Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

Week of Windows Vista bugs?

On the Full Disclosure mailing list comes this announcement from a group of anonymous security researchers: During one week (2007-04-02/08), new undisclosed vulnerabilities / flaws / exploitation techniques discovered in the latest versions of the Microsoft Windows Vista operating system and softwares will be publicly disclosed on this page. This project is launched as a challenge by an unofficial team of security experts.

March 30, 2007 by Ryan Naraine

5 Comments

Trojan masquerades as IE 7 downloads

Spammers are using fake Internet Explorer 7 (Beta 2) downloads to lure Windows users into downloading a nasty backdoor Trojan.The fake downloads are part of a massive spam run that includes an official-looking graphic (see image below) linked to Web sites that auto-launch an executable named "ie7.

March 29, 2007 by Ryan Naraine

19 Comments

Microsoft confirms Windows zero-day, drive-by exploits

[UPDATE: March 29, 2007 @ 1:15 PM Eastern] Microsoft has confirmed that this is indeed a zero-day flaw that will require a security update. Although Internet Explorer is the primary attack vector, this is a vulnerability in the way Windows handles animated cursor (.

March 29, 2007 by Ryan Naraine

64 Comments

Exploit published for gaping (patched) IE hole

If you haven't applied the "critical" patch in Microsoft's MS07-009 bulletin, now might be a good time to hit that download-and-install button.Detailed exploit code for the vulnerability -- discovered during HD Moore's MOBB (month of browser bugs) project and fixed on Patch Tuesday in February -- has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.

March 26, 2007 by Ryan Naraine

7 Comments

Microsoft to 'killbit' MSXML4

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

March 26, 2007 by Ryan Naraine

3 Comments

How long can a Mac survive the hacker jungle?

Apple's Mac OS X has a date with some of the world's smartest hackers.At this year's CanSecWest 2007 conference in Vancouver, BC, a "PWN to OWN" contest will pit security researchers against a MacBook Pro in an experiment to see how well a default Mac OS X install can survive hacker scrutiny.

March 26, 2007 by Ryan Naraine

114 Comments

Vista's Windows Mail vulnerable to file-execution attack

A design error in Microsoft's Windows Mail, the e-mail application bundled into Windows Vista, could expose users to remote file-execution attacks, according to a warning from security researchers.A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user is tricked into clicking a malicious link.

March 23, 2007 by Ryan Naraine

49 Comments