Zack Whittaker

Zack Whittaker is a security writer-editor for ZDNet. He can be found on sister sites CNET and CBS News. He is based in the New York newsroom. You can send him secure email with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Google downplays Chrome's carpet-bombing flaw

Google downplays Chrome's carpet-bombing flaw

In a recent Q&A with Google's Brian Rakowski, Philipp Lenssen asked him a question in regard to Chrome's carpet-bombing flaw. Not surprising, considering that Apple refused to admit Safari's carpet-bombing flaw at the first place, Google is too, downplaying it  :"Lenssen: There are ways to make Chrome automatically download a file without the user confirming this (at least using Chrome’s default options).

September 16, 2008 by in Enterprise Software

Apple mega-patch covers 34 Mac OS X security issues

Apple mega-patch covers 34 Mac OS X security issues

Apple has shipped another mega-update to address security vulnerabilities affecting Mac OS X users, warning that the most serious issues could lead to arbitrary code execution attacks.The update, available for Tiger and Leopard, addresses a total of 34 documented vulnerabilities, some in third-party components like ClamAV, BIND, OpenSSH and Ruby.

September 15, 2008 by in Apple

Facebook introducing new security warning feature

Facebook introducing new security warning feature

With Facebook persistently under attacks from phishers and malware authors, looking for creative ways to efficiently exploit its users base, Facebook's security team has silently introduced a new "security warning feature" alerting its users on the potential maliciousness of the third-party site they are about to visit. Is the newly introduced featured a PR move, and how applicable is this approach during an ongoing attack?

September 15, 2008 by in Social Enterprise

Exploit published for Windows Media Encoder flaw

Exploit published for Windows Media Encoder flaw

If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button.Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation.

September 15, 2008 by in Enterprise Software

Spamming vendor launches managed spamming service

Spamming vendor launches managed spamming service

A spamming vendor known as the SET-X Corporation, has recently launched the distributed SET-X Mail System, a sophisticated managed spamming service available for rent on a monthly basis starting from $2000, promising to achieve "spamming speed" of 5000 to 7000 emails per minute and over 1 million spam messages per day, courtesy of the 5000 bots it comes preloaded with.

September 13, 2008 by in Security

Browser Wars 2.0: Firefox scrambles to add 'private mode' browsing

Browser Wars 2.0: Firefox scrambles to add 'private mode' browsing

At Black Hat last month, when I spoke to Mozilla security chief Window Snyder, she made it clear that Private Browsing would not make it into the next revision of Firefox.Today, the open-source group all but announced that the privacy feature, which puts the browser into a temporary state where no information about the user's browsing session is stored locally, will definitely make it into Firefox 3.

September 12, 2008 by in Enterprise Software

Secunia launches pay-as-you-go exploit shop

Secunia launches pay-as-you-go exploit shop

Danish security research firm Secunia has launched a pay-as-you-go vulnerability analysis service aimed at providing technical details, exploits and proof-of-concept code to security software vendors.The new Binary Analysis Service is billed as a one-stop-shop for indepth analysis of the "worst and most interesting vulnerabilities" affecting widely deployed software products.

September 11, 2008 by in Security

Google closes hole in Single Sign-On service

Google closes hole in Single Sign-On service

Google has fixed an implementation flaw in the single sign-on service that powers Google Apps follow a warning from researchers that remote attackers can exploit a hole to access Google accounts.The vulnerability, described in this white paper (.

September 10, 2008 by in Google

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories