Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Latest Posts

Typo'd Google domains in Top 10 malware exploit sites

Typo'd Google domains in Top 10 malware exploit sites

Misspelled versions of two popular Google services are among the Top 10 sites hosting exploits for use in drive-by malware download attacks.On the heels of two massive drive-by attacks -- ten of thousands of hijacked sites launching attacks via the browser -- Google released a list showing that malicious hackers are typo-squatting on its domains to evade detection and to keep malware sites alive for long periods.

June 4, 2009 by in Enterprise Software

Email service provider: 'Hack into our CEO's email, win $10k'

Email service provider: 'Hack into our CEO's email, win $10k'

A newly launched startup called StrongWebMail is aiming to add a new layer of secure authentication for its customers - phone verification prior to logging in and alert services for potential email compromises.The company is in fact so confident in its approach that it's currently offering $10,000 reward to the person who breaks into the CEO's email.

June 2, 2009 by in Collaboration

20,000 sites hit with drive-by attack code

20,000 sites hit with drive-by attack code

Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks.According to a warning from Websense Security Labs, the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site.

May 31, 2009 by in Security

Dangerous Microsoft DirectX vulnerability under attack

Dangerous Microsoft DirectX vulnerability under attack

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click "fix it" feature to enable the mitigations.

May 28, 2009 by in Enterprise Software

Twitter API ripe for abuse by web worms

Twitter API ripe for abuse by web worms

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it's much easier to misuse the Twitter API as a "weak link" to send worms squirming through Twitter.

May 26, 2009 by in Security

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Borrowing a few pages from Microsoft's playbook, Adobe today announced plans for a quarterly Patch Day for its Reader/Acrobat product lines and new initiatives to beef up its code hardening and security response processes.Starting this summer, Adobe Reader and Acrobat security patches will be released on a quarterly schedule and will be timed to coincide with Microsoft's second-Tuesday-of-the month bulletin releases.

May 20, 2009 by in Security

Mac OS X vulnerable to 6-month old Java flaw

Mac OS X vulnerable to 6-month old Java flaw

Attention Mac OS X users:  Turn Java off immediately or you could be at high risk of malicious code execution attacks.Tired of waiting for a patch from Apple for a Java flaw that was fixed upstream six months ago, Mac developer Landon Fuller (of Month of Apple Bugs/Fixes fame) has released a proof of concept exploit to demonstrate the severity of the issue.

May 20, 2009 by in Enterprise Software

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

It took only a week for the researchers at SourceSec to find a flaw in the CAPTCHA implementation of D-Link's recently introduced CAPTCHA in its routers, originally aimed to prevent DNS changing malware from automatically achieving its objective.According to SourceSec, the flawed implementation allows an attacker/malware to retrieve the router's WPA passphrase with user-level access only, and without even a properly solved CAPTCHA.

May 19, 2009 by in Security

Study: password resetting 'security questions' easily guessed

Study: password resetting 'security questions' easily guessed

How secret are in fact the 'secret questions' used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled "It's no secret: Measuring the security and reliability of authentication via 'secret' questions" according to which 17% of the study's participants were not only able to answer the 'secret questions' of strangers, but also, that the most popular questions were in fact the easiest ones to answer.

May 18, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories