ESET Research, Author at WeLiveSecurity - Page 4 of 29

Bio

ESET Research

ESET Research

Articles by author

Gmail Accounts Under Attack

Google posted information today about an attack against some Gmail account holders. In this case the attack appeared to be directed at government officials in the US and Korea, as well as Chinese political activists, journalists and military personnel. If you don’t fit in these categories it doesn’t mean you are not at risk, it

Facebook Strikes Down Privacy Again

Despite your privacy settings, Camping will accurately predict the exact time and date of the Rapture before Facebook will respect your explicit privacy choices. I recently went to read a review on Yelp and was surprised to my name and Facebook picture as well as a message that Yelp can personalize the page for me.

Happy National Internet Safety Month

Well, isn’t today a happy day! We have International Children’s Day and National Internet Safety Month. For those of you outside of the US, feel free to join us in the celebration. In observance of Internet Safety Month, ESET has teamed up with the San Diego Police department to launch SafetyNet eLearning, a free online

May 2011 Global Threat Report

Released today in PDF format, a highlight of our global threat report covers: Don’t be silly online, please Facebook privacy: security concerns Cybersecurity symposium in San Diego Return of the password reset attack The Top Ten Threats Top Ten Threats at a Glance (graph) Be sure and check out our previous threat reports. Figure 1:

Calling Android Smartphone Zombies

Android Smartphones are under attack again by rogue applications that once installed are reading information from the phone and sending it back to a pre-assigned location. According to mobile security firm as many as 120,000 users may have been infected from a cafeteria selection of at least two dozen applications from the Android Market. “Once

Happy International Children’s Day!

International Children’s Day is June 1st and the event is almost as old as David Harley and I combined! The event was started in 1925 in Geneva, Switzerland at the World Conference for the Well-being of Children. To join in the observance of International Children’s day we thought it might be worthwhile to share some

Mobile Devices Favor Malware and Phishing

A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and

Protecting Consumers from Rogue Online Pharmacies

Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization.  Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline.  The problem with rogue online pharmacies is that they do not meet federal regulations.  To

Lockheed Martin breached by unknown digital assailants

In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators.  Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to

MacDefender: The sky is not falling…

In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it.   I'll address the second question first.   I think its safe to say the current malware would not be newsworthy if

Sony Identity Theft Protection (Are there Stingers in the Honey?)

In the wake of the massive PlayStation/Qriocity data breach Sony has announced that they will be providing a 1 year complimentary ID theft protection service through a company called Debix. In addition to the ID theft protection Sony is offering other “gestures” of goodwill. This all sounds good on the outside and the ID theft

Security Through Obscurity

In techie circles bringing up the topic of security through obscurity is like bringing up religion or politics at a cocktail party where you don’t know anybody. It might go over really well, or you might find people calling you names that my friends in HR would chastise (or fire) me for printing in the

MacDefender (now MacGuard) Can Install Without Credentials

The recent MacDefender Trojan has been receiving “rebranding” facelifts since it came out. It has now been deployed as MacProtector, MacDetector, MacSecurity, Apple Security Center, and there are no doubt more iterations to come. The malware has been updated, and now sports an improved UI that looks like a native Mac OSX application, unlike the

Facebook Privacy: An Easy How-to Guide to Protecting Yourself

Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook.  Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government.  When many people use a service such as this, it

An Amazing Story – The Soul of a New Machine

As many of us cruise the information superhighway (haven’t heard that for a while have you) on 64-bit machines, it might be a good idea to take a breath and remember a pioneer. Back in the days when a small team at IBM was building a general purpose 8 bit personal computer, Tom West and

Back to the Basics – AKA Not Sony Again?

Yes, it is Sony again. This time it is their Canada web site and their Japan website. According to thehackernews.com, which I cannot vouch for, this is the 10th Sony hack. While we don’t know how the PlayStation Network hack happened, we do have some information about how some of the other attacks were performed

Anyone Fluent in L33t speak?

I went to verify some information to complete my account registration with an office supply store. The last item looked like this I initially thought that if it is a word, it must be l33t speak, but ahh, Google Translate to the rescue! I don’t know what 443xje5 means in French or English, but the

LinkedIn Security and The Rapture

What do these two topics have in common? More than you might think. The obvious is that neither has arrived yet. There is no proof of existence of either, you have to take it on faith. Neither will be here tomorrow… take my word for that. A story at http://www.reuters.com/article/2011/05/23/uk-linkedin-security-idUSLNE74M02820110523 explains how dreadfully poor security

Dirty Rumors about Facebook and ESET

Perhaps you just read David Harley’s blog http://blog.eset.com/2011/05/20/facebook-gets-something-right. Now I am about to tell you about something else Facebook got right. With two accolades in one day dirty, unfounded rumors might start flying about Facebook buying ESET or infiltrating our blog with spies. To cast off such groundless speculation I’ll tell you about the part

Poor Santa

Perhaps the most impersonated person in the world is Santa Claus. For Santa, Identity theft isn’t a problem, but for millions of consumers it is a real problem. There are some steps you can take to help prevent identity theft. That said, identity theft is not always preventable by the consumer. http://www.ftc.gov/bcp/edu/microsites/idtheft/ is a good

