Category: security

  • Sorry for the malware warning!

    If you have tried to visit my blog recently, you might have to a warning like this from your webbrowser: Warning: Something’s Not Right Here! contains content from , a site known to distribute malware. Your computer might catch a virus if you visit this site. … The source of the warning is […]

  • Updated YARPG

    This has been sitting in my queue for some time: almost four years ago (it’s incredible how time flies!) – amongst the first posts I’ve published on the blog – I’ve written a random password generator in Javascript which I’ve named YARPG (for “Yet Another Random Password Generator”). The advantages to using it are the […]

  • Spammy Mike

    While most of the time I simply skip / delete any malicious content encountered, from time to time I do some quick investigation on items which peak my interest. For example the following comment was posted on a friends blog: You make a good point, and it is one I often make about encryption. There […]

  • Forensic analysis of JPEG images

    Recently I became aware of the Hackerfactor blog, especially the posts related to discovering image manipulation. It is interesting to read what one can deduce from an image, even when one doesn’t use such “obvious” information sources like image metadata (I say “obvious” because it seems that it isn’t obvious at all for most people […]

  • Security vendor’s “top-threat” list proof for their less-than-perfect performance?

    Here is something I’ve been thinking about lately: most (all?) security vendors publish their “top-threats” periodically. Those lists are made up by centralizing numbers reported by their clients. While it is safe to assume that the majority of the enumerated threats are blocked straight-away – before they can execute a single piece of code – […]

  • A missed opportunity

    The theory of capitalism (and I’m greatly oversimplifying here, I know) says that, even is we all follow just our own self interest, a global “good” will somehow emerge. This is what F-Secure is doing in their blogpost where they write about a specific ransomware which – if you get infected with – encrypts your […]

  • A “Bob” story

    If you are not familiar with the “Bob story” concept: I first heard about it on the Pauldotcom podcast, where Twitchy used to tell stories about how “Bob” went wardriving, created a fake AP and did other grayhat things. They may have taken the idea from somewhere, but this is where I’ve heard it first. […]

  • Congratulation to AV-Comparatives!

    AV-Comparatives is an independent, well-known and well respected testing organization in the AV/Anti-Malware field. They recently published two reports and one meta-report: Whole Product Dynamic Test Performance Test Summary Reports Go read them if you have questions like “which product is the best for me?”. Thank you Andreas for providing a great and impartial service. […]

  • Schneier videos

    Bruce Schneier is always fun, and together with Markus Ranum he is extra fun (sidenote: although it is title “face-off”, they agree more than they disagree): Schneier-Ranum face-off, part1: The future of information security Schneier-Ranum face-off, part 2: Social networking Schneier-Ranum face-off, part 3: Compliance and security Schneier-Ranum face-off, part 4: Cybersecurity coordinator Schneier-Ranum face-off […]

  • A game of Chinese whispers

    Yet an other example of real-life Chinese whispers in the security journalism: A Hungarian online news site published an article titled “Hackers tried to steal user data from Amazon” (here is a somewhat usable automatic translation for the non-Hungarian speakers). I assume that the information went like this: What happened –> What the security company […]