Google posted information today about an attack against some Gmail account holders. In this case the attack appeared to be directed at government officials in the US and Korea, as well as Chinese political activists, journalists and military personnel. If you don’t fit in these categories it doesn’t mean you are not at risk, it
Despite your privacy settings, Camping will accurately predict the exact time and date of the Rapture before Facebook will respect your explicit privacy choices. I recently went to read a review on Yelp and was surprised to my name and Facebook picture as well as a message that Yelp can personalize the page for me.
Well, isn’t today a happy day! We have International Children’s Day and National Internet Safety Month. For those of you outside of the US, feel free to join us in the celebration. In observance of Internet Safety Month, ESET has teamed up with the San Diego Police department to launch SafetyNet eLearning, a free online
Released today in PDF format, a highlight of our global threat report covers: Don’t be silly online, please Facebook privacy: security concerns Cybersecurity symposium in San Diego Return of the password reset attack The Top Ten Threats Top Ten Threats at a Glance (graph) Be sure and check out our previous threat reports. Figure 1:
Android Smartphones are under attack again by rogue applications that once installed are reading information from the phone and sending it back to a pre-assigned location. According to mobile security firm as many as 120,000 users may have been infected from a cafeteria selection of at least two dozen applications from the Android Market. “Once
International Children’s Day is June 1st and the event is almost as old as David Harley and I combined! The event was started in 1925 in Geneva, Switzerland at the World Conference for the Well-being of Children. To join in the observance of International Children’s day we thought it might be worthwhile to share some
A while back a malicious program called DroidDream was found on the Google Marketplace. The thing about DroidDream is that it exploited a vulnerability that gave it root access. Now contrast how Google treats security software. Security applications are not allowed to have root access. The truth is that the most popular mobile platforms (and
Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization. Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline. The problem with rogue online pharmacies is that they do not meet federal regulations. To
In an unfortunate series of events related to the RSA SecurID technology, reports are coming in that Lockheed Martin's networks have been broken into by unknown perpetrators. Jim Finkle and Andrea Shalal-Esa broke an exclusive story and reached out to folks in the industry to get to the truth. "They breached security systems designed to
In the last few days, I have been asked by a journalist (or four) what MacDefender means for the future of Apple security, and if I thought there was excess hype around it. I'll address the second question first. I think its safe to say the current malware would not be newsworthy if
In the wake of the massive PlayStation/Qriocity data breach Sony has announced that they will be providing a 1 year complimentary ID theft protection service through a company called Debix. In addition to the ID theft protection Sony is offering other “gestures” of goodwill. This all sounds good on the outside and the ID theft
In techie circles bringing up the topic of security through obscurity is like bringing up religion or politics at a cocktail party where you don’t know anybody. It might go over really well, or you might find people calling you names that my friends in HR would chastise (or fire) me for printing in the
The recent MacDefender Trojan has been receiving “rebranding” facelifts since it came out. It has now been deployed as MacProtector, MacDetector, MacSecurity, Apple Security Center, and there are no doubt more iterations to come. The malware has been updated, and now sports an improved UI that looks like a native Mac OSX application, unlike the
Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook. Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government. When many people use a service such as this, it
As many of us cruise the information superhighway (haven’t heard that for a while have you) on 64-bit machines, it might be a good idea to take a breath and remember a pioneer. Back in the days when a small team at IBM was building a general purpose 8 bit personal computer, Tom West and
Yes, it is Sony again. This time it is their Canada web site and their Japan website. According to thehackernews.com, which I cannot vouch for, this is the 10th Sony hack. While we don’t know how the PlayStation Network hack happened, we do have some information about how some of the other attacks were performed
I went to verify some information to complete my account registration with an office supply store. The last item looked like this I initially thought that if it is a word, it must be l33t speak, but ahh, Google Translate to the rescue! I don’t know what 443xje5 means in French or English, but the
It’s been a really rough time for Sony. I have a hunch that in the past month “Sony CTO” has leapt past toilet cleaner on the list of least desirable jobs. Last month there was the massive Sony PlayStation/Qriocity breach that leaked more data than a Wall Street ticker leaks stock prices. Then a Sony
What do these two topics have in common? More than you might think. The obvious is that neither has arrived yet. There is no proof of existence of either, you have to take it on faith. Neither will be here tomorrow… take my word for that. A story at http://www.reuters.com/article/2011/05/23/uk-linkedin-security-idUSLNE74M02820110523 explains how dreadfully poor security
Perhaps you just read David Harley’s blog http://blog.eset.com/2011/05/20/facebook-gets-something-right. Now I am about to tell you about something else Facebook got right. With two accolades in one day dirty, unfounded rumors might start flying about Facebook buying ESET or infiltrating our blog with spies. To cast off such groundless speculation I’ll tell you about the part
