Category Archives: Graham Cluley

The Wisdom of Solomon applied to support scams

I’ve known Graham Cluley and Dr Alan Solomon for many years, going back to the days when they worked together in Alan’s own company on the much missed ‘Dr Solomon’s Anti-Virus Toolkit’. Indeed, I recently added a link to a blog article Alan had put up on his own blog to the AVIEN scam resource page.

That article seems to have grown into a whole series of descriptions of Dr Solly’s adventures in tech-support-scam-land, so it seemed an entirely suitable topic for my first blog for Graham’s independent blog site. And so here it is: Tech support scams and the wisdom of Solomon. I’ll be adding it shortly to the scam resource page, along with the links to the individual articles by Dr Solly.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

And I thought I was quite softly spoken…

I was more than a little flattered to find myself included in Sys-Con Media’s Top 25 “Most Powerful Voices in Security” (article by Jim Kaskade). (Let’s not get too excited: I just scraped in at number 22.) But when I checked through the whole top 100 and saw some very familiar names there, I’d have been grateful to scrape in at #100, let alone in the top quarter.

Actually, it’s a little scary too, to get some idea of how many people might notice when I get something wrong. Oh yes, it does happen…

The study apparently included researched over 800 people, including security company executives, bloggers and media people, top names in cloud computing,  government officials, CISOs, and industry analysts. So it’s not surprising to see big hitters like Eugene Kaspersky, Rich Mogull, Brian Krebs and Bruce Schneier in there.

 On a more personal level, congratulations to Graham Cluley and Richi Jennings, both of whom were, inevitably, much higher placed than I was. 🙂 (Hat tip, too, to Dan Raywood for drawing my attention to it.)

Enough self-congratulation: back to the grindstone…

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN Dogsbody-in-Chief
ESET Senior Research Fellow

Attack of the Mutant Zombie Flesh Eating Chickens From Mars

Yesterday there was widespread reportage of one of those periodic stories that make media types drool; and make security experts cringe in despair.

However, this ‘summer slow day news story’ was so widely (mis)reported, that it does bear commenting on. The story in question was titled (by the BBC) as “First Human Infected with Computer Virus“. This of course conjures up the idea of a person getting sick, by means of malicious computer code (a claim that is, and will remain for a significant amount of time, well within the realm of science fiction).

What actually happened is much more mundane. It appears that the ‘researcher’ placed a piece of replicating code onto an RFID chip, and used that to infect the reader control system which then (at least in theory) could then pass the code back to other similar RFID devices. So far, so boring. We know that it is possible to have storage devices contain code (malicious or not) and pass that code between themselves via other systems. The difference in this case is that the researcher then injected the ‘infected’ (rather bizzarely he refers to this as ‘corrupted’ making me doubt that it was even a virus) chip into his hand, and claimed that this made him infected.

The news stories all got caught up with the fact that this gave him special Jedi powers enabling him to open doors with a simple wave of his hands (ok, maybe they didn’t exactly say that, but hand waving was involved), or…horror of all horrors….activate his mobile phone. Surely a deadly device if one had ever been made. So; we already know that RFID chips can open doors (after all, that’s a valid use for many of them) and they can carry code. The ONLY difference is that this ‘researcher’ inserted the chip into his flesh. To claim that this makes him ‘infected by a computer virus’ is a bit like saying that if I dropped the same chip into a cup of coffee, a steaming fresh cow pat, or even a mutant zombie flesh eating chicken from Mars, those would also be ‘infected’.

As Graham Cluley pointed out, the only interest that this story might have generated otherwise would be in a security research into vulnerabilities of RFID readers. You need a vulnerable reader to get affected by the code, and then you need to be able to read the other RFID tags/chips with that reader to ‘infect’ them. There’s a valid point in that RFID exploits could be used to compromise security and or privacy – but that’s not new knowledge, we’ve known that for many years.

As Chris Boyd (@paperghost on Twitter) nicely summed up “In conclusion then, “man infected with computer virus” is basically “device for opening doors works as intended”.”

Andrew Lee
AVIEN CEO / CTO K7 Computing

Blackhat SEO and other nuisances

The horrific Russian suicide bombings have, inevitably, generated a load of blackhat SEO (search engine optimization) attacks, not to mention Twitter profile attacks, using topical keywords to lure victims into running malicious code. I’ve blogged on that elsewhere recently – e.g. “Here come (more of) the Ghouls”, at http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls – so I won’t repeat myself here.

However, I hear from that nice Mr. Cluley at Sophos that there’s an awfully good paper available about “Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware”, by Fraser Howard and Onur Komili.  

It is a good paper, and it will interest a lot of the people who read this blog. And it should interest quite a few people who probably won’t read it. 🙁

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://www.eset.com/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com

PleaseRobMe: too much information…

Sometimes I think I should just stop killing myself multi-blogging and retweet Graham Cluley’s blog URLs.

This is a good item, anyway.

The web site (Please Rob Me, not the Sophos blog) “…mashes together content from Foursquare and Twitter, providing an easy way for potential burglars and stalkers to find out where you are supping your cappuccino, and when you may have left your home empty…”

In fact, what the site has been doing  is auto-grabbing publicly available data from such sites and putting it all in one place, with the intention of highlighting the risk of giving away information that burglars and stalkers would find useful about your movements.

Graham comments that it will be interesting to see if FourSquare and Twitter try to stop PleaseRobMe snarfing the data from them. We already have part of the answer to that: Mikko Hypponen reported about three hours ago that Twitter had suspended the @pleaserobme account.

There’s been a series of infomercials on UK TV recently in which “members of the public” try to interest thieves and burglars in robbing them, and a whil ago there was a “reality” show in which an ex-burglar broke into people’s homes (with permission) and then lectured them on what they should have done to prevent it.

There’s would be a certain felonious irony if PleaseRobMe were to get accused of having stolen part of their idea from these sources. 😉 In fact, though, the site is Dutch, according to the BBC, so maybe not.

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
https://avien.net/blog
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com

Top 10 Great Britons…

…in IT history, that is.

Iain Thomson and Shaun Nichols compiled a list of IT luminaries for v3.co.uk (formerly known as vnunet).

(See http://www.v3.co.uk/v3/news/2254492/top-great-britons-history)

Encouragingly, along with such stars as Tim Berners-Lee, Ada Lovelace, and Alan Turing, no less than two names particularly well-known to the anti-malware industry featured in the article: namely, Dr. Alan Solomon, who actually made the top ten, and Graham Cluley, fresh from his triumph at the Computer Weekly awards, who got an honourable mention.

Congratulations, guys, especially Graham, who really deserves placing above Sir Alan Sugar, being much less grumpy and much better at karaoke.

OK. You’re right: I made up the bit about karaoke. 😉 I’m having a Be Nice To Sophos week. Well, a couple of hours, maybe.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Congratulations, Graham

Congrats to Graham Cluley of Sophos, who walked away from the Computer Weekly blog awards with not just one, but three awards:

IT Security blog of the year – http://www.sophos.com/blogs/gc/

Twitter user of the year – @gcluley

Overall Best blog – yes, same blog.

As a part-time blogger (on several sites!) myself, I have a fair idea of how much work it takes to produce a consistently high-quality blog, and I can only say that these awards were richly deserved.

However, this will not stop me making rude remarks here and on the ESET blog about his karaoke performances.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/