Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

Black Hat talk on Apple encryption flaw pulled

Brian Krebs from the Washington Post "Security Fix" Blog reported that one of the talks slated for next week's Black Hat convention on a previously undiscovered flaw in Apple's FileVault encryption system has been canceled, the researcher citing confidentiality agreements as the reason he will not be speaking.The article states:Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac.

July 31, 2008 by Nathan McFeters

20 Comments

Web worms squirm through Facebook, MySpace

My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.

July 31, 2008 by Ryan Naraine

39 Comments

CSRF vulnerability allows Twitter 'follow' abuse

Last week, TechCrunch's Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called "johng77536" to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.The "johng77536" account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new vulnerability that lets users easily game the "follow" system.

July 31, 2008 by Ryan Naraine

1 Comment

HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame

A week after |)ruid and HD Moore release part 2 of DNS exploit, HD Moore's company BreakingPoint has suffered a traffic redirection to a rogue Google site, thanks to the already poisoned cache at AT&T servers to which his company was forwarding DNS traffic :"It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer.

July 30, 2008 by Dancho Danchev

14 Comments

OS fingerprinting Apple's iPhone 2.0 software - a "trivial joke"

Just like every decent web service out there wanting to identify the iPhone's mobile Safari browser in order to serve custom applications, in this very same way malicious attackers would like to remotely identify iPhone devices through a basic pen-testing practice known as OS detection or OS fingerprinting. It seems that the difficulty level of identifying an iPhone device using nmap's criteria is a "trivial joke", namely, it's too easy to accomplish :"So, nmap 4.

July 30, 2008 by Dancho Danchev

4 Comments

Gary McKinnon – 'world's most dangerous hacker' – to be extradited

The Guardian, out of the United Kingdom, is reporting that Gary McKinnon, the "world's most dangerous hacker", will be extradited to the United States to face criminal hacking charges. McKinnon, a 42 year old unemployed systems administrator from north London, allegedly hacked into systems belonging to the US army, navy, air force, and Nasa in 2001.

July 30, 2008 by Nathan McFeters

23 Comments

Evolution is punctuated equilibria

Guest editorial by Dino Dai ZoviIn evolutionary biology, the theory of punctuated equilibiria states that evolution is not a gradual process but instead consists of long periods of stasis interrupted by rapid, catastrophic change.  This is supported by fossil evidence that shows little variation within a species and new species that appear to come out of nowhere.

July 29, 2008 by Ryan Naraine

11 Comments

Fortify warns of configuration weaknesses in SOA deployments

Security code review specialists Fortify Software has issued a warning about major configuration weaknesses affecting SOA (service oriented architecture) deployments from IBM, Microsoft and Apache.According to Fortify, certain configurations of Apache Axis, Apache Axis 2, IBM WebSphere 6.

July 29, 2008 by Ryan Naraine

1 Comment