Perhaps the most impersonated person in the world is Santa Claus. For Santa, Identity theft isn’t a problem, but for millions of consumers it is a real problem. There are some steps you can take to help prevent identity theft. That said, identity theft is not always preventable by the consumer. http://www.ftc.gov/bcp/edu/microsites/idtheft/ is a good
An article on internetnews.com today caught my eye. “In Search of Smarter Phones” http://www.internetnews.com/bus-news/article.php/3788456 tells of capabilities being added to smart phones and new applications for these devices. With the release of ESET Mobile Antivirus this was of interest to me as currently there are few threats in the wild that attack the devices we currently
There was terrible news in Mumbai, India. Terrorists attacked several site and at least 80 people were reported dead. Knowing that I plan to go to India, it didn’t take long before I received a phone call asking if I was aware of the situation and if I would still be going. Both of my
[Some text removed as it no longer made sense because of references to content on other sites which is no longer available – DH, 2017] A couple of years ago I blogged about the Julie Amero case http://www.eset.com/threat-center/blog/?p=42. There is finally closure in this case. In the state of Connecticut and innocent person proclaiming their
We’ve added some features to ESET Smart Security. The beta for version 4.0 is now open to the public. Visit http://beta.eset.com to try out the new version. As always with beta software, it is not recommended to be used on production systems. New features include: support for Microsoft Windows Live Mail and Mozilla Thunderbird mail
Microsoft announced that they will be dropping OneCare and providing a free consumer anti-virus product. Much like when Microsoft announced they would enter the anti-virus market, this has caused quite a bit of media buzz. Much like when Microsoft announced they would enter the anti-virus market, this is not a big deal. To start with,
Some people are talking about a technique called “white listing” as if it were the silver bullet that is going to save the world. It is… in the fantasy worlds. I think I can lay claim to a certain amount of expertise when it comes to white listing. White listing was fundamentally my job at
I write this blog from Jakarta, Indonesia where yesterday I had a meeting with employees of the Koran Tempo. The Koran Tempo is a major magazine and news publication here. In the English edition of Tempo magazine there are several stories about Obama and the election in the US. One story that caught my eye
CNET, who hosts Download.com, has enjoyed a reputation for being a safe place to download software from. The program you download may be great or may be useless, but it had been “Tested Spyware Free.” At least that is what Download.com says about their downloads. Today it has come to my attention that the site
Electronic voting machines are a controversial topic. They really should not be, but due to the inept implementation of this method of voting by vendors like Diebold and Sequoia, there are serious questions about their accuracy and resilience to fraud. In 2005, Bruce Schneier wrote of some of the problems at http://www.schneier.com/blog/archives/2004/ 11/the_problem_wit.html In January
I apologize in advance to our international readers if this post is not of international interest, however it may well be as the leaders of the US seem to have a little bit of global impact :) For the background of this post, please see the following articles/blogs: http://blog.wired.com/27bstroke6/2008/10/bogus-robocall.html http://blog.wired.com/27bstroke6/2008/10/colorado-judge.html And, very Importantly: http://howto.wired.com/wiki/Vote_(Even_If_They_Say_You_Can’t) This
After having used the Google Chrome internet browser for a while now, I can say that it is generally a pretty nice browser, but I have some very serious privacy concerns.
Packing technology is really just compression. You know, ZIP, CAB, RAR, and so on. There are many types of packers and some people even write their own. The way a packer compresses the file is called an algorithm. There are many different algorithms and unless you know what one was used, or have a tool
Typically, Microsoft releases patches (security fixes) on the second Tuesday of each month. This day is affectionately called “Patch Tuesday” by many. On very rare occasions when there is a particularly severe vulnerability Microsoft will release a patch as soon as possible. Yesterday (October 23rd, 2008) Microsoft made a rare exception and released an “out
Instant messaging is a very successful means for the bad guys to get their software onto your computer. It is also very easy. If a virus infects your friend’s computer’s instant messaging program then it can “type” anything into the chat windows and it will look like your friend said it. It can provide a
I have a rather unique perspective on the antivirus industry. I used to work for Microsoft before they were a competitor. Come on, you can’t call MSAV from DOS 6 an antivirus product :) For over seven years my job at Microsoft was to make sure that Microsoft did not release any infected software. All
The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008. The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and
Sometimes it seems that we are fighting a battle that we are destined to lose. To some extent, win or lose depends upon your definition of the terms. We have never completely beat crime, but we still have victories against criminals… sometimes. Today it is a very great pleasure to wish a happy 6th anniversary
Well, I am happy to be here, but AMTSO stands for The Anti-Malware Testing Standards Organization. This is an initiative between Anti-Virus companies and anti-virus testers to improve the quality of testing performed on anti-virus products so as to provide consumers with meaningful tests. There have been so many bad tests performed, but “it’s on
Back in December of 2006 I posted an entry titled “The Spirit of Cooperation” . Today I am attending the Anti-Spyware Coalition Public Workshop in Washington DC. It is a very satisfying feeling sitting with staunch allies in the fight against spyware, adware, and other threats. Who are these allies? You would probably call them
