer this time to the test that Steve Ragan wrote about at http://www.thetechherald.com/article.php/201031/5979/Anti-Virus-industry-lacking-when-it-comes-to-detection-says-report. The test performed by Cyveillance, who