RSS Alerts

David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

Biography:
The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud

cloudMalwareWiFiDavid Harleyhackingcloud securityComplianceSecurity

Bloggers

Blog

Follow and talk to Infosecurity's bloggers.

Follow Infosecurity's bloggers as they share their thoughts on the industry, technology, and much more. Our bloggers have been selected for their industry expertise. They welcome interaction, so we encourage you to add your opinions to theirs.

All Bloggers » David Harley
0
comments
Apples and Oranges = Apple and Microsoft?
Several people have asked me for a response to Eugene Kaspersky’s views on Apple, as expressed at Infosecurity Europe last week, suggesting that Apple is ten years behind on security. But having spent some time on an analysis that no-one has used, I guess I’ll use it here – it ...
Posted 02 May 2012 by David Harley
tags: Apple, Microsoft, David Harley, Mikko Hypponen, Eugene Kaspersky, Trustworthy Computing, OSX/Flashback, Gatekeeper, XProtect, CVE-2012-0507, NT, OS X
1
comment
Apple OS X and Risk Reduction
Some of the confidence Mac users have in the security of their chosen operating system derives from over-reliance on proactive patching. This outbreak highlights the need to be aware that patching of known vulnerabilities in system software or applications is not necessarily prompt enough to foresta ...
Posted 16 April 2012 by David Harley
tags: David Harley, SabPab, SabPub, Java, Flashback, patching, updates, anti-virus, Java, Flash Player, Adobe Reader
0
comments
Flashbacks and Backtracks
If you follow my Mac Virus blog, you’ll have noticed that I’ve been tracking some of the coverage of Mac malware incidents to hit my radar in the last couple of weeks. In fact, hits on Mac Virus have been skyrocketing in the past 24 hours, so perhaps this a good time to recap on a couple ...
Posted 06 April 2012 by David Harley
tags: David Harley, Mac Virus, OS X malware, Flashback, AlienVault, CVE-2011-3544, MS09-027, iOS, Flashback, botnet, Java, updates, CVE-2012-0507
1
comment
OS X Malware: A Steady Trickle
I’m guessing that the myth of OS X invulnerability to malware is pretty much busted by now: at any rate, there has been wave after wave of OS X-related malware reports in the past week or two. Sophos were the latest big name to weigh in on the OSX/Imuler malware that DrWeb, Intego, ESET and yo ...
Posted 26 March 2012 by David Harley
tags: David Harley, Intego, SecureMac, F-Secure, Sophos, ESET, DrWeb, Imuler, OSX, Flashback, Twitter, Tibet, Renzin Dorjee, Irina Shayk
0
comments
OSX/Imuler: the Image-Conscious Trojan
Intego recently posted some information on its blog concerning the Imuler information-stealing Trojan. The variant that Intego calls OSX/Imuler.C uses a different stealth/social engineering technique to that used by previous variants. It seems to be intended to spread via .ZIP archives containing th ...
Posted 16 March 2012 by David Harley
tags: David Harley, Intego, ESET, OS X, malware, OSX/Imuler, JPG, APP, deceptive icon, file extensions, Finder advanced preferences
0
comments
Security Professionals Do Use AV: Even On Macs…
I’m slightly surprised to realize it’s almost exactly a month since I blogged here, but I was travelling for a lot of that time (a slightly confusing mixture of work and vacation). Still, I’m pleased to see that an email conversation I had with Esther Shein about OS X, security, th ...
Posted 12 March 2012 by David Harley
tags: Mac, OS X, Apple, David Harley, Infosecurity Magazine, Charlie Miller, Steve Santorelli, security software, Esther Shein, anti-virus software
0
comments
Malware: a Matter of Definition
Kurt Wismer has just put up a blog asking is the iphone really malware free? (Don’t be put off by the trademark absence of capitalization). Wismer is not illiterate and very far from stupid, asks some very pertinent questions, and his commentary is always worth reading. In fact, if keeping the ...
Posted 13 February 2012 by David Harley
tags: David Harley, Kurt Wismer, Apple, iOS, Google, Android, adware, malware, possibly unwanted, possibly unsafe, riskware
0
comments
iOS Jailbreaking: Does Absinthe Make the Heart Grow Fonder?
Kevin Townsend asked me for my opinion on iGadget jailbreaking, in the light of the recent release of Absinthe, a jailbreaking tool for the iPhone 4s and iPad 2. As a result, I’m quoted in a useful article for Infosecurity magazine here that also includes quotes from luminaries such as David E ...
Posted 23 January 2012 by David Harley
tags: Apple, jailbreaking, Absinthe, David Harley, Charlie Miller, Android, antivirus, iOS
0
comments
I Keep Getting Flashbacks
2012 was looking quite quiet in Apple security terms up to now, but I see that the guys behind the OSX/Flashback Trojan are quietly beavering away. No sooner had  Apple updated XProtect, a system utility that provides a certain amount of protection against a selection of OS X-targeting malware, ...
Posted 16 January 2012 by David Harley
tags: XProtect, Intego, David Harley, Apple, OSX/Flashback
0
comments
Small Eruption in Peru*: Not Many Infected
[This is probably my last article here for 2011. Compliments of the season to you all.] Inevitably, my attention was drawn last week to an article on Mich Kabay’s Infosec Perception based on an essay by student Jeremy Legendre: Macintosh Malware Erupts. Well, I’m not in the business of ...
Posted 19 December 2011 by David Harley
tags: malware, Mac, Mac Defender
0
comments
Carrier IQ: Not Just an Android Issue
Unless you’re currently trekking through the Gobi, you’ve probably caught some of the fuss about Carrier IQ, accused of conduct resembling a rootkit more than legitimate logging. I think that some of the indignation has been a little overdone, as I commented here, but there are certainly ...
Posted 01 December 2011 by David Harley
tags: David Harley, chpwn, Carrier IQ, Dan Raywood, Android, iOS, Trevor Eckhart, HTC, iPhone, Blackberry, RIM, Nokia, Tim Worstall
0
comments
iPaddling in Corporate Waters
Computer Weekly, in an article I mentioned in my previous blog here, notes that Tablet device ownership among mobile employees increased from 33% in the second quarter of 2011 to 44%.That statistic dovetails quite neatly with a study from ComScore on Digital Omnivores: How Tablets, Smartphones and C ...
Posted 18 November 2011 by David Harley
tags: David Harley, Infosecurity Magazine, virtual conference, iPad, iPass, tablets in business, smartphones, Comscore
0
comments
Goodbye Blackberry Way?*
iPass tells us that a recent survey (n = 2,300) indicated that the iPhone now has 45% marketshare in the enterprise, whereas use of the Blackberry is down (slightly) to 35%. While Blackberry has traditionally been the weapon of choice for the security-conscious corporate IT administrator, Apple ...
Posted 18 November 2011 by David Harley
tags: David Harley, iPass, iPhone, Android, Blackberry, corporate security, liability versus risk, App Store, Android Market
0
comments
Apple Content in Infosecurity Virtual Conference
It occurs to me that something (else) I haven't mentioned here is that Infosecurity magazine is running one of its virtual conferences on November 8th, with the virtual doors opening at 10.30 EST. If you're interested in Apple security this plenty to interest you on the agenda: Between 13.30 ...
Posted 07 November 2011 by David Harley
tags: David Harley, Infosecurity Magazine, virtual conference, #USVC, iPad, Apple malware, Mac OS, Windows, Unix
0
comments
What the Devil(Robber)?
It occurs to me that while I wrote here about the interesting but apparently work-in-progress OSX/Tsunami (or Kaiten) port from Linux to OSX a while back, I haven't had the chance to mention the even more interesting (at least in terms of sophistication) OS X Devilrobber here, even in passing. ...
Posted 07 November 2011 by David Harley
tags: David Harley, OSX/Devilrobber, OSX/Miner, Linux, OSX/Tsunami, F-Secure, Mac Virus, Mac malware descriptions
0
comments
OSX/Tsunami: flooding new markets
Matt Hartley asks the question “Linux Malware: Are We There Yet?”  It seems strange, after so much exposure to the view that OS X is intrinsically so much safer than Windows, to read a piece calling attention to the fact that Linux users should not be complacent about malware. And, ...
Posted 28 October 2011 by David Harley
tags: David Harley, OS X malware, Graham Cluley, Philippe Devallois, Linux, Kaiten, ESET, Sophos, Intego, Backdoor, botnet, Trojan, IRC, DDoS
0
comments
Social Engineering: A Real Persistent Threat
I hear a great deal about 0-day attacks, and a great deal of security vendor PR is (depending on market sector) predicated on the assumption that 0-days are the most prevalent threat. Notwithstanding some highly visible 0-day attacks over the years, I don’t believe that to be true. In fact, I ...
Posted 15 October 2011 by David Harley
tags: David Harley, Dancho Danchev, Microsoft, Mac OS, OS X, Windows, social engineering, zero-day attack
0
comments
Virus Bulletin and the Mac, then and now
Last week I was in Barcelona for this year's Virus Bulletin conference (the 21st, which makes me feel very old even though I wasn't there at the beginning!). The first time I presented there was in 1997, when I talked about the Mac threatscape at that time . At that point, I was working in medical i ...
Posted 12 October 2011 by David Harley
tags: David Harley, Methusela Cebrian Ferrer, SecureMac, Sophos, Virus Bulletin, Mac Virus, Larry Bridwell
0
comments
HyperCard Viruses? You're History!
I see that Graham Cluley has revised his excellent timeline article The short history of Mac malware: 1982 – 2011 on Sophos' Naked Security blogsite, bringing it up to 2011. (Thanks for the namecheck, Graham.) As regards HyperCard viruses, I have seen it asserted that the first ...
Posted 03 October 2011 by David Harley
tags: David Harley, Graham Cluley, Sophos, Naked Security, HyperCard, Dukakis, MerryXmas, HC, Two Tunes, Three Tunes, MacMag, virus, stack, dropper
0
comments
Apple Raises the "Anti" for Revir, but Intego gets Flashbacks
The H (Heise) reported today that Apple has added detection for OSX/Revir to its XProtect facility, provided in OS X versions since Snow Leopard. While I'm not the biggest fan of the XProtect approach to malware management (I'll go into that another time), Apple are to be commended on the ...
Posted 27 September 2011 by David Harley
tags: Revir, Flashback, XProtect, David Harley, Intego, Flash Installer
12NEXTLAST
Showing 1 - 20 of 27 blogs
View the RSS feed for this blog »
Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012