Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in
Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below. A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image The “Jaa” button is actually a “Share” button and will post the
Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users
In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.
Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy
Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%
Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,
As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?” What do all of these links below have in common? You don’t have to read them, I’ll tell you.. http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/
Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product. The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we
OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications
At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers. According to
Today, June 8th Sony Pictures published a consumer alert on their site http://www.sonypictures.com/corp/consumeralert.html. The alert is about the data breach that was not discovered by Sony, but rather shoved in Sony’s face on June 2nd and specific details were confirmed by the Associated Press on June 3rd. Despite the fact that it was confirmed that
I’m not paid to find irony in life, it’s just how I’m wired. For example, I found it hilarious that in a Singapore airport restroom with toilets that flush automatically, touch-free sinks, touch-free soap dispensers, and touch-free hand driers, they have a TOUCH SCREEN “rate our bathroom” survey! I’m not making this up, here’s the
I wonder if that is a coincidence that Sony Corporation of America is looking for a Senior Network Systems Administrator considering an Associated Press article reported that victims of the latest Sony Pictures data breach have confirmed that the information that the blackhat group “Lulz Security” leaked was real information that did come from Sony
What’s wrong with this picture? Yes, that’s right, I am using Google’s incognito mode and Clicker knows exactly who I am! I have previously blogged here and here about Facebook’s instant personalization, but let me spell it out for you. Facebook “Instant Personalization” destroys Google Chrome’s “Incognito mode”. There is nothing incognito about opening a
A couple of days ago I blogged about a disturbing new way that Facebook was sharing information without notification or authorization. A friend of mine pointed me to an article on ZDNET that described the issue and what was happening. The “feature” is called “Instant Personalization” and the concept is simple. The concept is not
The MacDefender malware has morphed again, now taking the guise of "MacShield." As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache. The UI is essentially unchanged, but as usual all
In very troubling news it appears that Sony has been hacked again. This time a group that calls themselves “Lulz Security” claims that not only was the database breached by using a simple SQL injection attack but also that the passwords were stored in plain text. If this is true, storing the passwords in plain
Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such
Google posted information today about an attack against some Gmail account holders. In this case the attack appeared to be directed at government officials in the US and Korea, as well as Chinese political activists, journalists and military personnel. If you don’t fit in these categories it doesn’t mean you are not at risk, it
Just a few short days ago I read the announcement that Microsoft announced a new relationship with the social networking services Twitter and Facebook. The relationship was created to enable users of Xbox Live to access their profiles and post photos to their Facebook accounts and allow Twitter users to post and read messages –
At the Interop show in Las Vegas I promised some people I would put the list of resources we included in out presentation on the ESET blog. These are great resources for education and cybercrime reporting. The first one is a new initiative form ESET. I’ll blog more extensively about Securing Our eCity tomorrow! • Securing
Yesterday at the EICAR conference in Berlin <http://www.eicar.com> Dr. Fred Cohen was the keynote speaker. For any of you who do not know of Dr. Cohen, he is credited with coining the term virus to describe a self-replication program. Dr. Cohen also is credited with writing the first computer virus. The virus was written as
As we do each month, ESET has released its monthly threat report. As you might expect, there were a lot of Conficker detections out there. There were also almost as many detections for autorun threats that are not Conficker. In other words, if you have disabled autorun, then you protect against a lot more than
We all have recently endured a week or so of extensive media hype about a worm called “Conficker”. Phrases such as “One of the worst viruses ever” and other such nonsense were tossed around like promises at a political rally, with about the same level of honesty and accuracy, perhaps even less. Conficker was already
I’ve tried to convince you all that you really need to watch out for all of the threats and that it really isn’t worth worrying about Conficker, but if you are still worried about Conficker we do have a knowledge base article you can peruse at http://kb.eset.com/esetkb/index?page=content&id=SOLN2209. If you apply your security patches, disable autorun,
Perhaps this is a little relevant to some of our readers… We just released version 4 of ESET Antivirus (NOD32), and ESET Smart Security. If you have a valid license, then there is no charge for the upgrade. Take a look at http://www.eset.com/smartsecurity/ for the “What’sNew” information. Randy Abrams Director of Technical Education
I recently started writing weekly tech tips for the San Diego Chamber of Commerce. If you are interested in these tips you can find them at http://www.sdchamber-members.org/TechTip.htm. Past tips are archived there as well. Randy Abrams Director of Technical Education
When it comes to computers, there is no such thing as a little bit different. Consider the following. “0010 1111” is how a PC identifies a forward slash “/”. Each one and zero represents a bit. Eight bits, as you may know, is a byte. 0010 1110 is one little bit different from 0010 1111,
The email scam du jour is an email scam promising government grants. One of the highly prevalent ones is from an alleged company called “Rapid Grants Solutions Kit”. I decided to search for them. This time I used Google, Yahoo, Live.com, and Ask.com. In al cases the results looked pretty shady. The results with Google
I was recently quoted at http://www.internetnews.com/search/article.php/3798021 regarding Google ad words. Actually, ad words matter to advertisers and to some of the bad guys, but I don’t think the average user pays much attention to whether the result is an ad or what the industry calls an “organic” hit, which is anything but organic and is
Today is inauguration day in the USA. As I traveled to many countries late last year I was amazed at how joyous people of many cultures were that Obama is to be President of the USA. Working in the security field, we see a lot of disappointment. Sometimes it seems that there is no hope
CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is
One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that
Many people in the US associate HIPAA with the rules required to protect medical data. It actually is a lot more than that, but the HIPAA laws do require some minimal standards for medical providers. I recently came across an example of where HIPAA is ineffective. The medical providers are required to protect your data,
I know, the Twitter hack is old news, but poor passwords are still common. It is a pity because it really is so easy to make a password much better and still be easy to remember. According to the press, an admin used the password “happiness” and that is how a hacker gained access to
I recently received an email stating “It is a privilege to inform you that you are being considered for inclusion into the 2009/2010 Princeton Premier Honors Edition Registry. This recognition is an honor shared by only the most accomplished professionals who have demonstrated excellence within their careers and communities.” I had always assumed these were
Over the past few months I received a lot of spam about a site called Fanbox.com. I finally set up a disposable email account and joined. I was not at all surprised to find that I suddenly had many fans. Even a skinny geek is a “hunk†to a chatbot!!! Yes, all, but one of
Welcome to prime-time scam season. This is when the advertisements for taxes in the USA really start to pick up. Granted, they go on all year long, but now is when we traditionally see an increase in volume. There are a variety of such scams. The worst of the scams are the phishing attacks. If
Perhaps the most impersonated person in the world is Santa Claus. For Santa, Identity theft isn’t a problem, but for millions of consumers it is a real problem. There are some steps you can take to help prevent identity theft. That said, identity theft is not always preventable by the consumer. http://www.ftc.gov/bcp/edu/microsites/idtheft/ is a good
