[UPDATE #1: (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device. Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide. AG] December is upon us, and whether you have a Christmas tree, menorah,
On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,
News of SMS (text) phishing scams are nothing new to readers of this blog. ESET researcher Cameron Camp recently wrote an article explaining how they work and how to avoid them here on ESET’s Threat Blog: SMSmishing (SMS Text Phishing) – how to spot and avoid scams, And just before Valentine’s Day, my colleague Stephen
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard
Employee use of personally-owned computing devices for work-related purposes–known as Bring Your Own Device or BYOD–is not a new trend and security professionals have been concerned about it for some time, but there is a widely held view that the trend has been transformed of late. Why? Waves of mobile digital devices flooding into the
I have a theory that says improving information system security–the security of our operating systems, network connections, and applications–just means the bad guys will focus more attention on our endpoints, the digital devices we use to access the information and systems we need to do our work. Furthermore, as we improve endpoint security technology, the
Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, throwing in a law enforcement scare. In this latest scam, an official-looking banner appears on infected machines, purporting
Awhile back we posted findings of a Harris poll showing public perception of Internet security, with some interesting results. This time we take a look at whether respondents perceive the Government and/or their schools have an implicit responsibility, or whether it lands squarely on their shoulders in the end (or should). Both schools and government
Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer
So who's to blame? First and foremost, the victimizers. Well, persistent victims, yes. And anyone in the security industry who pushes the TOAST principle, the idea that all you have to do is buy Brand X and you never have to take responsibility for your own security. Though, of course, "who's to blame?" is the wrong question: what matters is "how do we fix it?"
...So here are what we consider to be the 10 commandments of corporate security...
The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume "Kirllos" (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates
It will likely come as no surprise to regular readers of ESET's Threat Blog that we are somewhat gadget aficionados here in the Research Department. Our focus, however, is usually on issues such as malware, spam and privacy so we do not spend a lot of time discussing gadgetry. Every once in a while, though,
I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was
“Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and
Australia’s Internet Industry Association (IIA) is working on best practices for isolating computers with bots on them (http://iia.net.au/index.php/initiatives/isps-guide.html) At the same time, the Internet Engineering Task Force (IETF) is also drafting a document about the same thing (http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03) If these recommendations are adopted then people who have bots on their computers would have to get
Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware. Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses
Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit
It’s often claimed that men think about sex very seven seconds. Sorry, where was I? Oh yes… I’m not sure where that pseudo-statistic comes from: apparently not from the Kinsey report as is often claimed, and a more recent poll, while reflecting perhaps more liberated views about sexuality than could be admitted to in the
