Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

iPhone vulnerable to phishing, spamming flaws

Security researcher Aviv Raff (left) has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks.According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which allow attackers to conduct phishing attacks.

July 23, 2008 by Ryan Naraine

41 Comments

Researchers borrow from Google PageRank for network defense service

Using a link analysis algorithm similar to Google PageRank, researchers at the SANS Institute and SRI International have created a new Internet network defense service that completely revamps the way network blacklists are formulated and distributed.The service, called Highly Predictive Blacklisting (.

July 23, 2008 by Ryan Naraine

Comments

McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position

Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products :"A recent ZDnet blog discusses a large number of vulnerabilities German research team N.

July 22, 2008 by Dancho Danchev

6 Comments

75% of online banking sites found vulnerable to security design flaws

In a paper entitled "Analyzing Web sites for user-visible security design flaws" to be published at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25, Atul Prakash and two of his doctoral students examined 214 financial institutions in 2006, finding that over 75% of all the sites have at least one security design flaw :"These design flaws aren't bugs that can be fixed with a patch.

July 22, 2008 by Dancho Danchev

12 Comments

RIM ships fix for BlackBerry code execution bug

Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.From the alert:A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service.

July 22, 2008 by Ryan Naraine

2 Comments

A look at the recent Firefox 3 vulnerability

True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3.  As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed widely through the use of a cross-site scripting attack vector.

July 22, 2008 by Nathan McFeters

6 Comments

E-gold owners plead guilty to money laundering

Wow, big morning!  If anyone has seen Nitesh Dhanjani and Billy Rios's talk on phishing and identity theft, which was presented at the last couple Black Hat conferences, and will be on display again at Black Hat Vegas, you know that the identity theft market is a huge problem.

July 22, 2008 by Nathan McFeters

13 Comments

Vulnerability disclosure gone awry: Understanding the DNS debacle

On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky (with the help of Black Hat conference organizers) invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday.""A synchronized release of this magnitude has not happened before," read the invitation sent to the Black Hat conference press list.

July 22, 2008 by Ryan Naraine

19 Comments

Has Halvar figured out super-secret DNS vulnerability?

[ UPDATE:  Kaminsky has all but confirmed that, yes, the cat is out of the bag ]It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar Flake.Clearly irked by a demand request from Kaminsky and others to avoid speculating on the details of the flaw until the patch is fully deployed, Flake (left) published a guess on how to reliably forge and poison DNS lookups.

July 21, 2008 by Ryan Naraine

29 Comments