Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

Guarding against password reset attacks with pen and paper

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

LinkedIn security woes – and what to do about it

This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of your social media passwords, making sure you create a fresh password that is hard

You've Got (Nation State Hacked) Mail

We read in the New York Times that Google is rolling out a service that will attempt to alert users when it thinks their accounts might be subject to hacking by a government, hoping the user will take precautions after getting a notice that says “Warning: We believe state-sponsored attackers may be attempting to compromise

Stuxnet, Flamer, Flame, Whatever Name: There's just no good malware

A week ago the big malware news was the code known as Flame, Flamer, or sKyWIper (detected by ESET as Win32/Flamer.A), then on June 1, this news broke: "A damaging cyberattack against Iran’s nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama." (Washington Post)  Clearly,

Infosecurity Magazine on AMTSO's credibility gap

I was interviewed yesterday by Fred Donovan, following up on the paper on AMTSO I presented at EICAR earlier this month. I may be prejudiced, but I think he's summarized my current  thoughts on the topic pretty well in the article, though it isn't my recommendation that the existing guidelines be reviewed independently: it was

Press One if by LAN, Two if by Sea

At ESET, we spend a great deal of time researching the latest technologies and how they may be affected by frauds and scams. Sometimes these are “old fashioned” spam through email, or they may be programs like fake antivirus programs or ransomware. And we certainly have blogged extensively about PC support scams where the caller

Millions have not reviewed Facebook privacy settings: Here’s how

Here are two staggering Facebook privacy statistics: Nearly 13 million US Facebook users have never set, or don’t know about, Facebook’s privacy tools, and only 37 percent have used Facebook’s privacy tools to customize how much information is shared with third parties. That’s according to a Consumer Reports survey released earlier this month. Given that

11 Tips for protecting your data when you travel

When we relayed the FBI/IC3 warning to travelers about a threat involving hotel Internet service overseas last week it produced a lot of requests for advice on how to respond to the threat. So a few of us researchers at ESET came up with a list of data security tips for travelers. These tips will