Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

More Cybercrime Corner articles

Recent additions to SCMagazine's Cybercrime Corner blog include: "Password strategies: Who goes there?" by David Harley, May 23, 2011 Password selection usually involves compromise, but even a short password can be reasonably strong and still memorable. This follows up at some length on a previous ESET blog by Paul Laudanski. "Fighting cybercrime" by Randy Abrams,

An Amazing Story – The Soul of a New Machine

As many of us cruise the information superhighway (haven’t heard that for a while have you) on 64-bit machines, it might be a good idea to take a breath and remember a pioneer. Back in the days when a small team at IBM was building a general purpose 8 bit personal computer, Tom West and

Back to the Basics – AKA Not Sony Again?

Yes, it is Sony again. This time it is their Canada web site and their Japan website. According to thehackernews.com, which I cannot vouch for, this is the 10th Sony hack. While we don’t know how the PlayStation Network hack happened, we do have some information about how some of the other attacks were performed

Yesterday’s Virus Hoax is Today’s Fake Utility

One of the (few) blessings of having been so long in this industry is that I remember a time when most malware was viral and Trojans were rare: so rare, in fact, that there was at one time a notorious "dirty dozen" set of Trojans.  At around the same time, there were innumerable hoaxes describing malware with

Anyone Fluent in L33t speak?

I went to verify some information to complete my account registration with an office supply store. The last item looked like this I initially thought that if it is a word, it must be l33t speak, but ahh, Google Translate to the rescue! I don’t know what 443xje5 means in French or English, but the

LinkedIn Security and The Rapture

What do these two topics have in common? More than you might think. The obvious is that neither has arrived yet. There is no proof of existence of either, you have to take it on faith. Neither will be here tomorrow… take my word for that. A story at http://www.reuters.com/article/2011/05/23/uk-linkedin-security-idUSLNE74M02820110523 explains how dreadfully poor security

Cybercrime corner

... I haven't recently posted any pointers to our content on SC Magazine's Cybercrime Corner, and now might be a good time to recap on what Randy and I have been posting there this month (so far...) ...

Don’t they know it’s the end of the world?*

*http://en.wikipedia.org/wiki/Skeeter_Davis  Here in the UK it's just turned 6pm on the 21st May, which apparently means I'll shortly be either invited to a rapturous celestial street party or subjected to various unpleasant experiences starting with a giant earthquake and ending with a front seat at a subterranean bonfire on or before 21st October. Though according to

Dirty Rumors about Facebook and ESET

Perhaps you just read David Harley’s blog http://blog.eset.com/2011/05/20/facebook-gets-something-right. Now I am about to tell you about something else Facebook got right. With two accolades in one day dirty, unfounded rumors might start flying about Facebook buying ESET or infiltrating our blog with spies. To cast off such groundless speculation I’ll tell you about the part

Facebook gets something right

It seems a little strange to have the words "Facebook" and "privacy" in the same sentence in one of my blogs, yet it seems that Facebook CTO Bret Taylor testified at a Senate Commerce Committee hearing on mobile phone and internet privacy. But it turns out the story is about rather more than privacy: it's

No chocolates for my passwords please!

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a

AMTSO growing up?

It's been a busy few weeks. Last week I was in Krems, Austria for the EICAR conference. The week before, I was in Prague for the CARO workshop (where my colleagues Robert Lipovsky, Alexandr Matrosov and Dmitry Volkov did a great presentation on "Cybercrime in Russia: Trends and issues" – more information on that shortly),

Sony PlayStation – Rehacked reloaded?

In life one cannot reload a particular scene; however, in gaming one certainly can.  This is an unfortunate time for Sony PlayStation and customers due to the recent breach.  Anecdotal reports are now coming in that Sony PlayStation who opened up their gaming ecosystem recently has now potentially fallen to a password reset hack.  This

EICAR Schnapps‑Shot

Well, the EICAR conference earlier this month was in Krems, in Austria, where I hear that they're not averse to the occasional brandy, but I was actually perfectly sober when I delivered my paper on Security Software & Rogue Economics: New Technology or New Marketing? (The full abstract is available at the same URL.) To conform with EICAR's

Android’s Anomaly?

There are reports coming out today about Google Android and how approximately 99.7% of its users are potentially open to compromise.  This news cycle started by the Ulm University publishing some information on the 13th of May showing some results.  I'm sure this story will develop and CTAC may follow-up to my blog with more details;

Securing Our eCity Cybersecurity Symposium

I'm a little late on this since I've been out of office for a few days, and only just picked up the relevant email. However, the Securing Our eCity Cybersecurity Symposium and IT Exec awards event is, I gather, happening right now and being tweeted live with the hashtag #SOEC . More information on the event

Obfuscated JavaScript – Oh What a Tangled Web

My colleague Daniel Novomeský alerted me to a problem he’s observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space (“packing”) or using a “protector” in order to make it