Zack Whittaker

Zack Whittaker is a security writer-editor for ZDNet. He can be found on sister sites CNET and CBS News. He is based in the New York newsroom. You can send him secure email with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

No security software, no E-banking fraud claims for you

No security software, no E-banking fraud claims for you

Rational, but unrealistic in today's threatscape. According to the Times :"Customers using their credit or debit cards online have been advised that high street banks are likely to become increasingly reluctant to help victims of internet fraud as new rules added to the Banking Code signal less willingness to cover losses.

May 20, 2008 by in Banking

McAfee partner isn't McAfee secure

McAfee partner isn't McAfee secure

I was over reading Russ McRee's blog today, and I've got to say, if McAfee's HackerSafe (or whatever they're calling it now) doesn't die off soon, then he'll be able to write a novel about their trials and tribulations.Apparently, McAfee authorized distributor Winferno.

May 20, 2008 by in Security

What is the U.S. doing about security?  Part 2.

What is the U.S. doing about security? Part 2.

Wow that was quick.  No sooner did I get done posting my last article and I see on Wired the following story:Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys — and that information turns out to be not very sensitive after all.

May 20, 2008 by in Telcos

Over 1.5 million pages affected by the recent SQL injection attacks

Over 1.5 million pages affected by the recent SQL injection attacks

In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all the malicious domains used in the continuing efforts by copycats to inject as many legitimate sites as possible. Currently counting over fifty malicious domains, and the corresponding number of affected pages by them, the total number is just over 1.

May 20, 2008 by in Security

False alarm!

False alarm!

Update 05/20/08: Sorry ladies and gents, I have to retract my previous entry.  I had mentioned that 24 flaws were patched for Mozilla today, but what I didn't realize was that the announcement was specific to gentoo emerge packages and that this was actually fixed sometime ago.

May 20, 2008 by in Open Source

Secunia finds 'highly critical' Foxit Reader Flaw

Secunia finds 'highly critical' Foxit Reader Flaw

Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.

May 20, 2008 by in CXO

DoS Attacks Using SQL Wildcards Revealed

DoS Attacks Using SQL Wildcards Revealed

Yesterday, Ferruh Mavituna of Portcullis released a whitepaper entitled "DoS Attacks Using SQL Wildcards", with some  insightful comments on how it's possible to multiply the attack tactics discussed to the point where not even a botnet would be needed to successfully accomplish them.Summary of the paper :This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.

May 20, 2008 by in Servers

Are you wary of the insider on the outside?

Are you wary of the insider on the outside?

Whenever the risks from the inside threat are discussed, it's usually about the disgruntled/malicious employee within the firewall abusing permissions to steal data or plant malware in sensitive parts of the network.But, there's an insider on the outside that's often forgotten -- the ex-employee with access to user accounts (and default settings) that remain active after he/she has left the company.

May 20, 2008 by in Security

The Storm Worm would love to infect you

The Storm Worm would love to infect you

The Storm Worm malware is back in the game, with its most recent campaign currently active and trying to entice users into executing iloveyou.exe by spamming them with links to already infected hosts acting as web servers, next to SQL injecting malicious domains into legitimate sites for the campaign to scale faster.

May 19, 2008 by in Security

I'm stepping aside...

I'm stepping aside...

I'm becoming a contributor on Zero Day to let the experts handle our security blog.As you may have noticed, Ryan Naraine has returned to Zero Day creating what I consider a security dream team.

May 19, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories