Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Latest Posts

Ex-botnet master hired by TelstraClear

Ex-botnet master hired by TelstraClear

Remember Owen Thor Walker (AKILL) that got busted in the FBI's "Bot Roast" investigation for operating a 1.3 million hosts botnet in 2007, and even once considered to be offered a job as a cybercrime fighter by detectives impressed by his (mediocre) botnet management skills?

March 23, 2009 by in Government : US

Stealthy router-based botnet worm squirming

Stealthy router-based botnet worm squirming

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm targeting routers and DSL modems.The worm, called "psyb0t," has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem (above) and launching denial-of-service attacks on some Web sites.

March 23, 2009 by in Security

BBC: Botnet purchase experiment was in 'public interest'

BBC: Botnet purchase experiment was in 'public interest'

The British Broadcasting Corporation (BBC) is defending its decision to purchase and experiment with a powerful botnet as a public service to expose the inner workings of the underground malware economy.The controversial move, which has been widely criticized, included posing as a customer to buy a piece of software that gave the BBC control of thousands of infected computers around the world.

March 22, 2009 by in Security

Questions for Pwn2Own hacker Charlie Miller

Questions for Pwn2Own hacker Charlie Miller

VANCOUVER, BC -- At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability.We discuss the state of Web browser security, the vulnerability marketplace and the need for anti-exploit mitigations on modern operating systems.

March 19, 2009 by in Enterprise Software

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari

VANCOUVER, BC -- It took a while longer but Microsoft's Internet Explorer 8 did not survive the hacker onslaught at this year's CanSecWest Pwn2Own contest.[ ALSO SEE: Pwn2Own 2009: Safari/MacBook falls in seconds ]A security researcher named "Nils" (he declined to provide his full name) performed a clean drive-by download attack against the world's most widely used browser to take full control of a Sony Vaio machine running Windows 7.

March 18, 2009 by in Enterprise Software

CanSecWest: Caution, community at play

CanSecWest: Caution, community at play

Guest editorial by Sarah BlankinshipCanSecWest, in beautiful Vancouver BC, is one of my favorite conferences each year. It’s a cozy little security con that brings together security researchers from all parts of the security ecosystem.

March 18, 2009 by in Security

Comcast responds to passwords leak on Scribd

Comcast responds to passwords leak on Scribd

Comcast has responded to the recently found list of passwords hosted at the popular social publishing site Scribd. Originally claimed to be a list consisting of 8000 passwords for Comcast customers, the company now states that not only are 4000 of the passwords duplicates, but also, that only 700 of them belong to active Comcast customers.

March 17, 2009 by in Security

One-year-old (unpatched) Windows 'token kidnapping' under attack

One-year-old (unpatched) Windows 'token kidnapping' under attack

Exactly one year after a security researcher notified Microsoft of a serious security vulnerability affecting all supporting version of Windows (including Vista and Windows Server 2008), the issue remains unpatched and now comes word that there are in-the-wild exploits circulating.The vulnerability, called token kidnapping (.

March 16, 2009 by in Microsoft

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories