David Harley

Check Chain Mail and Hoaxes

[For some reason I posted this several months ago on my Dataholics blog, when this one might have been at least as obvious a place to put it. I haven’t anything new to say on the topic: I’m just putting it here for completeness.] There was never much chance of ... Read More

Checking in on Facebook much too late last night, I noticed an invitation to connect from someone who is already a Facebook friend, so, as I always do, I sent them a message telling them that it looked as if their account had been cloned, and that several friends had ... Read More

One of the consequences of the ease with which a phone number can be spoofed, combined with the fact that scammers tend to know more about you than the tech support scammers of old, is that they can often spoof the customer services phone number that your bank or credit ... Read More

I’ve been seeing a certain amount of panic about Google’s inclusion of .zip and .mov in its recent launch of eight new Top Level domains (TLDs). While I don’t think adding to the list of TLDs that can be confused with filename extensions, I think the risks may have been ... Read More

Despite no longer being paid to provide consultancy to the IT security industry, I couldn’t resist catching up with an interesting BBC initiative called Scam Interceptors. Having been appalled in the past when Click actually bought a botnet*, thus feeding scammers in the name of investigative journalism and self-congratulation, I ... Read More

I may need to give up social media altogether. I can’t seem to avoid seeing scams in all directions, and I can’t seem to ignore them, even though writing about this stuff is no longer my living. Perhaps it’s a curse, or the result of a misspent life: I remind ... Read More

[This is an article – slightly edited – that was originally posted on the now defunct itsecurity.co.uk. I was reminded, a blog page to which a number of security researchers contributed articles independently of any commercial organizations for whom they might work. I was reminded of it by a repost ... Read More

Caveat: while I spent over 30 years in IT security, and though I often wrote about Facebook’s failings in that area over that time, I don’t have intimate knowledge of its inner workings, or foreknowledge of changes in its policies and interface. So, while I hope the following notes will ... Read More

While I’m not currently maintaining this site, I should flag the pretty good MacOS Malware Pedia implemented by Checkpoint. Hat tip to Virus Bulletin, who drew my attention to that page in their March 11th newsletter. Added to the Malware Descriptions page. David Harley Advertisements ... Read More

For the present, I’m not working in the security industry, so I shan’t be maintaining this blog, though I’ll keep it intact for the present in case people still find some use for what’s here. I don’t plan to look for another security job at present, but never say never: ... Read More