ESET Threat Blog

I was interviewed yesterday by Fred Donovan, following up on the paper on AMTSO I presented at EICAR earlier this month. I may be prejudiced, but I think he's summarized my current  thoughts on the topic pretty well in the article, though it isn't my recommendation that the existing guidelines be reviewed independently: it was … Read More…

Does your company have a written information security program? If not, you could be an easy target for cybercriminals AND end up on the wrong side of the law, regardless of where your company is located or what size it is. Which law? Something they passed about two years ago in the Commonwealth of Massachusetts, … Read More…

It was back in the 1990s when someone told me that operating systems like Windows NT were getting so safe that AV would soon be out of business. And I hear on a regular basis that AV is so ineffective it's not worth having. Because I get some of my income from the anti-virus industry, … Read More…

Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better.
Consider the phenomenon … Read More…

If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A  (and the other panel sessions from the conference). Register here.
Here are the details for that keynote session, chaired by Steve Gold, Technology … Read More…

Sadly, having signed up some time ago (see Conferencing in the Metaverse) for the SC Virtual Summit taking place today, I'm too tied up with other things to actually attend.
The summit offers "live webcasts, videos and exhibitors all in a virtual world…" On entering the virtual exhibition hall, visitors can view live videos, download white papers and … Read More…

So you bought insurance against a data breach. With all the potential loopholes and variables, is it worth the cost for the coverage required to handle a real-world scenario? That’s a tender subject these days at Sony. In light of their recent breaches, soaring near an estimated $180 million, it seems their insurance provider, Zurich … Read More…

Well, really there are far more, but the latest study from Imperva of 10 million attacks against 30 large organizations from January to May of 2011 cites a cocktail of techniques used by would-be hackers to spot the weaknesses and exploit them. For those of us who’ve tailed a log file spinning out of control … Read More…

Earlier this year I delivered a presentation at Infosec Europe on SCADA issues, a topic that's come up a lot in my articles here.
There isn't a paper to go with that presentation, but the barebones slide deck on the ESET white papers page has now been replaced with a version – Infrastructure Attacks: The Next … Read More…

Greetings, my faithful fans. Did you miss me?
I've just had a restful week hiding from the Internet in a remote cottage in Devon, which is why I've been uncharacteristically quiet. Before that, though, I had an interesting and useful week in London mostly centred round the Infosec Europe expo, where apart from wall-to-wall meetings and … Read More…