Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Mac OS X vulnerable to 6-month old Java flaw

Mac OS X vulnerable to 6-month old Java flaw

Attention Mac OS X users:  Turn Java off immediately or you could be at high risk of malicious code execution attacks.Tired of waiting for a patch from Apple for a Java flaw that was fixed upstream six months ago, Mac developer Landon Fuller (of Month of Apple Bugs/Fixes fame) has released a proof of concept exploit to demonstrate the severity of the issue.

May 20, 2009 by in Enterprise Software

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

It took only a week for the researchers at SourceSec to find a flaw in the CAPTCHA implementation of D-Link's recently introduced CAPTCHA in its routers, originally aimed to prevent DNS changing malware from automatically achieving its objective.According to SourceSec, the flawed implementation allows an attacker/malware to retrieve the router's WPA passphrase with user-level access only, and without even a properly solved CAPTCHA.

May 19, 2009 by in Security

Study: password resetting 'security questions' easily guessed

Study: password resetting 'security questions' easily guessed

How secret are in fact the 'secret questions' used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled "It's no secret: Measuring the security and reliability of authentication via 'secret' questions" according to which 17% of the study's participants were not only able to answer the 'secret questions' of strangers, but also, that the most popular questions were in fact the easiest ones to answer.

May 18, 2009 by in Security

Apple eliminates CanSecWest Pwn2Own flaws

Apple eliminates CanSecWest Pwn2Own flaws

Here's a little ditty that was almost lost in the sheer volume of this week's Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year's CanSecWest Pwn2Own hacking contest.The two flaws were used by Charlie Miller and a German researcher known only as "Nils" to launch successful drive-by download attacks against Apple's Safari browser.

May 14, 2009 by in Apple

Apple snags ex-OLPC security chief

Apple snags ex-OLPC security chief

Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system.Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security.

May 13, 2009 by in Apple

Adobe plugs PDF Reader zero-day holes

Adobe plugs PDF Reader zero-day holes

Adobe joined the Patch Tuesday barrage late yesterday, dropping fixes for a pair of code execution holes affecting its Adobe Reader and Acrobat products.[ SEE: Exploit posted for brand-new Adobe PDF zero-day ] The critical update (APSB09-06) addresses a publicly known vulnerability that was being exploited with booby-trapped PDF files.

May 13, 2009 by in Enterprise Software

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows).

May 12, 2009 by in Apple

Pirated Windows 7 leads to malware, botnet

Pirated Windows 7 leads to malware, botnet

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft's Windows 7 for the express purpose of building a botnet.According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

May 12, 2009 by in Windows

D-Link adds CAPTCHA to home routers

D-Link adds CAPTCHA to home routers

On the heels of a series of malware attacks targeting home routers, D-Link today announced the integration of a CAPTCHA system to its home and small office routers.The new CAPTCHA system will be particularly useful to thwart malicious attacks that target default passwords on routers to alter DNS records to hijack all future connections.

May 12, 2009 by in Networking

Microsoft plugs 14 PowerPoint security holes

Microsoft plugs 14 PowerPoint security holes

Microsoft has slapped a massive band-aid on its PowerPoint presentation software to cover at least 14 documented security vulnerabilities.The MS09-017 update, rated "critical," includes a fix for a known code execution flaw that was used to launch targeted exploits via rigged PowerPoint files.

May 12, 2009 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories