Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

HP plugs latest ActiveX software update flaw

HP has plugged another ActiveX vulnerability in its software update application.The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows.

April 28, 2008 by

6 Comments

Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers

There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack. For those of you who aren't familiar with SQL Injection attacks, it's a pretty well known web application attack vector that exists in high volume on dynamic applications, say for instance, on your banking site.

April 28, 2008 by Nathan McFeters

136 Comments

More URI handler issues to come

Rob Carter, Billy Rios, and I have been blogging about and speaking at conferences like Black Hat and ToorCon all year on the subject of URI handler abuse.  One might think these types of flaws are soon to go away, but one look at SecurityFocus and FullDisclosure today and you can see that's not the case.

April 25, 2008 by Nathan McFeters

Comments

LendingTree insiders leak customer data

LendingTree, an online loan referral service owned by IAC, has informed select customers that their confidential data has been leaked to "a handful of lenders" by company insiders.An email to customers that may have been impacted by the breach refers folks to an FAQ that's basically hidden on the LendingTree site.

April 22, 2008 by

7 Comments