Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

URL rewriting can help thwart Web app attacks

URL rewriting can help thwart Web app attacks

A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks.According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting as a technique to ward off hackers looking to exploit Web app vulnerabilities.

February 27, 2009 by in Collaboration

Microsoft takes aim at Vista 'SoftMod' hack

Microsoft takes aim at Vista 'SoftMod' hack

Starting this week, Microsoft will ship an update to Windows Vista Ultimate users to ferret out cracked copies of its most expensive and feature-packed operating system.The renewed anti-piracy campaign is aimed directly at the activation exploit known as the "SoftMod hack," according to a post on Microsoft's WGA blog.

February 26, 2009 by in Microsoft

Research: 76% of phishing sites hosted on compromised servers

Research: 76% of phishing sites hosted on compromised servers

In a newly released paper entitled "Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing" Tyler Moore and Richard Clayton provide empirical evidence according to which 75.8% of the phishing sites that they've analyzed (2486 sites) were hosted on compromised web servers to which the phishers obtained access through Google hacking techniques (search engine reconnaissance).

February 25, 2009 by in Security

Microsoft 'Fix it' automates fixing Windows problems

Microsoft 'Fix it' automates fixing Windows problems

I'm a little bit late with this but it's such a useful move by Microsoft, I figured I'd point it out for Zero Day readers.Microsoft has been adding a nifty one-click "fix it" utility to its Knowledge Base (KB) articles to help end users solve Windows problems without having to navigate through the maze of instructions.

February 25, 2009 by in Enterprise Software

Google wants to buy Native Client security flaws

Google wants to buy Native Client security flaws

Google is (indirectly) buying security vulnerabilities from white hat hackers.Under the guise of a Native Client Security Contest, the search engine firm is offering big cash prizes to hackers who find bugs and other security flaws in the open-source research technology for running x86 native code in Web applications.

February 25, 2009 by in Security

Adobe swings and misses as PDF abuse worsens

Adobe swings and misses as PDF abuse worsens

After more than two weeks (months?) of inexplicable silence on mitigations for a known code execution vulnerability in its Reader and Acrobat product lines, Adobe has finally posted public information on the problem but the company's response falls well short of providing definitive mitigation guidance for end users.

February 25, 2009 by in Developer

ID thieves go phishing for GTalk, GMail passwords

ID thieves go phishing for GTalk, GMail passwords

If you use Google's GMail or GTalk services, pay special attention to random e-mails or instant messages requesting your login credentials.There is a major spam run underway with a phishing scam using social engineering techniques to snag Google Account usernames and passwords and, according to multiple reports, the attack appears to be very effective.

February 24, 2009 by in Collaboration

Apple catches up on Safari (browser) security

Apple catches up on Safari (browser) security

After years of lagging behind on important security features, Apple has finally added a malware-blocker, a phishing filter and support for EV (extended validation) certificates into the latest refresh of its Safari Web browser.The malware roadblock headlines a list of Safari 4 security features that also includes cookie blocking, private browsing, secure encryption, safe downloads and parental controls.

February 24, 2009 by in Security

Unofficial 'patch' for Adobe Reader, Acrobat zero-day

Unofficial 'patch' for Adobe Reader, Acrobat zero-day

In response to in-the-wild zero-day attacks targeting critical flaws in Adobe's Reader/Acrobat products, a respected security researcher is offering up a home-brewed (unofficial) patch for Windows users.The buyer-beware patch -- which is simply a replacement for the vulnerable AcroRd32.

February 24, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories