ESET Research, Author at WeLiveSecurity - Page 20 of 29

Bio

ESET Research

ESET Research

Articles by author

Windows, Online Banking, and Phishing

Yesterday I posted a blog about the Director of the FBI claiming to no longer use online banking at all because he almost feel for a phishing attack. A response to the blog suggested not using Windows for online banking and linked to Brian Krebs http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_bank_on.html and Michael Horowitz http://blogs.computerworld.com/14806/crimeware_gets_worse_how_to_avoid_being_robbed_by_your_pc Both of these articles discuss

Phishing, the FBI, and Terror

In a recent speech given by Robert S. Mueller, III, Director of the FBI, he claimed that he had almost been the victim of a phishing attack targeting his bank account. Mueller went on to say that at his wife insistence he has since given up on-line banking. The article I saw was http://www.eweek.com/c/a/Security/FBI-Director-Nearly-Hooked-in-Phishing-Scam-Swears-Off-Online-Banking-616671/. It’s

Shortage of CyberCops

The Wall Street Journal recently ran an interesting article at http://online.wsj.com/article/SB125487044221969127.html. Of note, was a quote from Los Angeles District Attorney Steve Cooley who said “These days, "practically every crime, from drug dealing to murder, involves digital evidence" .From the invention of the knife, to the gun, to the telephone and car, criminals have always

Webmail Hacks

Recently there were reports of tens of thousands of hotmail passwords being posted on the web. In reality Hotmail, Gmail, Yahoo mail, and all email services are regularly being phished. If you receive an email telling you to provide your password it is a phish. That is as simple as it gets. Never give out

Windows 7 Security

The long awaited successor to Windows XP has been released? It’s Windows 7. What about Windows Vista? Well, to be frank, windows Vista is to the Windows family what DOS 4.0 was to the DOS family. For those of you who do not recall the DOS family line, DOS 4.0 was a bit of a

Dissipating the Cloud

The next presentation here at Virus Bulletin is called “Tales from Cloud Nine” and is presented by Mihai Chiriac, the head of research from BitDefender. While using the word “cloud”, Mihai continued to explain what the technology is that is being used, how and why it used. This was an exceptionally well balanced presentation that

A Cloud is a Container of Fog that Obscures Vision

I’m sitting in a presentation at the Virus Bulletin conference in Geneva. The topic is “Why in the Cloud scanning is not a solution. The presentation is done by Andreas Marx and Maik Morgenstern from AV-Test.org. What they found in extensive testing is that “Cloud” scanners do not have a detection advantage over traditional solutions.

Do You Wear a Seatbelt?

Modern cars are designed with crumple zones. These crumple zones help to decrease the risk of death in a severe car accident. Modern cars also have airbags. The airbags reduce your risk of death or injury in the case of an accident. If you don’t use a seatbelt your airbag and crumple zone are unlikely

Can’t Surf the Web?

Australia’s Internet Industry Association (IIA) is working on best practices for isolating computers with bots on them (http://iia.net.au/index.php/initiatives/isps-guide.html) At the same time, the Internet Engineering Task Force (IETF) is also drafting a document about the same thing (http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03) If these recommendations are adopted then people who have bots on their computers would have to get

Do Security Like a Pro (or not)

A report from SANS concludes that security professionals may not be paying attention to some of the biggest threats out there today. Not terribly long ago the Windows operating system was the attack target of the bad guys. There were tons of exploitable vulnerabilities and they were heavily exploited. Since that time Microsoft has put

Got ICE?

ICE stands for “In Case of Emergency”. The idea is that you put ICE in front of the contact(s) on your phone that you would want to have called if something happens and emergency personnel look at your cell phone to try to figure out who to call. I recently found a cell phone at

iTrout

Kelly Jackson Higgins with Dark Reading reported that the anti-phishing technology on the iPhone is currently not working. You can read the article at http://www.darkreading.com/security/client/showArticle.jhtml?articleID=219700594&cid=nl_DR_DAILY_T The truth is that no anti-phishing technology is reliable. The technologies can help, sometimes significantly, but the most effective protection is an educated user. All of the technologies have failure

Keep Those Third Party Apps Patched!

You may have seen some news today about a new vulnerability that can potentially affect Windows Vista. Microsoft will have a patch for the flaw, hopefully before it is exploited. Of course, Microsoft had a patch for the flaw that Conficker exploited, but too many people are not patching anything. It’s a good idea to

Another Twitter Security Problem

As reported at http://www.eweek.com/c/a/Security/Twitter-XSS-Vulnerability-Still-Wide-Open-Developer-Says-433005/, a researcher has found a cross site scripting vulnerability that affects Twitter. The researcher claims that by exploiting this he could gain access to the Twitter accounts of anyone who views his specially crafted tweets. The explanation of the problem is a bit techie, but there is a very key point

Is Apple’s Snow Leopard Immune to Malware?

There is an interesting and humorous work of fiction at http://www.appleinsider.com/articles/09/09/07/inside_mac_os_x_snow_leopard_malware_protection.html. Humorous as long as you don’t believe it! The article starts out saying “Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software”. That’s a nice layer of defense, but there are sites many sites

Oh Yeah, That’s How It Should Work!!!

Recently a security company was hired to test the security of a Credit Union. The security company (MSI) ran a penetration test and mailed a letter with a couple of CDROMS to the Credit Union. The letter appeared to come from a reliable source, but it was unexpected and the employee who received it was

M(b)ac(k) to the future

Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware.  Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses

Now You Can Fix Autorun

Microsoft has released the patches required to make autorun work with only CD and DVD drives. There is one little catch, a USB drive can be configured to look like a CD, but this patch definitely helps reduce risk. I highly recommend you install the patch so that you can connect most thumb drives, GPS

Bots Aren’t The Only Zombies

News came out today that Michael Jackson’s death has been ruled as a homicide. Expect to see spam and hoax emails coming around soon trying to exploit this news. It seems that Michael Jackson just can’t die. It’s a good thing we didn’t have the internet when Elvis died. If you get emails for pictures,