Articles by John Hawes

About John Hawes

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.

Phishing boom in China bucks global trends

Fish. Image courtesy of Shutterstock.

There's been a sharp upturn in the numbers of phishing pages observed, with the majority of them hosted in China and targeting Chinese victims and sites, according to analysis of world phishing trends from the Anti-Phishing Working Group (APWG).

8 charged in AT&T ID theft fraud case, including outsourced contractor

8 charged in AT&T ID theft fraud case

"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.

Texan liquor chain Spec's leaks 550k card details in 17 month breach

Texan retail chain Spec's leaks 550k card details in 17 month breach

Spec's, the fifth largest wine retailer in the US, has leaked 550,000 customers' card details, after some of its systems were compromised for close to 17 months.

Phony tech support scammer escapes with a slap on the wrist

Phony tech support scammer escapes with a slap on the wrist

In another case of a tech support cold calling scam, it seems Microsoft's free basic anti-malware was being installed for a fee ranging from £35 to £150. The owner of the support company insisted that his Indian call centre staff had carried out the scams against his wishes.

World Backup Day - are your important files backed up?

World-Backup-Day_2014-250

Today is World Backup Day! If your storage system fails, at work or at home, any valuable data could be lost for good. It's an essential task, but can be as simple or as complex as you choose. Here's our best practice for backing up your data.

Three indicted over $15 million identity theft spree

Cards. Image courtesy of Shutterstock.

Three men have been indicted in a New Jersey court, charged with participating in an identity theft conspiracy which could have cost its victims upwards of $15 million.

DDoS attack takes out NATO websites, Ukraine connection claimed

DDoS attack takes out NATO websites, Ukraine connection claimed

Pro-Russian Ukrainian hacktivist group, 'Cyber Berkut', claim to be behind the attacks on the main NATO public website. NATO insisted there was "no operational impact", but further cyber incidents are likely to emerge from the current political struggle between Russia and Ukraine.

Even big-name brands score badly in website password practices

Login. Image courtesy of Shutterstock.

Two-thirds of the UK's top 100 e-commerce sites are happy for their users to protect their account with feeble passwords such as "password" or "123456". This and other shocking password security practices in this study from Dashlane on UK ecommerce sites.

Another two universities suffer data breaches, but notification still too slow

Keyboard. Image courtesy of Shutterstock.

Universities seem to be evergreen targets for hackers, with two more breaches announced in the past week or so. This time it's the turn of North Dakota University System and Johns Hopkins University in Baltimore, Maryland.

Can we test protection against targeted attacks?

Target. Image courtesy of Shutterstock.

In my day job as a tester of anti-malware solutions, I often get asked the same question: how do I plan to test against Advanced Persistent Threats, aka APTs? These threats are very different from your everyday malware, and testing protection against them turns out to be a very different kind of task.

1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

1 in 30 are hit by CryptoLocker, and 40% pay the ransom

An annual survey on computer security issues run by a UK university was published last week. Its stats on the prevalence of ransomware, and how many people give in to the crooks and pay the ransom, raised some eyebrows.

Our brains work hard to spot phishing scams, but still often fail

Our brains work hard to spot phishing scams, but still fail

Scientists have found a significant increase in brain activity related to problem-solving and decision-making when spotting fake sites. But despite the extra brain-power, it seems we're still pretty bad at it, averaging just a 60% accuracy rate.

Scareware pusher loses appeal against epic $163 million fine [POLL]

Ghost. Image courtesy of Shutterstock.

Kristy Ross, employee at rogue anti-virus pushers Innovative Marketing Inc., dragged her appeal against her whopping $163 million fine through the courts for years - and has lost. Do you think the fine fits the crime?

Jail time for university hacker who changed his grades to straight As

Jail time for university hacker who changed his grades to straight As

Three former Purdue University students are thought to have altered their grades by breaking into staff offices and attaching keyloggers to computers operated by class professors, possibly by replacing the keyboards with doctored versions.

US Attorney General calls for unified data breach notification laws

Eric Holder

US Attorney General Eric Holder has used his weekly video message to demanded Congress get busy developing a "strong national standard" for breach notifications in the wake of the Target and Neiman Markus leaks.

Financial sector hit hard by data breach cleanup costs

Mop and bucket. Image courtesy of Shutterstock.

Cybercrime is all about the money. And, in the end, that money leads back to the financial sector. Banks, credit unions, insurers and everyone charged with looking after our money and covering us when something bad happens are starting to feel the pinch from the steady growth in cybercriminality.

2013 an epic year for data breaches with over 800 million records lost

Flowing tap. Image courtesy of Shutterstock.

If it felt like the last year saw more and bigger data breaches than usual, well, that's because it did.

Why we need to rethink how we view security

Why we need to rethink how we view security

When we look at some of the biggest security headlines of the past year - Target data breach, Cryptolocker ransomware, Snowden/NSA leaks - there's one big lesson we can all be taught: secure everywhere.

Eleven US schoolkids expelled for hacking teacher accounts, bumping up grades

Eleven CA schoolkids expelled for hacking teacher accounts, bumping up grades

A group of teenagers at the Corona del Mar High School in Orange County, California, used a hardware keylogger to snoop on their teachers' login and password details. Why are school networks so vulnerable, and how can you prevent keylogging?

Regional eBay and PayPal sites latest targets for SEA

Regional eBay and PayPal sites latest targets for SEA

The Syrian Electronic Army has been at it again, with eBay and PayPal its latest victims. The compromise appears to have allowed doctoring of some local webpages, and no personal or financial data is thought to have been breached.