Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

Safari browser flaw: Session fixation attacks possible

Another day, another unpatched Safari browser vulnerability.According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.

July 28, 2008 by Ryan Naraine

14 Comments

Evilgrade: Exploit toolkit pwns insecure online updates

A security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

July 28, 2008 by Ryan Naraine

17 Comments

Airport security part 6: Skimming at airport kiosks

We've talked a lot about airport security here (see other links at the bottom of this article), but one thing we haven't covered yet is airport kiosks.  Not that they haven't caught my attention, there's just so much wrong at the airport, it takes time to cover it all.

July 28, 2008 by Nathan McFeters

6 Comments

Responding to the DNS vulnerability and attacks

The DNS vulnerability, which has completely dominated the news in the security world the last two weeks, has been a concern for so many.  On the front of good news and getting things protected, the IBM ISS has team has published some great information.

July 28, 2008 by Nathan McFeters

6 Comments

Gaping holes in RealPlayer patched

Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks.The patch comes a few hours after Secunia released an advisory warning for one of the vulnerabilities, a heap-based buffer overflow caused by a design error within RealPlayer's handling of frames in Shockwave Flash (SWF) files.

July 25, 2008 by Ryan Naraine

16 Comments

Microsoft joins 'patch DNS now' chant; Apple patch missing

On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks.The Redmond, Wash.

July 25, 2008 by Ryan Naraine

15 Comments

Britain moves against illegal file sharing

CBC News out of Canada is reporting that British ISPs are making an aggressive move against illegal file sharing by implementing a program designed to discover copyright violators, who will be sent warning letters and may potentially have their internet connections disconnected.For more on the article, read below.

July 25, 2008 by Nathan McFeters

36 Comments

GMail adds "https:"-only connections but still not by default

Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default.In the Settings tab, at the very bottom, GMail users can now select an "Always use https" option for stronger security, especially when connecting via Wi-Fi.

July 25, 2008 by Ryan Naraine

8 Comments