ESET Research | WeLiveSecurity

Bio

ESET Research

ESET Research

Articles by author

Like FireSheep? You Will Love FireTweet!

OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications

Citigroup Hacked – Sometimes it is all About the Money

At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers. According to

Sony Says Personally Identifiable Information Might Have Been Stolen

Today, June 8th Sony Pictures published a consumer alert on their site http://www.sonypictures.com/corp/consumeralert.html. The alert is about the data breach that was not discovered by Sony, but rather shoved in Sony’s face on June 2nd and specific details were confirmed by the Associated Press on June 3rd. Despite the fact that it was confirmed that

Sometimes Marketing Looks Like a Dog Biting His Tail

I’m not paid to find irony in life, it’s just how I’m wired. For example, I found it hilarious that in a Singapore airport restroom with toilets that flush automatically, touch-free sinks, touch-free soap dispensers, and touch-free hand driers, they have a TOUCH SCREEN “rate our bathroom” survey! I’m not making this up, here’s the

Sony USA has an Opening for a Senior Network Administrator

I wonder if that is a coincidence that Sony Corporation of America is looking for a Senior Network Systems Administrator considering an Associated Press article reported that victims of the latest Sony Pictures data breach have confirmed that the information that the blackhat group “Lulz Security” leaked was real information that did come from Sony

Facebook Invites Stalkers to Your Profile

A couple of days ago I blogged about a disturbing new way that Facebook was sharing information without notification or authorization. A friend of mine pointed me to an article on ZDNET that described the issue and what was happening. The “feature” is called “Instant Personalization” and the concept is simple. The concept is not

MacDefender undergoes a name change, MacShield

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache. The UI is essentially unchanged, but as usual all

Sony Breached Again – User names and passwords published

In very troubling news it appears that Sony has been hacked again. This time a group that calls themselves “Lulz Security” claims that not only was the database breached by using a simple SQL injection attack but also that the passwords were stored in plain text. If this is true, storing the passwords in plain

LinkedIn Phish – So Easy to Avoid

Security vendor Trusteer blogged about a wave of fake LinkedIn emails that download malware on to your computer. The images Trusteer shows of the phish demonstrate how tricky the criminals are and how authentic the message looks, yet just yesterday I shared with you a foolproof method to prevent yourself from falling victim to such

Gmail Accounts Under Attack

Google posted information today about an attack against some Gmail account holders. In this case the attack appeared to be directed at government officials in the US and Korea, as well as Chinese political activists, journalists and military personnel. If you don’t fit in these categories it doesn’t mean you are not at risk, it

Facebook Strikes Down Privacy Again

Despite your privacy settings, Camping will accurately predict the exact time and date of the Rapture before Facebook will respect your explicit privacy choices. I recently went to read a review on Yelp and was surprised to my name and Facebook picture as well as a message that Yelp can personalize the page for me.

Happy National Internet Safety Month

Well, isn’t today a happy day! We have International Children’s Day and National Internet Safety Month. For those of you outside of the US, feel free to join us in the celebration. In observance of Internet Safety Month, ESET has teamed up with the San Diego Police department to launch SafetyNet eLearning, a free online

May 2011 Global Threat Report

Released today in PDF format, a highlight of our global threat report covers: Don’t be silly online, please Facebook privacy: security concerns Cybersecurity symposium in San Diego Return of the password reset attack The Top Ten Threats Top Ten Threats at a Glance (graph) Be sure and check out our previous threat reports. Figure 1:

Calling Android Smartphone Zombies

Android Smartphones are under attack again by rogue applications that once installed are reading information from the phone and sending it back to a pre-assigned location. According to mobile security firm as many as 120,000 users may have been infected from a cafeteria selection of at least two dozen applications from the Android Market. “Once

Happy International Children’s Day!

International Children’s Day is June 1st and the event is almost as old as David Harley and I combined! The event was started in 1925 in Geneva, Switzerland at the World Conference for the Well-being of Children. To join in the observance of International Children’s day we thought it might be worthwhile to share some

Mobile Devices Favor Malware and Phishing

A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and

Protecting Consumers from Rogue Online Pharmacies

Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization.  Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline.  The problem with rogue online pharmacies is that they do not meet federal regulations.  To

Lockheed Martin breached by unknown digital assailants

In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators.  Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to

MacDefender: The sky is not falling…

In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it.   I'll address the second question first.   I think its safe to say the current malware would not be newsworthy if

Grant Me Your Wallet

The email scam du jour is an email scam promising government grants. One of the highly prevalent ones is from an alleged company called “Rapid Grants Solutions Kit”. I decided to search for them. This time I used Google, Yahoo, Live.com, and Ask.com. In al cases the results looked pretty shady. The results with Google

The Hard Facts

I was recently quoted at http://www.internetnews.com/search/article.php/3798021 regarding Google ad words. Actually, ad words matter to advertisers and to some of the bad guys, but I don’t think the average user pays much attention to whether the result is an ad or what the industry calls an “organic” hit, which is anything but organic and is

Is All Lost?

