Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Phishing without bait: The in-session password theft attack

Phishing without bait: The in-session password theft attack

Skilled identity thieves can pilfer user names, passwords and other sensitive data for banking sites without using e-mail lures and other other social engineering tactics.According to a security advisory from Trusteer, hackers can launch what is described as "in-session phishing attacks" using pop-up messages during an active browser session.

January 16, 2009 by in Developer

Malware author greets Microsoft's Windows Defender team

Malware author greets Microsoft's Windows Defender team

A Russian malware author with involvement in the Zlob malware family, one of the most prolific malware families in 2008 thanks to its successful mimicking of video codecs, has left a message for the Windows Defender team inside a sample analyzed by French researchers. The message is a follow-up to a previous note left in October, and is basically greeting Microsoft in respect to their improving detection rates for this malware family.

January 14, 2009 by in Security

RIM warns of BlackBerry PDF processing vulnerabilities

RIM warns of BlackBerry PDF processing vulnerabilities

Hackers can use booby-trapped PDF attachments sent to BlackBerry devices to launch malicious code execution attacks, according to warnings issued by Research in Motion (RIM).The company shipped patches this week to address a pair of critical vulnerabilities affecting its enterprise product line.

January 13, 2009 by in Hardware

AVG snaps up Sana Security

AVG snaps up Sana Security

One of the last stand-alone host-based intrusion detection product vendors has been picked up by an anti-virus firm.The Redwood City-based HIPS vendor Sana Security has been acquired by the popular AV vendor AVG for an undisclosed sum.

January 13, 2009 by in Networking

Oracle drops critical database server patch bundle

Oracle drops critical database server patch bundle

Oracle has dropped the first quarterly critical patch update for 2009 -- with patches for 41 vulnerabilities in a wide range of database server products.The January 2009 CPU includes 20 new security fixes for the company's flagship database product lines, 4 new security fixes for the Oracle Application Server, 9 vulnerabilities in Oracle Secure Backup, 4 new security fixes for the Oracle Applications Suite, and 6 new security fixes for the PeopleSoft and JDEdwards Suite.

January 13, 2009 by in Enterprise Software

MS Patch Tuesday: 3 critical SMB vulnerabilities

MS Patch Tuesday: 3 critical SMB vulnerabilities

Microsoft today shipped a solitary bulletin with patches for at least three documented security flaws in the Microsoft Server Message Block (SMB) Protocol.The three vulnerabilities, rated "critical" on Windows 2000, Windows XP and Windows Server 2003, exposes Windows users to remote code execution attacks, Microsoft said in its MS09-001 bulletin.

January 13, 2009 by in Enterprise Software

Phishers as street-level drug dealers

Phishers as street-level drug dealers

The Microsoft report on the profitability of phishing and its associated economic constraints is reminiscent of another illegal enterprise: street-level drug dealing.Microsoft released a report stating that phishing is no where near as profitable as commonly believed.

January 11, 2009 by in Security

Oracle planning Patch Tuesday whopper

Oracle planning Patch Tuesday whopper

Microsoft may be offering a Patch Tuesday respite this month but, if you're an Oracle database administrator, January 13 will be a very busy day.The database server giant announced plans for a monster Patch Day next Tuesday with fixes for 41 security vulnerabilities in "across hundreds of  Oracle products.

January 9, 2009 by in Data Centers

Microsoft study debunks phishing profitability

Microsoft study debunks phishing profitability

Do phishers actually make money, or is phishing an unprofitable business, scammers lose time and resources into? Taking the economic approach of generalizing how much money phishers make, a recently released study by Microsoft researchers Cormac Herley and Dinei Florencio (A Profitless Endeavor: Phishing as Tragedy of the Commons), states that phishing isn't as profitable as originally thought.

January 8, 2009 by in Security

Microsoft planning quiet Patch Tuesday (1 critical)

Microsoft planning quiet Patch Tuesday (1 critical)

Microsoft plans to ship a solitary security bulletin next Tuesday with fixes for a serious security problem in its flagship Windows operating system.The bulletin will carry a "critical" rating, which means that exploitation of the vulnerability could allow the propagation of an Internet worm without user action.

January 8, 2009 by in Windows

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories