Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Google's CAPTCHA experiment and the human factor

Google's CAPTCHA experiment and the human factor

Any research is prone to irrelevance if it starts with the wrong research questions, takes the wrong perspective, or in this case, attempts to fight the wrong enemy - automated bots attempting to recognize CAPTCHAs.Researchers at Google recently released a paper detailing a new CAPTCHA system consisting of correct image rotation (Socially Adjusted CAPTCHAs) whose main purpose is to make it easier for humans, and much harder for bots to recognize them.

April 20, 2009 by in Google

iBotnet: Researchers find signs of zombie Macs

iBotnet: Researchers find signs of zombie Macs

Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants -- OSX.

April 16, 2009 by in Enterprise Software

Microsoft tackles patch management metrics with Project Quant

Microsoft tackles patch management metrics with Project Quant

In partnership with security analyst Rich Mogull (right), Microsoft is set to roll out a new research project to help businesses compute the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch.According to this Dennis Fisher report on Threatpost, the initiative is called Project Quant and is aimed at providing a full metrics model that Microsoft will make freely available to end users.

April 15, 2009 by in Microsoft

Oracle drops mega critical patch bundle

Oracle drops mega critical patch bundle

Oracle has released the first Critical Patch Update for 2009 to provide fixes for at least address 43 vulnerabilities across several database server products. The mega update, released on the same day Microsoft released its own security patches, plugs at least 16 holes in the company's flagship Oracle Database server.

April 15, 2009 by in Enterprise Software

Scareware pops-up at FoxNews

Scareware pops-up at FoxNews

There have been numerous reports from affected users that a scareware variant of PersonalAntivirus and ExtraAntivirus has been poping-up at FoxNews.com during the last couple of days, through a malvertising campaign.

April 14, 2009 by in Security

Twitter hit by multiple variants of XSS worm

Twitter hit by multiple variants of XSS worm

During the weekend and early Monday, at least four separate variants of the original StalkDaily.com XSS worm hit the popular micro-blogging site Twitter,  automatically hijacking accounts and advertising the author's web site by posting tweets on behalf of the account holders, by exploiting cross site scripting flaws at the site.

April 13, 2009 by in Security

Patch Tuesday heads-up: 8 bulletins, 5 critical

Patch Tuesday heads-up: 8 bulletins, 5 critical

Microsoft plans to ship 8 security bulletins next Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities affecting Windows, Office and Internet Explorer.According to the company's Patch Tuesday advance notice, five of the bulletins will be rated "critical," meaning they can be exploited by hackers to take complete control of Windows machines.

April 9, 2009 by in Security

Conficker botnet stirs, with a scareware business model

Conficker botnet stirs, with a scareware business model

The Conficker botnet has stirred to life, using its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines.The Conficker update comes a week after a heavily-hyped April 1st activation date and provides the first sign of the motivation behind this malware threat -- financially motivated cybercrime.

April 9, 2009 by in Security

Conficker worm's copycat Neeris spreading over IM

Conficker worm's copycat Neeris spreading over IM

Imitation has always been a form of flattery, and that's particularly true for the cybercrime ecosystem. From the lone Chinese cybercriminals releasing DIY tools for generating malware actively exploiting the MS08-067 flaw, followed by the original Conficker worm, Microsoft's MMPC (Malware Protection Center) is reporting on a currently spreading Conficker copycat detected as Worm:Win32/Neeris.

April 7, 2009 by in Security

Attackers pounce on Microsoft PowerPoint zero-day

Attackers pounce on Microsoft PowerPoint zero-day

Attackers are using rigged PowerPoint files to exploit an unpatched vulnerability in Microsoft's presentation software, according to warning late Thursday from the software maker.In a pre-patch advisory, Microsoft described the attacks as "limited and targeted," the kind of language that suggests it is being used to steal data from corporate or government networks.

April 2, 2009 by in Microsoft

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories