Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

An effective way to treat Web 2.0 vulnerabilities

I'm personally a huge fan of the Matasano blog, and have a lot of respect for their group.  I took a peek over at their blog today and noticed an article by Dave Goldsmith that deals with "Vulnerability Reporting in a Web 2.

June 27, 2008 by Nathan McFeters


Critical security alert issued for Tor

If you use Tor for anonymity/privacy on the Web, you might want to pay attention to this critical security announcement from project leader Roger Dingledine.According to the advisory, a known vulnerability in the Debian GNU/Linux distribution's OpenSSL package could allow an attacker to figure out private keys generated by these buggy versions of the OpenSSL library.

June 27, 2008 by Ryan Naraine


Internet Explorer 'feature' causing drive-by malware attacks

My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks.The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.

June 27, 2008 by Ryan Naraine


Security researchers hack the London underground train for free ride

A group of Dutch security researchers were able to clone the "smartcards" that commuters use to pay fares in the London Underground system, allowing the group to ride for free.  This is an interesting attack vector that I actually talked to Adam Laurie about when I was at Black Hat Amsterdam.

June 26, 2008 by Nathan McFeters


ICANN and IANA's domains hijacked by Turkish hacking group

What happens when the official domain names of the organizations that issue the domain names in general, and provide all the practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community.

June 26, 2008 by Dancho Danchev


Tech heavyweights launch security response consortium

Interesting bit of news coming out of the FIRST Conference in Vancouver today:  Five big-name IT firms have created a non-profit consortium aimed at "proactively driving excellence and innovation in security response."The group -- called ICASI (Industry Consortium for Advancement of Security on the Internet) -- counts Cisco, IBM, Intel, Juniper Networks and Microsoft Corp among its founding members.

June 26, 2008 by Ryan Naraine

1 Comment

Zero-day flaw haunts Internet Explorer

An unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:Do you believe in ghosts?

June 25, 2008 by Ryan Naraine


Yahoo swats serious cross-site scripting bug

Web application security firm Cenzic has flagged a serious cross-site scripting vulnerability affecting millions of Yahoo Mail users.The flaw, which was patched by Yahoo on June 13,  opened the door for hackers to steal Yahoo identities and gain access to users' sensitive and private information.

June 24, 2008 by Ryan Naraine