Smarter Smart Phones

An article on internetnews.com today caught my eye. “In Search of Smarter Phones” http://www.internetnews.com/bus-news/article.php/3788456 tells of capabilities being added to smart phones and new applications for these devices. With the release of ESET Mobile Antivirus this was of interest to me as currently there are few threats in the wild that attack the devices we currently

Attacks in Mumbai and Risk Management

There was terrible news in Mumbai, India. Terrorists attacked several site and at least 80 people were reported dead. Knowing that I plan to go to India, it didn’t take long before I received a phone call asking if I was aware of the situation and if I would still be going. Both of my

Injustice Served – The Amero Case Closes

[Some text removed as it no longer made sense because of references to content on other sites which is no longer available – DH, 2017] A couple of years ago I blogged about the Julie Amero case http://www.eset.com/threat-center/blog/?p=42. There is finally closure in this case. In the state of Connecticut and innocent person proclaiming their

ESET Smart Security 4.0 Beta Available

We’ve added some features to ESET Smart Security. The beta for version 4.0 is now open to the public. Visit http://beta.eset.com to try out the new version. As always with beta software, it is not recommended to be used on production systems. New features include: support for Microsoft Windows Live Mail and Mozilla Thunderbird mail

Microsoft to Give Away AV Software

Microsoft announced that they will be dropping OneCare and providing a free consumer anti-virus product. Much like when Microsoft announced they would enter the anti-virus market, this has caused quite a bit of media buzz. Much like when Microsoft announced they would enter the anti-virus market, this is not a big deal. To start with,

White Listing – The End of Antivirus???

Some people are talking about a technique called “white listing” as if it were the silver bullet that is going to save the world. It is… in the fantasy worlds. I think I can lay claim to a certain amount of expertise when it comes to white listing. White listing was fundamentally my job at

A New Era?

I write this blog from Jakarta, Indonesia where yesterday I had a meeting with employees of the Koran Tempo. The Koran Tempo is a major magazine and news publication here. In the English edition of Tempo magazine there are several stories about Obama and the election in the US. One story that caught my eye

Watch Out For Good Download Sites

CNET, who hosts Download.com, has enjoyed a reputation for being a safe place to download software from. The program you download may be great or may be useless, but it had been “Tested Spyware Free.” At least that is what Download.com says about their downloads. Today it has come to my attention that the site

Election Day Storm Clouds: Is Your Vote Being Counted?

Electronic voting machines are a controversial topic. They really should not be, but due to the inept implementation of this method of voting by vendors like Diebold and Sequoia, there are serious questions about their accuracy and resilience to fraud. In 2005, Bruce Schneier wrote of some of the problems at http://www.schneier.com/blog/archives/2004/ 11/the_problem_wit.html In January

Go Out and Vote

I apologize in advance to our international readers if this post is not of international interest, however it may well be as the leaders of the US seem to have a little bit of global impact :) For the background of this post, please see the following articles/blogs: http://blog.wired.com/27bstroke6/2008/10/bogus-robocall.html http://blog.wired.com/27bstroke6/2008/10/colorado-judge.html And, very Importantly: http://howto.wired.com/wiki/Vote_(Even_If_They_Say_You_Can’t) This

An Introduction to Packers

Packing technology is really just compression. You know, ZIP, CAB, RAR, and so on. There are many types of packers and some people even write their own. The way a packer compresses the file is called an algorithm. There are many different algorithms and unless you know what one was used, or have a tool

Microsoft’s October Out of Band Patch

Typically, Microsoft releases patches (security fixes) on the second Tuesday of each month. This day is affectionately called “Patch Tuesday” by many. On very rare occasions when there is a particularly severe vulnerability Microsoft will release a patch as soon as possible. Yesterday (October 23rd, 2008) Microsoft made a rare exception and released an “out

It Doesn’t Hurt to Ask

Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy. If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a

The AV Industry from the Outside In and the Inside Out

I have a rather unique perspective on the antivirus industry. I used to work for Microsoft before they were a competitor. Come on, you can’t call MSAV from DOS 6 an antivirus product :) For over seven years my job at Microsoft was to make sure that Microsoft did not release any infected software. All

The Race to Zero

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008. The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and

Happy Birthday CastleCops!

Sometimes it seems that we are fighting a battle that we are destined to lose. To some extent, win or lose depends upon your definition of the terms. We have never completely beat crime, but we still have victories against criminals… sometimes. Today it is a very great pleasure to wish a happy 6th anniversary

I AMTSO Happy to be here!

Well, I am happy to be here, but AMTSO stands for The Anti-Malware Testing Standards Organization. This is an initiative between Anti-Virus companies and anti-virus testers to improve the quality of testing performed on anti-virus products so as to provide consumers with meaningful tests. There have been so many bad tests performed, but “it’s on

The Anti-Spyware Coalition Public Workshop

Back in December of 2006 I posted an entry titled “The Spirit of Cooperation” . Today I am attending the Anti-Spyware Coalition Public Workshop in Washington DC. It is a very satisfying feeling sitting with staunch allies in the fight against spyware, adware, and other threats. Who are these allies? You would probably call them