The man who wrote the book on Microsoft's highly rated SDL (Security Development Lifecycle) believes buffer-related security vulnerabilities found in Windows Vista should be downgraded because of back-up mitigations built into the operating system.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
Flickr users, beware. Identity thieves are using fake "photo packages" to trick you into giving up your Yahoo username and password.
Are pump-and-dump spammers really making money from hyping penny stocks in e-mails? Paul Moriarty has the answer and it's an eyebrow-raising sight.
The two DNS root servers "badly affected" by last month's intense denial-of-service attack were the only two targeted that have not yet installed the Anycast load balancing technology, according to a report (.pdf) released by ICANN.
Microsoft's Patch Tuesday train will be empty this month.A advance notice from Redmond says there are no security updates on tap for Tuesday, March 13, the day set aside for software fixes.
The botnet operator behind the virulent Nirbot Trojan is having a field day taunting anti-virus researchers. While it is common to find messages and shout-outs buried in virus code, the person(s) behind Nirbot is rather talkative, leaving hostile threates directed at specific individuals, a strange apology for something involving "hospital computers" and even a mock CNN interview that discusses the bot's intent.
Symantec has snapped up a tiny software start-up in Virginia to help with its big plans in the compliance and security risk management space.
Amidst concerns that pedophiles are using public Tor (the Onion Router) servers to trade in child pornography, über-hacker HD Moore is building a tracking system capable of pinpointing specific workstations that searched for and downloaded sexual images and videos of kids.
Looking to recover from a stock-options backdating scandal that ripped apart its management team, McAfee is giving the corner office to EMC executive David DeWalt.
Multiple flaws in Apple's QuickTime media player could put millions of Windows and Mac users at risk of code execution attacks, Apple confirmed in an advisory issued today.
The U.S. government's NOAA (National Oceanic and Atmospheric Administration) Web site has been hijacked by spammers peddling prescription pills.
An unknown cracker broke into a server hosting downloads of the popular WordPress blogging software and rigged the file with a remotely exploitable code execution vulnerability.News of the hack comes directly from WordPress creator Matt Mullenweg: "If you downloaded WordPress 2.
For years, we've been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine. Not so fast, says Joanna Rutkowska, a security researcher at COSEINC Malware Labs.
Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished name. Maynor kicked off a presentation at the Black Hat DC 2007 with a demo of the attack against a MacBook running Mac OSX 10.
Stefan Esser's month of PHP bugs project is off and running with details on three unpatched vulnerabilities that could lead to program crashes and possible code execution attacks. The first batch of flaws published on the project home page covers two recursion stack overflows and a reference counter overflow.