ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Adobe Flash Settings

As I previously pointed out http://www.eset.com/threat-center/blog/2009/08/04/calling-adobe%E2%80%99s-bluff, Adobe is at best deceptive about claims of the security and privacy of Flash. Even if you do not know what flash is or how to find it, you probably have it on your computer. If you open control panel and go to the “add or remove programs” application

Lies, Damned Lies, and SPYzooka

Update. August 5th 1:30 PM PDT.  I received an email from Mr. Carl Haugen, the president of BluePenguin Software who develop SPYzooka. According to Mr. Haugen the offending post was made by a former employee and has now been removed. I have verified that the post was removed. This is an encouraging sign. I will

Ditch Adobe?

Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible.  Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit

Calling Adobe’s Bluff

Dear Adobe, It is time to put up or shut up. Your web site FAQ http://www.adobe.com/products/flashplayer/security/privacy_policy/faq.html has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash

Security Cyber “Czar” Steps down

The Wall Street Journal http://online.wsj.com/article/SB124932480886002237.html reported that Melissa Hathaway, the acting White House Cyber Security Czar, has resigned. The difficulty filling the position has been ongoing and is not limited to an administration or political camp. Richard Clarke at one time held a similar position in the Bush administration, Howard Schmidt was a cyber security

Potentially Abandoned Conficker Grows

According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these users are not using

Apple Announces QuickSand

Wow, talk about burying your head in the sand. One day Apple will learn, but that day is not today. In an article at http://arstechnica.com/apple/news/2009/07/apple-claims-jailbreaking-could-bring-down-the-network.ars Apple claimes that “jailbreaking” iphones may cause their towers to crash. The purpose in this claim is to avoid security at all costs and try to get the government to

Looking for Trouble?

You probably aren’t looking for trouble, but there’s a good chance you’ll find it when you search the internet. An article in Information Week http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218700239&cid=RSSfeed_IWK_All it was reported that the bad guys are trying to make sure their bad web pages come up when you search common terms on the internet. In this case the

You May Die from an Airbag

Yes, it is true. Airbags in cars save a whole bunch more lives than they end of costing, but sometimes, on rare occasions, they may take a life that otherwise would have been saved. Almost anyone, except the airbag instigators of the story, below understand the trade offs. The TechnologyBUFOON.com, I mean Technologyreview.com published the

Hotmail’s Delay May Facilitate Fraud

I received an email from an acquaintance this morning. It said: Please Urgent Needed Hello,   How are you doing?hope all is well, I"m sorry that i didn’t inform you about my traveling to England for a Seminar.I need a favor from you as soon as you receive this e-mail because i misplaced my wallet

Is it my Business?

Do you ever use a public computer? Do you realize that potentially everything you type and read may be public information? I was checking a hotel business center computer this weekend. I found some interesting stuff. A military document for a local air force base. It wasn’t classified. The confidential test results for a semi-synthetic

Data Breaches – It’s All Greek to Me

The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled “U.S. Enterprise Encryption Trends”, has completed its fourth annual publication.  The data was directly obtained from

Comcast Embraces URL Hijacking

Typosquatting http://en.wikipedia.org/wiki/Typosquatting, sometimes called URL Hijacking is a nefarious practice of registering a domain so that when someone makes a mistake in typing in a URL the result is a page they were not looking for. For example, if I was an unscrupulous competitor I might register the domain www.esey.com and try to sell a

Cyber war or Cyber hype?

Cyber war or Cyber hype? On July 4th several US government web sites were hit with a distributed denial of service (DDOS) attack. In human speak that means you couldn’t get to those web sites because too many other computers were making them unavailable. Many of the attack failed, but some sites, like www.ftc.gov effectively

Social Networking or Social Suicide?

I just read a startling news story about how someone didn’t understand what NOT to post on Facebook. The article titled “British spy chief’s cover blown on Facebook” tells how the wife of Sir John Sawers put up way too much information on Facebook. You can read the story at http://tech.yahoo.com/news/nm/20090706/tc_nm/us_britain_mi6 You don’t have to

Password Mythology

I recently read an article about Facebook security problems at http://www.securitymattersmag.com/security-matters-magazine-article-detail.php?id=411 in which some advice on passwords was given. Some of the advice was quite good, but some was a bit shaky. I’ll go through the tips and tell you what’s hot and what’s not! Use a combination of uppercase and lowercase letters, symbols, and

Watch Out for “Michael Jackson” Hoaxes

The news broke a short time ago that pop star Michael Jackson died of a heart attack. It is all too predictable that the bad guys will use this news event to spam out fake videos or links to alleged pictures in order to trick users into installing their malicious software. If you receive an

The Faces of Cybercrime

I was recently reminded of the truism that security is about managing risk. You cannot eliminate all risk. When we think of cyber criminals we tend to think of phishers, criminal gangs writing malware to steal passwords, and eBay scammers. So we try to deal with “reputable” companies to eliminate the risk of theft and

Microsoft Security Essentials?

Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare. The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If

Go Phishing with the city of Bozeman, Montana

The City of Bozeman, Montana effectively joined the ranks of phishers when they asked job candidates for their usernames and passwords for social networking sites that the applicant belongs to. In a report at , after considerable outcry the city rescinded its mindless policy. To begin with, the city was asking applicants to breach their