Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

FAA confirms data breach; 45,000 affected

A computer breach at the Federal Aviation Administration (FAA) has led to the theft of personal information on more than 45,000 employees and retirees, the agency confirmed this week.All told, the FAA said the hackers hijacked 48 files, two containing sensitive personal information that could expose the employees and retirees to identity theft.

March 5, 2009 by Ryan Naraine

33 Comments

Security holes in Apple Time Capsule, AirPort Base Station

Apple has released a firmware update with fixes for three documented security vulnerabilities affecting its Time Capsule and AirPort Base Station products.The vulnerabilities could lead to denial-of-service or information disclosure attacks via specially crafted packets.

March 5, 2009 by Ryan Naraine

2 Comments

Coming on Patch Tuesday: 3 Windows bulletins, 1 critical

Microsoft today outlined plans to ship three security bulletins for software vulnerabilities in the Windows operating system.One of the three bulletins will carry a "critical" rating, meaning that it will cover flaws that could be exploited to launch remote code execution attacks.

March 5, 2009 by Ryan Naraine

30 Comments

What is security transparency?

Guest editorial by Andrew StormsTransparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis.

March 4, 2009 by Ryan Naraine

Comments

Google downplays severity of Gmail CSRF flaw

Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by the browser in every request making the attack possible.

March 4, 2009 by Dancho Danchev

11 Comments

Bad, bad, cybercrime-friendly ISPs!

In a post-McColo, post-Atrivo and post-EstDomains cybercrime ecosystem, the researchers at FireEye have recently launched a "Bad Actors series" aiming to put the spotlight on some of the currently active badware actors online. The sampled ISPs represent safe heavens for drop zones for banker malware,  DNSChanger malware, rogue security software and live exploit URLs.

March 4, 2009 by Dancho Danchev

13 Comments

Why full disclosure is an important tool

Guest editorial by Danny QuistThis latest Adobe vulnerability has created a stir on some of the closed mailing lists regarding full disclosure. While I would have liked to think that this debate was over a long time ago, I now realize that everyone has disagreed to disagree.

March 3, 2009 by Ryan Naraine

3 Comments

Conficker worm to DDoS legitimate sites in March

Among the key innovations of the Conficker worm (W32.Downadup) was the pseudo-random domain generation algorithm used for the generation of dynamic command and control locations in order to make it nearly impossible for researchers and the industry to take them down.

March 3, 2009 by Dancho Danchev

7 Comments