ESET Threat Blog

Way back in the 1990s, during the Q&A session after an EICAR presentation on social engineering, there was an animated discussion arising from some slides I'd included on password selection and usage. Some wondered why we were still discussing and promoting password strategies when there were (and are) better alternatives to static passwords.
ENTER PASSWORD:

Timeslip… Before you … Read More…

Newton's 3rd law is often stated as "for every action there is an equal and opposite reaction." Actually, what Newton actually said is a little more complex* than that, but this article isn't about physics (or else I'd leave the discussion to someone better qualified). 
The Internet, despite its grounding in the physical world of hardware … Read More…

Urban Schrott, my colleague at ESET Ireland, has been sharing some interesting statistical information in recent months from surveys conducted on the company's behalf in Ireland, covering such issues as infection patterns, attitudes to security and safe computing, and password usage, and much of that information has found its way into our monthly Threatsense Reports … Read More…

The Reuters news agency reported earlier today a sudden increase in violent and pornographic images and videos on Facebook.  A quick review of my personal account and a check-in with my other Facebook-wielding colleagues revealed a couple of nothing more than a couple of suggestive pictures, complete with snarky comments embedded in them, from the … Read More…

You can't have failed to notice that a lot of account/password combinations have been captured in recent years (especially this year) and made available on the Internet (e.g. Gawker, Rockyou, various Lulzsec dumps) for any bad actor to try to make use of. Not a good thing, but it has at least made it possible … Read More…

It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric … Read More…

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer … Read More…

Introduction
LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy on … Read More…

Having worked several times and in various roles for the UK's National Health Service in the course of an embarrassingly long career, I feel I have a certain professional interest in its welfare, apart from a vested interest in seeing its health preserved so that it can continue to preserve mine.
It was interesting, therefore, to notice on the … Read More…

This seems to be my week for flagging password-related blogs. Well, there are plenty of stolen password issues around.
So here's a blog in stark contrast to Urban Schrott's blog about good password practice in Ireland (which I expanded on here and here). Troy Hunt ran an analysis of the subset of stolen Sony … Read More…