magazine
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
STRAIGHT TALKING<br />
from the ESET experts<br />
Shutterstock © auremar<br />
Fiction: Children are too open on<br />
the Internet<br />
Fact: It’s often the parents<br />
By David Harley,<br />
Senior Research Fellow, ESET<br />
Many parents regularly post<br />
photographs and potentially sensitive<br />
information about their children to<br />
social networking sites. But what are<br />
the privacy implications when those<br />
children become adults?<br />
There are at least two related<br />
problems with a digital footprint, as<br />
compared to the non-virtual world:<br />
(1) Physical photographs and other<br />
documents are in some sense unique<br />
objects. Put it on the Web/social media<br />
and you lose control over it.<br />
(2) The digital world may seem<br />
transient but digital data is actually<br />
extraordinarily persistent.<br />
Given these issues, it is worth<br />
considering if it’s a parent’s ethical – or<br />
even moral – responsibility to think<br />
about the difference between the online<br />
and offline contexts and act accordingly.<br />
There are clearly lines to be drawn, of<br />
course, between digital data which can<br />
be damaging, and that which cannot.<br />
My own daughter’s reaction to<br />
the publishing of photos was this:<br />
“Ultrasounds, baby photos, etc, I think<br />
could be considered acceptable – at the<br />
end of the day a child is a child.<br />
“The photos do not have the same<br />
long-term problems as, for instance,<br />
employers getting to see embarrassing<br />
teenage photos, posted by parents, or,<br />
more likely, friends.”<br />
Fiction: Advanced persistent threats<br />
are the most dangerous malware<br />
Fact: Many such attacks are<br />
simplistic – B-grade malware,<br />
if you will<br />
By Olivier Bilodeau,<br />
Malware Researcher, ESET<br />
We analyzed four targeted attack<br />
tools and the reasons why they<br />
shouldn’t be called ‘advanced’.<br />
Some features we observed:<br />
● An attacker interacts with<br />
an infected machine.<br />
● Bad criminals: typos in<br />
configuration, naive<br />
cryptographic implementation,<br />
weak code practices.<br />
● Sophistication variability: from<br />
no obfuscation to hidden position<br />
independent code, XOR encryption,<br />
XTEA encryption, stand-alone<br />
re-usable components.<br />
● The malicious software uses spearphishing<br />
campaigns – targeted<br />
emails carry an executable<br />
which displays the icon of a Word<br />
document (the dropper). This<br />
drops the main malicious binary<br />
and then a Word document into<br />
the user’s temporary folder.<br />
As long as these less<br />
sophisticated attacks are still<br />
successful they’ll continue.<br />
32 welivesecurity.com