Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]  The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook.The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user's session identification cookies, deliver pop-up messages or change the color of Facebook pages.

August 25, 2008 by Ryan Naraine

11 Comments

Red Hat (belatedly) confirms security breach

More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH packages.The confirmation follows eight days of media speculation and conjecture over a brief e-mail that simply mentioned "an issue in the infrastructure systems" and calls into question Red Hat's ability to promptly -- and accurately -- disclose security breaches.

August 22, 2008 by Ryan Naraine

111 Comments

Websense reports China Netcom DNS cache poisoning

The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits.According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer,  Adobe Flash Player and Microsoft Snapshot Viewer.

August 21, 2008 by Ryan Naraine

3 Comments

Nokia and Sun confirm S40, Java ME vulnerabilities

According to published reports, Nokia and Sun have both confirmed the existence of serious security problems in the Series 40 and Java Platform Micro Edition (Java ME) , giving instant credibility to the claims by Polish hacker Adam Gowdiak.

August 21, 2008 by Ryan Naraine

1 Comment

More security holes appear in Microsoft Office

In addition to this long list of missing Microsoft patches, there are at least three serious (unpatched) vulnerabilities in the Microsoft Office productivity suite.On August 12, the same day Microsoft released a slew of Office patches, TippingPoint's DV Labs published a bare-bones advisory warning about a new high-risk Office flaw that allows code execution attacks.

August 21, 2008 by Ryan Naraine

18 Comments

Exploit code published for Apache Tomcat flaw

The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available.The code, posted to Milw0rm.

August 21, 2008 by Ryan Naraine

12 Comments

FEMA's PBX network hacked, over 400 calls made to the Middle East

Someone's been chatting a lot during the weekend, but picking up FEMA's PBX network as their main carrier might not have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :"A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.

August 20, 2008 by Dancho Danchev

Comments