Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

An easy fix ignored

Guest post by Chris EngIn the wake of this morning's 25C3 presentation by Alex Sotirov and Jacob Appelbaum, most of the coverage I've read so far has focused on the technical details and real-world impact of their findings. Rightly so -- their paper describing the attack is a fascinating read filled with enough gory details to make any security practitioner salivate.

December 30, 2008 by Ryan Naraine

8 Comments

Microsoft pours cold water on WMP flaw warning

Microsoft is pouring cold water on public reports of a serious code execution vulnerability in the newest versions of its Windows Media Player software.Following the release of proof-of-concept code alongside a claim that the bug can be remotely exploitable to launch arbitrary code, a Microsoft spokesman insists this "is not a product vulnerability.

December 29, 2008 by Ryan Naraine

30 Comments

Santa left a virus under the Christmas tree

Amazon has warned its customers that one of Samsung's digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem.

December 27, 2008 by Adam O'Donnell

36 Comments

Microsoft confirms critical SQL Server vulnerability

Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

December 22, 2008 by Ryan Naraine

15 Comments

Speed camera 'pimping' attack highlights public identity weaknesses

In a brilliant physical-world example of what happens when too much value is placed upon open identification systems for determining reputation, a group of high school students are setting off speeding enforcement cameras using fake license plates belonging to their enemies.According to an article in the D.

December 22, 2008 by Adam O'Donnell

107 Comments

PlayStation Home virtual world hacked

Hackers are using a combination of DNS redirection, software vulnerabilities and the open-source Apache Web server to exploit holes in Sony's new PlayStation Home virtual world, according to a Telegraph report.The hack is allowing developers to customize their PlayStation Home experience beyond the options provided by Sony but there's a worrysome component to this platform weakness...

December 22, 2008 by Ryan Naraine

18 Comments

Thousands of legitimate sites SQL injected to serve IE exploit

Once again confirming the trend of having more legitimate sites serving exploits and malware than purely malicious ones, Chinese hackers have been keeping themselves busy during the last couple of days, launching massive SQL injection attacks affecting over 100,000 web sites.

December 17, 2008 by Dancho Danchev

58 Comments

Microsoft's incredible IE patch turnaround

Guest post by Eric SchultzeMicrosoft's latest Internet Explorer out-of-band patch release needs to be installed right away.  The number of infected websites is growing at an alarming rate -- even people visiting legitimate websites are getting hacked with this exploit.

December 17, 2008 by Ryan Naraine

44 Comments

Out-of-cycle IE7 patch is available

There isn't much to report just yet, but Microsoft has posted a patch for the widely exploited IE7 vulnerability.  After applying the patch, you should feel free to carry on with your previous activities.

December 17, 2008 by Adam O'Donnell

4 Comments