Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

Google ships open-source Web security assessment tool

The Google security team has released a free, open-source Web app security assessment tool capable of flagging vulnerabilities and potential security threats in Internet-facing applications.The tool, called Ratproxy, is described as a passive Web application security audit tool designed to analyze legitimate, browser-driven interactions with tested Web applications -- to automatically pinpoint, annotate, and prioritize potential flaws or areas of concern on the fly.

July 1, 2008 by Ryan Naraine

3 Comments

Study: 637 million Google users surfing with insecure browser

According to a new study from researchers at Google, IBM and ETH Zurich, there are about 637 million Google users surfing the Internet with a vulnerable Web browser.Using data from Google search queries and security vulnerability aggregator Secunia, the study (HTML or PDF) found that a whopping 45 percent of Google users "were not using the most secure Web browser version on any working day from January 2007 to June 2008.

July 1, 2008 by Ryan Naraine

49 Comments

About that cellular interference...

So... maybe it is a real problem.  Pedram Amini (top picture on the right), noted researcher and reverse engineer, posted an article to the Tipping Point DVLabs blog on some interesting observations he made on cellular interference.

July 1, 2008 by Nathan McFeters

4 Comments

Apple plugs 25 Mac OS X security vulnerabilities

Apple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks.With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit.

June 30, 2008 by Ryan Naraine

36 Comments

Exploit code released for unpatched IE 7 vulnerability

Another day, another gaping hole affecting fully patched versions of Microsoft's Internet Explorer browser.According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6, IE 7, and IE 8 beta 1.

June 30, 2008 by Ryan Naraine

16 Comments

Big Brother Getting Bigger Part 1: USA

Eek, from Slashdot today:The FBI has confirmed to Popular Mechanics that it's not only adding palm prints to its criminal records, but preparing to balloon its repository of photos, which an agency official says 'could be the basis for our facial recognition.' It's all part of a new biometric software system that could store millions of iris scans within 10 years and has privacy advocates crying foul.

June 30, 2008 by Nathan McFeters

22 Comments

HSBC sites vulnerable to XSS flaws, could aid phishing attacks

What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within.

June 29, 2008 by Dancho Danchev

5 Comments

An effective way to treat Web 2.0 vulnerabilities

I'm personally a huge fan of the Matasano blog, and have a lot of respect for their group.  I took a peek over at their blog today and noticed an article by Dave Goldsmith that deals with "Vulnerability Reporting in a Web 2.

June 27, 2008 by Nathan McFeters

7 Comments