Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

OpenSSL patches three security holes

OpenSSL patches three security holes

The OpenSSL Project has released new versions of its popular implementation of the SSL v2/v3 and TLS protocols to fix three security vulnerabilities.According to an advisory from the open-source group, the toolkit update fixes three security flaws that carry "moderate severity" ratings.

March 26, 2009 by in Security

Exploit code sends Mozilla scrambling to fix Firefox

Exploit code sends Mozilla scrambling to fix Firefox

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ]Mozilla's security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser.The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits.

March 25, 2009 by in Enterprise Software

Cisco IOS patch day covers multiple vulnerabilities

Cisco IOS patch day covers multiple vulnerabilities

Cisco has shipped a batch of patches to cover multiple vulnerabilities affecting IOS, the software that powers the vast majority of Cisco's routers and switches.In all, the company released 8 separate advisories with warnings for information disclosure, privilege escalation, denial-of-service vulnerabilities.

March 25, 2009 by in Cisco

Foxit PDF Reader being exploited in the wild

Foxit PDF Reader being exploited in the wild

Adobe isn't the only PDF software maker facing in-the-wild malware attacks.Just weeks after the availability of patches for critical security flaws in the popular FoxIt Reader, there is word that malicious hackers are already targeting unpatched versions of the software.

March 25, 2009 by in Security

"No more free bugs"?  There never were any free bugs

"No more free bugs"? There never were any free bugs

Vulnerability researchers have always extracted value out of their work, even before there was a monetary value placed on exploits.Security researchers at last week's CanSecWest conference dramatically announced their new philosophy that software vulnerabilities should no longer be given away.

March 24, 2009 by in Security

Study: IE8's SmartScreen leads in malware protection

Study: IE8's SmartScreen leads in malware protection

A recently released NSS Labs study, claims that Internet Explorer 8 greatly outperforms competing browsers in terms of protecting users against web based malware.According to the study based upon a modest sample of 492 URLs, not only is IE8's SmartScreen Filter achieving a leading position against the rest of the popular browsers, but also, it also outperforms them in terms of the average time it takes to block known and already tested malicious sites.

March 24, 2009 by in Security

Ex-botnet master hired by TelstraClear

Ex-botnet master hired by TelstraClear

Remember Owen Thor Walker (AKILL) that got busted in the FBI's "Bot Roast" investigation for operating a 1.3 million hosts botnet in 2007, and even once considered to be offered a job as a cybercrime fighter by detectives impressed by his (mediocre) botnet management skills?

March 23, 2009 by in Government : US

Stealthy router-based botnet worm squirming

Stealthy router-based botnet worm squirming

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm targeting routers and DSL modems.The worm, called "psyb0t," has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem (above) and launching denial-of-service attacks on some Web sites.

March 23, 2009 by in Security

BBC: Botnet purchase experiment was in 'public interest'

BBC: Botnet purchase experiment was in 'public interest'

The British Broadcasting Corporation (BBC) is defending its decision to purchase and experiment with a powerful botnet as a public service to expose the inner workings of the underground malware economy.The controversial move, which has been widely criticized, included posing as a customer to buy a piece of software that gave the BBC control of thousands of infected computers around the world.

March 22, 2009 by in Security

Questions for Pwn2Own hacker Charlie Miller

Questions for Pwn2Own hacker Charlie Miller

VANCOUVER, BC -- At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability.We discuss the state of Web browser security, the vulnerability marketplace and the need for anti-exploit mitigations on modern operating systems.

March 19, 2009 by in Enterprise Software

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari

VANCOUVER, BC -- It took a while longer but Microsoft's Internet Explorer 8 did not survive the hacker onslaught at this year's CanSecWest Pwn2Own contest.[ ALSO SEE: Pwn2Own 2009: Safari/MacBook falls in seconds ]A security researcher named "Nils" (he declined to provide his full name) performed a clean drive-by download attack against the world's most widely used browser to take full control of a Sony Vaio machine running Windows 7.

March 18, 2009 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories