OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications
At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers. According to
Today, June 8th Sony Pictures published a consumer alert on their site http://www.sonypictures.com/corp/consumeralert.html. The alert is about the data breach that was not discovered by Sony, but rather shoved in Sony’s face on June 2nd and specific details were confirmed by the Associated Press on June 3rd. Despite the fact that it was confirmed that
I’m not paid to find irony in life, it’s just how I’m wired. For example, I found it hilarious that in a Singapore airport restroom with toilets that flush automatically, touch-free sinks, touch-free soap dispensers, and touch-free hand driers, they have a TOUCH SCREEN “rate our bathroom” survey! I’m not making this up, here’s the
I wonder if that is a coincidence that Sony Corporation of America is looking for a Senior Network Systems Administrator considering an Associated Press article reported that victims of the latest Sony Pictures data breach have confirmed that the information that the blackhat group “Lulz Security” leaked was real information that did come from Sony
What’s wrong with this picture? Yes, that’s right, I am using Google’s incognito mode and Clicker knows exactly who I am! I have previously blogged here and here about Facebook’s instant personalization, but let me spell it out for you. Facebook “Instant Personalization” destroys Google Chrome’s “Incognito mode”. There is nothing incognito about opening a
A couple of days ago I blogged about a disturbing new way that Facebook was sharing information without notification or authorization. A friend of mine pointed me to an article on ZDNET that described the issue and what was happening. The “feature” is called “Instant Personalization” and the concept is simple. The concept is not
The MacDefender malware has morphed again, now taking the guise of "MacShield." As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache. The UI is essentially unchanged, but as usual all
In very troubling news it appears that Sony has been hacked again. This time a group that calls themselves “Lulz Security” claims that not only was the database breached by using a simple SQL injection attack but also that the passwords were stored in plain text. If this is true, storing the passwords in plain
Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such
Google posted information today about an attack against some Gmail account holders. In this case the attack appeared to be directed at government officials in the US and Korea, as well as Chinese political activists, journalists and military personnel. If you don’t fit in these categories it doesn’t mean you are not at risk, it
Despite your privacy settings, Camping will accurately predict the exact time and date of the Rapture before Facebook will respect your explicit privacy choices. I recently went to read a review on Yelp and was surprised to my name and Facebook picture as well as a message that Yelp can personalize the page for me.
Well, isn’t today a happy day! We have International Children’s Day and National Internet Safety Month. For those of you outside of the US, feel free to join us in the celebration. In observance of Internet Safety Month, ESET has teamed up with the San Diego Police department to launch SafetyNet eLearning, a free online
Released today in PDF format, a highlight of our global threat report covers: Don’t be silly online, please Facebook privacy: security concerns Cybersecurity symposium in San Diego Return of the password reset attack The Top Ten Threats Top Ten Threats at a Glance (graph) Be sure and check out our previous threat reports. Figure 1:
Android Smartphones are under attack again by rogue applications that once installed are reading information from the phone and sending it back to a pre-assigned location. According to mobile security firm as many as 120,000 users may have been infected from a cafeteria selection of at least two dozen applications from the Android Market. “Once
International Children’s Day is June 1st and the event is almost as old as David Harley and I combined! The event was started in 1925 in Geneva, Switzerland at the World Conference for the Well-being of Children. To join in the observance of International Children’s day we thought it might be worthwhile to share some
A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and
Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization. Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline. The problem with rogue online pharmacies is that they do not meet federal regulations. To
In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators. Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to
In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it. I'll address the second question first. I think its safe to say the current malware would not be newsworthy if
The email scam du jour is an email scam promising government grants. One of the highly prevalent ones is from an alleged company called “Rapid Grants Solutions Kit”. I decided to search for them. This time I used Google, Yahoo, Live.com, and Ask.com. In al cases the results looked pretty shady. The results with Google
I was recently quoted at http://www.internetnews.com/search/article.php/3798021 regarding Google ad words. Actually, ad words matter to advertisers and to some of the bad guys, but I don’t think the average user pays much attention to whether the result is an ad or what the industry calls an “organic” hit, which is anything but organic and is
Today is inauguration day in the USA. As I traveled to many countries late last year I was amazed at how joyous people of many cultures were that Obama is to be President of the USA. Working in the security field, we see a lot of disappointment. Sometimes it seems that there is no hope
CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is
One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that
Many people in the US associate HIPAA with the rules required to protect medical data. It actually is a lot more than that, but the HIPAA laws do require some minimal standards for medical providers. I recently came across an example of where HIPAA is ineffective. The medical providers are required to protect your data,
I know, the Twitter hack is old news, but poor passwords are still common. It is a pity because it really is so easy to make a password much better and still be easy to remember. According to the press, an admin used the password “happiness” and that is how a hacker gained access to
I recently received an email stating “It is a privilege to inform you that you are being considered for inclusion into the 2009/2010 Princeton Premier Honors Edition Registry. This recognition is an honor shared by only the most accomplished professionals who have demonstrated excellence within their careers and communities.” I had always assumed these were
Over the past few months I received a lot of spam about a site called Fanbox.com. I finally set up a disposable email account and joined. I was not at all surprised to find that I suddenly had many fans. Even a skinny geek is a “hunk†to a chatbot!!! Yes, all, but one of
Welcome to prime-time scam season. This is when the advertisements for taxes in the USA really start to pick up. Granted, they go on all year long, but now is when we traditionally see an increase in volume. There are a variety of such scams. The worst of the scams are the phishing attacks. If
Perhaps the most impersonated person in the world is Santa Claus. For Santa, Identity theft isn’t a problem, but for millions of consumers it is a real problem. There are some steps you can take to help prevent identity theft. That said, identity theft is not always preventable by the consumer. http://www.ftc.gov/bcp/edu/microsites/idtheft/ is a good
An article on internetnews.com today caught my eye. “In Search of Smarter Phones” http://www.internetnews.com/bus-news/article.php/3788456 tells of capabilities being added to smart phones and new applications for these devices. With the release of ESET Mobile Antivirus this was of interest to me as currently there are few threats in the wild that attack the devices we currently
There was terrible news in Mumbai, India. Terrorists attacked several site and at least 80 people were reported dead. Knowing that I plan to go to India, it didn’t take long before I received a phone call asking if I was aware of the situation and if I would still be going. Both of my
[Some text removed as it no longer made sense because of references to content on other sites which is no longer available – DH, 2017] A couple of years ago I blogged about the Julie Amero case http://www.eset.com/threat-center/blog/?p=42. There is finally closure in this case. In the state of Connecticut and innocent person proclaiming their
We’ve added some features to ESET Smart Security. The beta for version 4.0 is now open to the public. Visit http://beta.eset.com to try out the new version. As always with beta software, it is not recommended to be used on production systems. New features include: support for Microsoft Windows Live Mail and Mozilla Thunderbird mail
Microsoft announced that they will be dropping OneCare and providing a free consumer anti-virus product. Much like when Microsoft announced they would enter the anti-virus market, this has caused quite a bit of media buzz. Much like when Microsoft announced they would enter the anti-virus market, this is not a big deal. To start with,
Some people are talking about a technique called “white listing” as if it were the silver bullet that is going to save the world. It is… in the fantasy worlds. I think I can lay claim to a certain amount of expertise when it comes to white listing. White listing was fundamentally my job at
I write this blog from Jakarta, Indonesia where yesterday I had a meeting with employees of the Koran Tempo. The Koran Tempo is a major magazine and news publication here. In the English edition of Tempo magazine there are several stories about Obama and the election in the US. One story that caught my eye
CNET, who hosts Download.com, has enjoyed a reputation for being a safe place to download software from. The program you download may be great or may be useless, but it had been “Tested Spyware Free.” At least that is what Download.com says about their downloads. Today it has come to my attention that the site
Electronic voting machines are a controversial topic. They really should not be, but due to the inept implementation of this method of voting by vendors like Diebold and Sequoia, there are serious questions about their accuracy and resilience to fraud. In 2005, Bruce Schneier wrote of some of the problems at http://www.schneier.com/blog/archives/2004/ 11/the_problem_wit.html In January
