In response to my recent cookie theft blog a reader asked the following questions: What is VPN, what is SSL and what is the significance of https? What precautions can we take if we need to do Internet banking from a public computer, Internet café for example? VPN, SSL and https are all about encryption.
Yeah, usually these things are titled “for Dummies”, but you’re not a dummy if you don’t understand, you’re normal. This is related to the program “Firesheep” and I will attempt to make it very easy to understand the problem. The solution is a bit more complex. It all comes down to trust and discretion. Unfortunately
Recently a tool called “Firesheep” was released. Firesheep makes it so that virtually anyone can hijack Facebook, and some other accounts when they are being used on unsecured public wireless networks. Firesheep takes advantage of the fact that Microsoft, Facebook, Twitter, Yahoo, and scores of other companies really couldn’t care less about your privacy or
I’m sure that at some point you have listened to the radio. A signal goes out and all radios in range can tune in to the broadcast. WI-FI is essentially a radio signal that transmits and receives data. The access point and your computer exchange information, but all computers with wireless capabilities can receive the
...behaviour like this has been observed in other versions of Zeus. The really interesting discovery in this case is associated with the way in which these samples search for logical devices attached to an infected computer....
This isn’t a highly technical post by any means, but in a follow up I will explain some basics for less technical users and provide some information on protection. Recently a Firefox extension called Firesheep was released. Firesheep makes account hijacking easy enough that highly unskilled users can do it. Here’s how it works. A
The AMTSO press release about its newly announced cheap subscription model, which I previously referred to here, has been misunderstood in some quarters. I therefore tried to clarify the issues in my latest Security Week article: Once More 'Round the AMTSO Wheel of Pain. The article is also linked from the ESET white papers page.
...the "Stuxnet under the microscope" has been updated.today on the white papers page: details as following...
Our friends at Virus Bulletin are hosting a seminar later this month ... organized by the security-knowledgeable but vendor-agnostic magazine whose annual conference is one of the major highlights of an anti-malware researcher's year.
Our interim analysis of a version of the malware we detect as Java/Boonana.A or Win32/Boonana.A (depending on the particular component of this multi-binary attack) differs in some characteristics from other reports we've seen. The most dramatic difference is in the social engineering hook used in messages sent to an infected user's friends list. Other reports
...While there are those who think that I've been in the anti-virus industry since mammoths roamed the Surrey hills, most of my computing career has actually been in medical informatics, though as you might expect from what I do now, documentation, security and systems/user support played a large part most of that time....
Clearly, the news about the demise of the Limewire service hasn't reached P2P Technologies yet, or, more likely, they're hoping it hasn't reached you...
You may have seen some headlines today about a New Java Trojan that attacks Macs. It turns out that it also attacks Windows and Linux users as well. The Trojan pretends to be a video on Facebook. A user gets a message asking “is this you in this video” with a link. Upon clicking the
A recent article at Time http://www.time.com/time/politics/article/0,8599,2025696,00.html details how an online voting system was hacked. The good news is that it was a public test and not a real election. The bad news is that real people’s information was able to be obtained. The “hackers” professor J. Alex Halderman and some of his graduate students from
[C. Nicholas Burnett, the manager for ESET LLC's tier three technical support, contributed the following guest blog article on the FireSheep plugin for Firefox. Thank you very much, Carl! Aryeh Goretsky] The past several days have seen the security community abuzz about a program presented in San Diego at ToorCon 12 this last weekend called
...It's likely that there has been a technical breach in countries that have legislation like the CMA, though I can't imagine that many people would want to put the Dutch police in the dock On this issue, at any rate. :) ...
...there are a number of other potential risks from offers like this (as I've pointed out before) ... Paying for software that's actually free and for services that aren't worth the money ... Paying for software that turns out to be malicious ... Parting with credit card and other data that might be misused...
...one of the most interesting results is the approval by the members present of a planned low-fee subscription model which will enable individuals and small organizations to participate...
Tip of the hat to Bruce Dang and Dave Aitel for flagging an inaccuracy in ESET's Stuxnet report. And, indirectly, leading us to a blip in some PoC code which now looks even more interesting. (But that isn't going public yet.) The paper has been updated to remove the offending item. David Harley CITP FBCS
What a touching email. Mercy saw my profile and wants to know more about me. She even tells me “please don't forget that distance or color does not mean any thing,but love matters a lot”. What a sweet sentiment. Now I’ll show you the email and I think you’ll see what’s wrong with this picture.
