ESET Threat Blog

As I previously blogged today, the hacker who broke into Sarah Palin’s Yahoo account was convicted on two charges. The way that David Kernall gained access to Palin’s email account was by trying to log into  her account, saying “I forgot my password” and then he correctly answered the password reset questions. Some of the … Read More…

A jury handed down a mixed verdict in the case of David Kernall, who hacked into Sarah Palin’s Yahoo email account. Kernall used a password reset attack to break into Palin’s Yahoo account, something that wouldn’t have happened if either Yahoo had been using reasonable security practices at the time, or if Palin would have … Read More…

In March 2010 we changed the format of this document, as we found that some people thought it was just a list of the top ten threats, which hasn’t been the case for a long while. Of course, those data are still included, but we’ve moved them to the end of the document. As you’ll … Read More…

iPad and iPhone development and security issues are across the blogosphere and traditional media today. Starting with some interesting antivirus industry news concerning the iPad…

Apple iPad users are being offered a security program to scan their new device for vulnerabilities and rogue software should such things emerge as threats.
Hailing it as the first iPad 'antivirus' … Read More…

it’s anyone’s guess whether 24’s Jack Bauer would win in a faceoff against the new FBI Cyber Crimes Top Cop, Gordon Snow. Give this guy the data from the malware and he’s sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he … Read More…

Wow. File this under ‘how stupid thoughtless can any one person in a position of absolute power be…’ One school official abuses the built-in webcam access used with anti-theft software [legal malware] which they had packaged onto school laptops… to their own detriment.

What sparked the discovery was Assistant Principal Lindy Matsko's assertion in early November that Harriton … Read More…

Within the past month we at ESET’s Threat Blog have been hammering away at the gap between user education about privacy, the realistic expectation of privacy in the digital age, and how corporations view individual privacy. Today I read an eye-opening revelation about Accenture’s global Data Privacy Report talking about How Global Organizations Approach the … Read More…

 Better get your CFO to review UCC Article 4A and realign protocols with your business bank – The clear and present danger to our banking through malware hits at the heart of our economy: the SMB. Stealthy malware-based theft of funds start the clock ticking much quicker than most SMB owners realize and without action … Read More…

In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky:

“Don't be surprised if a criminal compromises your or one of your colleague's personal social networking accounts to retrieve … Read More…

The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume "Kirllos" (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates … Read More…