end-user security Archives -

end-user security

Ransomware stoops to new lows – fake law enforcement

Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, throwing in a law enforcement scare. In this latest scam, an official-looking banner appears on infected machines, purporting

Where there’s smoke, there’s FireWire

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer

Blaming the Victim…

So who's to blame? First and foremost, the victimizers. Well, persistent victims, yes. And anyone in the security industry who pushes the TOAST principle, the idea that all you have to do is buy Brand X and you never have to take responsibility for your own security. Though, of course, "who's to blame?" is the wrong question: what matters is "how do we fix it?"

Deus ex machina

It will likely come as no surprise to regular readers of ESET's Threat Blog that we are somewhat gadget aficionados here in the Research Department. Our focus, however, is usually on issues such as malware, spam and privacy so we do not spend a lot of time discussing gadgetry.  Every once in a while, though,

The Blame Game

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was

Can’t Surf the Web?

Australia’s Internet Industry Association (IIA) is working on best practices for isolating computers with bots on them (http://iia.net.au/index.php/initiatives/isps-guide.html) At the same time, the Internet Engineering Task Force (IETF) is also drafting a document about the same thing (http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03) If these recommendations are adopted then people who have bots on their computers would have to get

M(b)ac(k) to the future

Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware.  Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses

Ditch Adobe?

Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible.  Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit

Sex and the e-City

It’s often claimed that men think about sex very seven seconds. Sorry, where was I? Oh yes… I’m not sure where that pseudo-statistic comes from: apparently not from the Kinsey report as is often claimed, and a more recent poll, while reflecting perhaps more liberated views about sexuality than could be admitted to in the