Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

Adobe Flash drive-by attacks redux

Adobe has finally issued an almost-definitive statement on the reports of a zero-day attack targeting its flagship Flash Player, suggesting (kinda) that the vulnerability is already patched.

May 28, 2008 by Ryan Naraine

2 Comments

Dan Geer leaves Verdasys for In-Q-Tel

Dan Geer, a risk-management pioneer who is often described as "the dean of the security deep-thinkers' set," has left Verdasys to join In-Q-Tel as chief information security officer.Geer (left) will remain on the masthead at Verdasys as Chief Scientist Emeritus.

May 28, 2008 by Ryan Naraine

1 Comment

Adobe Flash zero-day exploit in the wild

[ See important update to this story here ]Malware hunters have spotted a previously unknown -- and unpatched -- Adobe Flash vulnerability being exploited in the wild.The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

May 27, 2008 by Ryan Naraine

53 Comments

Scam calls... something we've forgot about?

I was thinking about the problem of identity theft today and looked back at notes I took during Nitesh Dhanjani and Billy Rios's presentation at Black Hat and Blue Hat recently and I came to the realization that our government should be doing more about this crap.You see, identity theft is an economy itself.

May 27, 2008 by Nathan McFeters

85 Comments

Cisco confirms possibility of IOS rootkits

On the heels of an EUSecWest conference presentation on malicious rootkits for Cisco IOS (see background), Cisco's security response team has published a must-read document confirming that stealthy malware can be loaded on the software used on the vast majority of its routers and network switches.Cisco warns:It is possible that an attacker could insert malicious code into a Cisco IOS software image and load it onto a Cisco device that supports that image.

May 27, 2008 by Ryan Naraine

1 Comment

Who keeps failing their FISMA compliance?

The recently released U.S Federal Computer Security Report Card for 2008, indicates that several critical to national security departments continue failing to implement the Federal Information Security Management Act (FISMA).

May 26, 2008 by Dancho Danchev

1 Comment

Open source software security improving

You cannot say something's good or bad unless you benchmark or compare it against something else. According to the Linus's Law, "given enough eyeballs, all bugs are shallow", a mentality which when combined with static code analysis of the most popular and widely used open source projects such as Firefox, Linux and PHP and benchmark it against 250 other open source projects, can truly make an impact.

May 26, 2008 by Dancho Danchev

5 Comments

Top ten worst spam registrars notified by ICANN

In a reponse to the recently released cluster analysis of the top 10 worst domain registrars in terms of spam and junk content hosting domains, the ICANN has taken steps to approach the non-compliant registrars :More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database.

May 26, 2008 by Dancho Danchev

4 Comments