Research | WeLiveSecurity

Research

Expert content, for researchers by researchers

Research

Facebook gets something right

It seems a little strange to have the words "Facebook" and "privacy" in the same sentence in one of my blogs, yet it seems that Facebook CTO Bret Taylor testified at a Senate Commerce Committee hearing on mobile phone and internet privacy. But it turns out the story is about rather more than privacy: it's

No chocolates for my passwords please!

Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link).  Even still it is always good practice to reinforce sensible password techniques.  For this blog, I plan on sharing an analogous self-ritual, and one that relies on a

AMTSO growing up?

It's been a busy few weeks. Last week I was in Krems, Austria for the EICAR conference. The week before, I was in Prague for the CARO workshop (where my colleagues Robert Lipovsky, Alexandr Matrosov and Dmitry Volkov did a great presentation on "Cybercrime in Russia: Trends and issues" – more information on that shortly),

Sony PlayStation – Rehacked reloaded?

In life one cannot reload a particular scene; however, in gaming one certainly can.  This is an unfortunate time for Sony PlayStation and customers due to the recent breach.  Anecdotal reports are now coming in that Sony PlayStation who opened up their gaming ecosystem recently has now potentially fallen to a password reset hack.  This

EICAR Schnapps-Shot

Well, the EICAR conference earlier this month was in Krems, in Austria, where I hear that they're not averse to the occasional brandy, but I was actually perfectly sober when I delivered my paper on Security Software & Rogue Economics: New Technology or New Marketing? (The full abstract is available at the same URL.) To conform with EICAR's

Android’s Anomaly?

There are reports coming out today about Google Android and how approximately 99.7% of its users are potentially open to compromise.  This news cycle started by the Ulm University publishing some information on the 13th of May showing some results.  I'm sure this story will develop and CTAC may follow-up to my blog with more details;

Securing Our eCity Cybersecurity Symposium

I'm a little late on this since I've been out of office for a few days, and only just picked up the relevant email. However, the Securing Our eCity Cybersecurity Symposium and IT Exec awards event is, I gather, happening right now and being tweeted live with the hashtag #SOEC . More information on the event

Obfuscated JavaScript – Oh What a Tangled Web

My colleague Daniel Novomeský alerted me to a problem he’s observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space (“packing”) or using a “protector” in order to make it

Facebook’s Search and Destroy

An article came out yesterday from Clement Genzmer who is a security engineer at Facebook.  His tagline is "searching and destroying malicious links".  Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to

Will the Comcast “Constant Guard™ Security Service” work?

I received an email from Comcast (my ISP) announcing their “Constant Guard™ Security Service”. Basically, if Comcast thinks a customer is infected with a bot they will email the customer and offer to help clean up the computer. The Constant Guard service claims to do a lot more too, but Comcast is quite ambiguous about

AV Numbers Game

...I would suggest that you take any statement like "Grottyscan AntiVirus is best because it detects 200 million viruses" with a pinch of salt. Actually, a whole salt mine...

ESET Version 5 Beta is here!

For those of you who have just been itching to test drive the beta of ESET Smart Security version 5 or ESET NOD32 version 5 the beta is now available. Just head over to www.eset.com/beta and I am sure you can find it. As always, remember that this is beta code and use on production

CIPAV Spyware: Hiding in Plain Sight?

CIPAV, the "Computer and Internet Protocol Address Verifier" spyware apparently used by the FBI to monitor activity on the computers of suspects, may not seem the hottest news item around: in fact, my friend and former colleague Craig Johnston and I put together a paper – Please Police Me – on the issues involved with policeware versus

April: that’s so last month

April? Haven't we moved on from there? Well, yes, but ESET's ThreatSense report for April does include, apart from some information on the top ten threats for the month, a feature article by Urban Schrott on the far-from-dead 419 scam, some information on recent and upcoming events such as the AMTSO workshop (which I've just attended: much more information on

Osama bin Laden is alive and well… on Facebook

The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth.  As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates

Global malware thrives on the demise of a global terrorist

[NOTE:  As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook.  Click here to view their article in Spanish. We will follow up on this shortly.  AG] The malware phenomenon started by the announcement of Osama Bin Laden’s death continues