Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
ESET's Threat Reports for September and October include some quality articles on Facebook, safety online, and backup strategy.
A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then
A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. When the user opens the “PDF” file, it attempts to mask the installation
If you don’t remember the Rumble in the Jungle, it was a boxing match between George Foreman and Muhammed Ali. Back in 1974 names like Foreman and Ali were as famous as companies like Google and Facebook are now. Google, like the older Ali, has been taking punches in the early rounds of the social
An application written to allow integration between Facebook and Google Plus may be all you need to compromise your computer. According to a PCWorld report an application called Google+Facebook used a well known programming worst practice of downloading a JavaScript file upon launch. If you aren’t real technical and don’t know what this means, I
I’ve been using Google Plus almost as long as it has been around, which is a sneaky way of saying I am a noob to it :) Frankly, at this point I do not see anything particularly novel or sensational. I just haven’t seen the killer feature that will vanquish the Facebook megalith, but perhaps
This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee
With Facebook's launch of video chat powered by Skype underway and enabling a new level of communication on its platform, we take a look at permission settings and privacy options.
Cameron Camp just blogged about the announcement that Google is going to delete all private profiles at the end of July. This really wouldn’t be a big issue if it wasn’t for the fact that Google is as two faced as you get on privacy and has a history of neglecting user privacy, such as
Facebook recently launched a facial recognition feature that allows you and others to “tag” photos with your name. As has been the norm for Facebook, this “feature” is turned on by default and users must take their own initiative to limit, or turn it off. The implications are wide-ranging, so if you or anyone in
Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below. A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image The “Jaa” button is actually a “Share” button and will post the
Our friends at Threatpost have come across what they describe as a massive phishing attack against Tumblr users. It seems the lure of sexual content will work as many times as Lucy can pull the football out each time Charlie Brown tries to kick it. According to the article, hijacked web pages of Tumbler users
In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system. If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan.
Introduction LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy
Survey Reveals Chasm between Users’ Concerns and Behavior A recent Survey commissioned by ESET and conducted online by Harris Interactive from May 31-June 2, 2011 among 2,027 U.S. adults 18+ found a startling disconnect between user concerns about privacy and security and their actions on social networking sites. To start, the study found that 69%
Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,
As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?” What do all of these links below have in common? You don’t have to read them, I’ll tell you.. http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/
Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product. The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we
OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications
October is National Cyber Security month. Groups like the National Cyber Security Alliance are promoting awareness of cyber security. On Tuesday at 11 AM Eastern Daylight Time (8 AM PDT and 4 PM GMT) Department of Homeland Defense Secretary Janet Napolitano will be giving a speech that will be broadcast live at www.dhs.gov. The Secretary
We received an interesting comment in reply to the blog post http://www.eset.com/threat-center/blog/2009/10/13/phishing-the-fbi-and-terror. Joseph A’Deo, who apparently works for Verisign, mentioned the use of extended validation SSL (EV SSL). I am sure that some of you are familiar with EV SSL. Some of you have seen the results of it and perhaps not noticed. Some of
“Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and
You may have seen some news today about a new vulnerability that can potentially affect Windows Vista. Microsoft will have a patch for the flaw, hopefully before it is exploited. Of course, Microsoft had a patch for the flaw that Conficker exploited, but too many people are not patching anything. It’s a good idea to
Dear Adobe, It is time to put up or shut up. Your web site FAQ http://www.adobe.com/products/flashplayer/security/privacy_policy/faq.html has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash
According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these users are not using
The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled “U.S. Enterprise Encryption Trends”, has completed its fourth annual publication. The data was directly obtained from
I just read a startling news story about how someone didn’t understand what NOT to post on Facebook. The article titled “British spy chief’s cover blown on Facebook” tells how the wife of Sir John Sawers put up way too much information on Facebook. You can read the story at http://tech.yahoo.com/news/nm/20090706/tc_nm/us_britain_mi6 You don’t have to
I recently read an article about Facebook security problems at http://www.securitymattersmag.com/security-matters-magazine-article-detail.php?id=411 in which some advice on passwords was given. Some of the advice was quite good, but some was a bit shaky. I’ll go through the tips and tell you what’s hot and what’s not! Use a combination of uppercase and lowercase letters, symbols, and
Most, hopefully all, of you have heard an announcement that President Obama is to name a person to be the “Cyber Czar”. One of the absolute fundamentals of customer service is setting expectations. The title “Cyber Czar” sets unrealistic expectations and no matter how good a job the appointee does, it will not match the
Just a few short days ago I read the announcement that Microsoft announced a new relationship with the social networking services Twitter and Facebook. The relationship was created to enable users of Xbox Live to access their profiles and post photos to their Facebook accounts and allow Twitter users to post and read messages –
At the Interop show in Las Vegas I promised some people I would put the list of resources we included in out presentation on the ESET blog. These are great resources for education and cybercrime reporting. The first one is a new initiative form ESET. I’ll blog more extensively about Securing Our eCity tomorrow! • Securing
Yesterday at the EICAR conference in Berlin <http://www.eicar.com> Dr. Fred Cohen was the keynote speaker. For any of you who do not know of Dr. Cohen, he is credited with coining the term virus to describe a self-replication program. Dr. Cohen also is credited with writing the first computer virus. The virus was written as
As we do each month, ESET has released its monthly threat report. As you might expect, there were a lot of Conficker detections out there. There were also almost as many detections for autorun threats that are not Conficker. In other words, if you have disabled autorun, then you protect against a lot more than
We all have recently endured a week or so of extensive media hype about a worm called “Conficker”. Phrases such as “One of the worst viruses ever” and other such nonsense were tossed around like promises at a political rally, with about the same level of honesty and accuracy, perhaps even less. Conficker was already
I’ve tried to convince you all that you really need to watch out for all of the threats and that it really isn’t worth worrying about Conficker, but if you are still worried about Conficker we do have a knowledge base article you can peruse at http://kb.eset.com/esetkb/index?page=content&id=SOLN2209. If you apply your security patches, disable autorun,
Perhaps this is a little relevant to some of our readers… We just released version 4 of ESET Antivirus (NOD32), and ESET Smart Security. If you have a valid license, then there is no charge for the upgrade. Take a look at http://www.eset.com/smartsecurity/ for the “What’sNew” information. Randy Abrams Director of Technical Education
I recently started writing weekly tech tips for the San Diego Chamber of Commerce. If you are interested in these tips you can find them at http://www.sdchamber-members.org/TechTip.htm. Past tips are archived there as well. Randy Abrams Director of Technical Education
When it comes to computers, there is no such thing as a little bit different. Consider the following. “0010 1111” is how a PC identifies a forward slash “/”. Each one and zero represents a bit. Eight bits, as you may know, is a byte. 0010 1110 is one little bit different from 0010 1111,
The email scam du jour is an email scam promising government grants. One of the highly prevalent ones is from an alleged company called “Rapid Grants Solutions Kit”. I decided to search for them. This time I used Google, Yahoo, Live.com, and Ask.com. In al cases the results looked pretty shady. The results with Google