Today is inauguration day in the USA. As I traveled to many countries late last year I was amazed at how joyous people of many cultures were that Obama is to be President of the USA. Working in the security field, we see a lot of disappointment. Sometimes it seems that there is no hope

Confused about Conficker?

CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is

You Did Back Up Your Data, Didn’t You?

One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that

HIPAA is not privacy

Many people in the US associate HIPAA with the rules required to protect medical data. It actually is a lot more than that, but the HIPAA laws do require some minimal standards for medical providers. I recently came across an example of where HIPAA is ineffective. The medical providers are required to protect your data,

Emotions are Poor Passwords

I know, the Twitter hack is old news, but poor passwords are still common. It is a pity because it really is so easy to make a password much better and still be easy to remember. According to the press, an admin used the password “happiness” and that is how a hacker gained access to

What an Honor

I recently received an email stating “It is a privilege to inform you that you are being considered for inclusion into the 2009/2010 Princeton Premier Honors Edition Registry. This recognition is an honor shared by only the most accomplished professionals who have demonstrated excellence within their careers and communities.” I had always assumed these were

Ahhh, Protection!!!

Over the past few months I received a lot of spam about a site called Fanbox.com. I finally set up a disposable email account and joined. I was not at all surprised to find that I suddenly had many fans. Even a skinny geek is a “hunk” to a chatbot!!! Yes, all, but one of

It’s Scam Time!!!

Welcome to prime-time scam season. This is when the advertisements for taxes in the USA really start to pick up. Granted, they go on all year long, but now is when we traditionally see an increase in volume. There are a variety of such scams. The worst of the scams are the phishing attacks. If

Poor Santa

Perhaps the most impersonated person in the world is Santa Claus. For Santa, Identity theft isn’t a problem, but for millions of consumers it is a real problem. There are some steps you can take to help prevent identity theft. That said, identity theft is not always preventable by the consumer. http://www.ftc.gov/bcp/edu/microsites/idtheft/ is a good

Smarter Smart Phones

An article on internetnews.com today caught my eye. “In Search of Smarter Phones” http://www.internetnews.com/bus-news/article.php/3788456 tells of capabilities being added to smart phones and new applications for these devices. With the release of ESET Mobile Antivirus this was of interest to me as currently there are few threats in the wild that attack the devices we currently

Attacks in Mumbai and Risk Management

There was terrible news in Mumbai, India. Terrorists attacked several site and at least 80 people were reported dead. Knowing that I plan to go to India, it didn’t take long before I received a phone call asking if I was aware of the situation and if I would still be going. Both of my

Injustice Served – The Amero Case Closes

[Some text removed as it no longer made sense because of references to content on other sites which is no longer available – DH, 2017] A couple of years ago I blogged about the Julie Amero case http://www.eset.com/threat-center/blog/?p=42. There is finally closure in this case. In the state of Connecticut and innocent person proclaiming their

ESET Smart Security 4.0 Beta Available

We’ve added some features to ESET Smart Security. The beta for version 4.0 is now open to the public. Visit http://beta.eset.com to try out the new version. As always with beta software, it is not recommended to be used on production systems. New features include: support for Microsoft Windows Live Mail and Mozilla Thunderbird mail

Microsoft to Give Away AV Software

Microsoft announced that they will be dropping OneCare and providing a free consumer anti-virus product. Much like when Microsoft announced they would enter the anti-virus market, this has caused quite a bit of media buzz. Much like when Microsoft announced they would enter the anti-virus market, this is not a big deal. To start with,

White Listing – The End of Antivirus???

Some people are talking about a technique called “white listing” as if it were the silver bullet that is going to save the world. It is… in the fantasy worlds. I think I can lay claim to a certain amount of expertise when it comes to white listing. White listing was fundamentally my job at

A New Era?

I write this blog from Jakarta, Indonesia where yesterday I had a meeting with employees of the Koran Tempo. The Koran Tempo is a major magazine and news publication here. In the English edition of Tempo magazine there are several stories about Obama and the election in the US. One story that caught my eye

Watch Out For Good Download Sites

CNET, who hosts Download.com, has enjoyed a reputation for being a safe place to download software from. The program you download may be great or may be useless, but it had been “Tested Spyware Free.” At least that is what Download.com says about their downloads. Today it has come to my attention that the site

Election Day Storm Clouds: Is Your Vote Being Counted?

Electronic voting machines are a controversial topic. They really should not be, but due to the inept implementation of this method of voting by vendors like Diebold and Sequoia, there are serious questions about their accuracy and resilience to fraud. In 2005, Bruce Schneier wrote of some of the problems at http://www.schneier.com/blog/archives/2004/ 11/the_problem_wit.html In January