ESET Threat Blog

Perhaps I imagined it, but a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade … Read More…

In the security industry there is fierce competition. At least in the anti-malware segment there is also tremendous cooperation. I am writing from the 3rd annual CARO workshop where researchers from several anti-malware companies are sharing important information with their competitors.
Quite a while back there both PCTools and ESET had false positives on each other’s … Read More…

Don’t trust unsolicited files or embedded links, even from friends.
It’s easy to spoof email addresses, for instance, so that email appears to come from someone other than the real sender (who/which may in any case be a spam tool rather than a human being). Basic SMTP (Simple Mail Transfer Protocol) doesn’t validate the sender’s … Read More…

Lots of fuss about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5 hash value). … Read More…

It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published … Read More…

It probably isn’t news to you that there’s been an issue with Internet Explorer and a recently-discovered vulnerability that exposes users of the application to a range of attacks. Certainly we’ve been getting lots of enquiries about our ability to detect it, and I suspect other vendors are getting the same barrage of questions.
Of … Read More…

Okay, sorry about the horrible pun. It suddenly occurred to me that people (especially those from outside the UK) might be somewhat shocked that the Barts and the London NHS Trust, a group of three major hospitals in London took so long to deal with a malicious program that was, apparently, detected by their provider … Read More…

After having used the Google Chrome internet browser for a while now, I can say that it is generally a pretty nice browser, but I have some very serious privacy concerns.
When you open a new tab in Chrome, it displays pictures from websites you have visited. This means that if someone is sitting next to … Read More…