ESET Threat Blog

As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?”
What do all of these links below have in common? You don’t have to read them, I’ll tell you..
http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html
http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/
http://mashable.com/2011/02/19/anonymous-westboro/
http://www.bbc.co.uk/news/technology-12535456
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=439&topic_id=572223&mesg_id=572590
http://www.theregister.co.uk/2010/12/13/amazon_outage_not_anonymous/
http://www.depravedmindset.com/2010/12/is-wikileaks-controversy-playing.html
http://topstoriesmilwaukee.com/uncategorized/attack-of-the-anonymous/
http://www.wowmaterials.com/2011/05/06/battle-of-the-immortals-turns-one/
In all of these … Read More…

[Update: that article "IMF and the weakest link" is now up on SC Magazine's Cybercrime Corner.]
In a recent article for SC Magazine (I'll post the link here when it gets posted) on the International Monetary Fund security breach, I focused on the implications of technological versus psychosocial threats and countermeasures. Not, of course, the first time I've … Read More…

Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product.
The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we do … Read More…

OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem.
Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications on … Read More…

At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers.
According to … Read More…

Today, June 8th Sony Pictures published a consumer alert on their site http://www.sonypictures.com/corp/consumeralert.html. The alert is about the data breach that was not discovered by Sony, but rather shoved in Sony’s face on June 2nd and specific details were confirmed by the Associated Press on June 3rd.
Despite the fact that it was confirmed that actual … Read More…

I’m not paid to find irony in life, it’s just how I’m wired. For example, I found it hilarious that in a Singapore airport restroom with toilets that flush automatically, touch-free sinks, touch-free soap dispensers, and touch-free hand driers, they have a TOUCH SCREEN “rate our bathroom” survey! I’m not making this up, here’s the … Read More…

I wonder if that is a coincidence that Sony Corporation of America is looking for a Senior Network Systems Administrator considering an Associated Press article reported that victims of the latest Sony Pictures data breach have confirmed that the information that the blackhat group “Lulz Security” leaked was real information that did come from Sony … Read More…

What’s wrong with this picture?

Yes, that’s right, I am using Google’s incognito mode and Clicker knows exactly who I am!
I have previously blogged here and here about Facebook’s instant personalization, but let me spell it out for you. Facebook “Instant Personalization” destroys Google Chrome’s “Incognito mode”. There is nothing incognito about opening a clean … Read More…

A couple of days ago I blogged about a disturbing new way that Facebook was sharing information without notification or authorization. A friend of mine pointed me to an article on ZDNET that described the issue and what was happening. The “feature” is called “Instant Personalization” and the concept is simple. The concept is not … Read More…