Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

The return of L0phtCrack

More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week's SOURCE Boston conference.

March 2, 2009 by Ryan Naraine

3 Comments

Design specs on the president's helicopter found on Iranian systems; leaked via P2P

Design specs on the President's helicopter, Marine One, have been found on an Iranian server, according to a security firm that gathers intelligence on peer-to-peer networks.According to P2P intelligence firm Tiversa, a soon-to-be-ex-employee of a Bethesda-based military contractor installed a P2P app on their cleared desktop and leaked out the design specs for the helicopter that carries the President from the White House to Air Force One.

March 1, 2009 by Adam O'Donnell

22 Comments

PHP plugs security holes

The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.With PHP 5.

February 27, 2009 by Ryan Naraine

1 Comment

URL rewriting can help thwart Web app attacks

A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks.According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting as a technique to ward off hackers looking to exploit Web app vulnerabilities.

February 27, 2009 by Ryan Naraine

13 Comments

Microsoft takes aim at Vista 'SoftMod' hack

Starting this week, Microsoft will ship an update to Windows Vista Ultimate users to ferret out cracked copies of its most expensive and feature-packed operating system.The renewed anti-piracy campaign is aimed directly at the activation exploit known as the "SoftMod hack," according to a post on Microsoft's WGA blog.

February 26, 2009 by Ryan Naraine

21 Comments

Research: 76% of phishing sites hosted on compromised servers

In a newly released paper entitled "Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing" Tyler Moore and Richard Clayton provide empirical evidence according to which 75.8% of the phishing sites that they've analyzed (2486 sites) were hosted on compromised web servers to which the phishers obtained access through Google hacking techniques (search engine reconnaissance).

February 25, 2009 by Dancho Danchev

1 Comment

Microsoft 'Fix it' automates fixing Windows problems

I'm a little bit late with this but it's such a useful move by Microsoft, I figured I'd point it out for Zero Day readers.Microsoft has been adding a nifty one-click "fix it" utility to its Knowledge Base (KB) articles to help end users solve Windows problems without having to navigate through the maze of instructions.

February 25, 2009 by Ryan Naraine

17 Comments

Google wants to buy Native Client security flaws

Google is (indirectly) buying security vulnerabilities from white hat hackers.Under the guise of a Native Client Security Contest, the search engine firm is offering big cash prizes to hackers who find bugs and other security flaws in the open-source research technology for running x86 native code in Web applications.

February 25, 2009 by Ryan Naraine

4 Comments

Adobe swings and misses as PDF abuse worsens

After more than two weeks (months?) of inexplicable silence on mitigations for a known code execution vulnerability in its Reader and Acrobat product lines, Adobe has finally posted public information on the problem but the company's response falls well short of providing definitive mitigation guidance for end users.

February 25, 2009 by Ryan Naraine

50 Comments