Antisocial Media and Critical National Infrastructure

| | David Harley
[For some reason I posted this several months ago on my Dataholics blog, when this one might have been at least as obvious a place to put it. I haven’t anything new to say on the topic: I’m just putting it here for completeness.] There was never much chance of ... Read More

Helpful Hackers

Checking in on Facebook much too late last night, I noticed an invitation to connect from someone who is already a Facebook friend, so, as I always do, I sent them a message telling them that it looked as if their account had been cloned, and that several friends had ... Read More

Scam callers and spoofed telephone numbers.

| | David Harley
One of the consequences of the ease with which a phone number can be spoofed, combined with the fact that scammers tend to know more about you than the tech support scammers of old, is that they can often spoof the customer services phone number that your bank or credit ... Read More

Google TLDs: some security controversy

| | google
I’ve been seeing a certain amount of panic about Google’s inclusion of .zip and .mov in its recent launch of eight new Top Level domains (TLDs). While I don’t think adding to the list of TLDs that can be confused with filename extensions, I think the risks may have been ... Read More

Scam Intercepters – some thoughts

Despite no longer being paid to provide consultancy to the IT security industry, I couldn’t resist catching up with an interesting BBC initiative called Scam Interceptors. Having been appalled in the past when Click actually bought a botnet*, thus feeding scammers in the name of investigative journalism and self-congratulation, I ... Read More

Abusing Communities

I may need to give up social media altogether. I can’t seem to avoid seeing scams in all directions, and I can’t seem to ignore them, even though writing about this stuff is no longer my living. Perhaps it’s a curse, or the result of a misspent life: I remind ... Read More

Phish Philtering

| | homoglyph attacks, Scams
[This is an article – slightly edited – that was originally posted on the now defunct I was reminded, a blog page to which a number of security researchers contributed articles independently of any commercial organizations for whom they might work. I was reminded of it by a repost ... Read More
Clone Wars Revisited – Facebook Friend Requests

Clone Wars Revisited – Facebook Friend Requests

| | David Harley
Caveat: while I spent over 30 years in IT security, and though I often wrote about Facebook’s failings in that area over that time, I don’t have intimate knowledge of its inner workings, or foreknowledge of changes in its policies and interface. So, while I hope the following notes will ... Read More

Mac Malware resource from Checkpoint

| | macOS malware
While I’m not currently maintaining this site, I should flag the pretty good MacOS Malware Pedia implemented by Checkpoint. Hat tip to Virus Bulletin, who drew my attention to that page in their March 11th newsletter. Added to the Malware Descriptions page. David Harley Advertisements ... Read More

Normal service suspended indefinitely

| | David Harley
For the present, I’m not working in the security industry, so I shan’t be maintaining this blog, though I’ll keep it intact for the present in case people still find some use for what’s here. I don’t plan to look for another security job at present, but never say never: ... Read More