[Added December 2011]
Hearing a PIN drop is an article published in Virus Bulletin in September 2011.
There is, of course, lots of information and research on password use and re-use. Most research is based on the analysis of known collections of exposed passwords to see which are the most commonly used. However, there is virtually no equivalent research concerning purely numerical passcodes, mostly because there are few (if any) publicly known repositories of known account/passcode pairs. This artilce presents preliminary findings from analysis of a data set of passcodes ordered by frequency of use provided by Daniel Amitay. (I hope to present a more detailed analysis of passcode selection strategies in 2012: the research project is ongoing.)
Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge, by permission of Virus Bulletin.
[2010, slightly edited in 2011]
This paper on Apple security was written and presented with Pierre-Marc Bureau, a friend and colleague at ESET, and Andrew Lee, then with K7 Computing but also a long-time friend and colleague and now CEO of ESET North America. “Perception, Security, and Worms in the Apple” was presented at the 2010 EICAR conference in Paris on 11th May 2010. Available here by kind permission of EICAR (http://www.eicar.org/).
Download here: EICAR Apple Security
And here’s a very old new item. In 1997 I made my very first security conference presentation at the Virus Bulletin Conference in San Francisco, and that was also about Mac security, though the Mac malware scene was very different then. Talking to other, younger researchers at EICAR 2010, I wasn’t particularly surprised that no-one had read it, but I was surprised that they were actually interested in reading it. So here, for its historical interest rather than contemporary relevance, is that very long paper on “Macs and Macros: the State of the Macintosh Nation”. Copyright is held by Virus Bulletin Ltd (http://www.virusbtn.com/) but the paper is made available on this site for personal use free of charge, by permission of Virus Bulletin.
Download here: vb97
David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer