Violet Blue

Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.

Larry Seltzer

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years

Latest Posts

MacBook Pro hijacked with Safari zero-day

Hackers Dino Dai Zovi and Shane Macaulay teamed up to hijack a MacBook Pro laptop at the CanSecWest security conference here, effectively pouring cold water on the Mac faithful's belief that the machines are impenetrable.

April 20, 2007 by Ryan Naraine


Apple zaps 25 more Mac OS X bugs

Apple has issued a mega-update with patches for 25 new security vulnerabilities affecting Mac OS X users. This is the fourth update (89th security patch) issued by Apple in 2007.

April 19, 2007 by Ryan Naraine


Botnet herders pounce on Windows DNS RPC flaw

Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets. The latest twist in the ongoing attacks comes less than a week after Microsoft's pre-patch advisory provided clues for hackers to write and release detailed exploit code.

April 17, 2007 by Ryan Naraine


Oracle Patch Day: 37 flaws fixed

Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products. One of the bugs fixed in this patch batch dates back to 2003.

April 17, 2007 by Ryan Naraine


Microsoft's advisories giving clues to hackers

How's this for a new twist on the old responsible disclosure debate:  Hackers are taking advantage of information released in Microsoft's pre-patch security advisories to create exploits for zero-day vulnerabilities.The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the MSRC (Microsoft Security Response Center) about how much information should be included in the pre-patch advisory.

April 16, 2007 by Ryan Naraine


How to turn off RPC management of DNS on a large scale

In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

April 13, 2007 by Ryan Naraine


'Storm Worm' surge exposes AV deficiencies

The crime ring behind the latest Storm Worm-related malware attack (Techmeme discussion) is using new tactics to slip malicious executables past anti-virus defenses, serving up another black eye to an industry that already uses questionable tactics to find new customers.Arbor Networks researcher Jose Nazario flagged the poor anti-virus detections of the Storm Worm Trojan in a blog entry that noted the use of password-protected ZIP files to hide .

April 13, 2007 by Ryan Naraine