Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Adobe Flash, Apple Safari fail privacy test

Adobe Flash, Apple Safari fail privacy test

Third party plug-ins like Adobe Flash do a poor job of cleaning traces of your browser sessions, rendering private-browsing features somewhat useless, according to a new study by researcher Katherine McKinley.McKinley, a researcher at iSec Partners, created a tool for testing the functionality of clearing private data after a browser session and browsing in private mode and found that some browsers -- most notably Apple's Safari for Windows -- do a poor job of wiping traces of a browser session.

January 2, 2009 by in Apple

Military contractor "cyber-defense" gold rush begins

Military contractor "cyber-defense" gold rush begins

Sensing a shift in upcoming defense priorities, Lockheed and Boeing are both launching information security product divisions.Bloomberg is reporting that both Lockheed Martin and Boeing are building security product groups to address the military's needs in defending cyberspace.

January 2, 2009 by in Security

MD5/rogue CA attack: The sky is not falling

MD5/rogue CA attack: The sky is not falling

Guest post by John Viega Today there’s been a lot of buzz about the clever new attack on public key infrastructure from Alex Sotirov and a team of researchers.   In the attack, the bad guy ends up with his own Certification Authority (CA) that is fully trusted according to every major browser.

December 30, 2008 by in Security

An easy fix ignored

An easy fix ignored

Guest post by Chris EngIn the wake of this morning's 25C3 presentation by Alex Sotirov and Jacob Appelbaum, most of the coverage I've read so far has focused on the technical details and real-world impact of their findings. Rightly so -- their paper describing the attack is a fascinating read filled with enough gory details to make any security practitioner salivate.

December 30, 2008 by in Security

Microsoft pours cold water on WMP flaw warning

Microsoft pours cold water on WMP flaw warning

Microsoft is pouring cold water on public reports of a serious code execution vulnerability in the newest versions of its Windows Media Player software.Following the release of proof-of-concept code alongside a claim that the bug can be remotely exploitable to launch arbitrary code, a Microsoft spokesman insists this "is not a product vulnerability.

December 29, 2008 by in Hardware

Santa left a virus under the Christmas tree

Santa left a virus under the Christmas tree

Amazon has warned its customers that one of Samsung's digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem.

December 27, 2008 by in Security

Microsoft confirms critical SQL Server vulnerability

Microsoft confirms critical SQL Server vulnerability

Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

December 22, 2008 by in Data Management

PlayStation Home virtual world hacked

PlayStation Home virtual world hacked

Hackers are using a combination of DNS redirection, software vulnerabilities and the open-source Apache Web server to exploit holes in Sony's new PlayStation Home virtual world, according to a Telegraph report.The hack is allowing developers to customize their PlayStation Home experience beyond the options provided by Sony but there's a worrysome component to this platform weakness...

December 22, 2008 by in Hardware

Firefox joins security patch day treadmill

Firefox joins security patch day treadmill

Mozilla is joining Microsoft and Opera on the browser patching treadmill.The open-source group has rolled out the final security fix for the Firefox 2 branch and a new version of Firefox 3 to plug about a dozen security holes that could lead to remote code execution attacks, browser crashes and information disclosure issues.

December 16, 2008 by in Security

As attacks escalate, MS readies emergency IE patch

As attacks escalate, MS readies emergency IE patch

Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability.[ SEE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks ]The out-of-band update, which will be rated critical, follows the public discovery of password-stealing Trojans exploiting the bug on Chinese-language Web sites.

December 16, 2008 by in Windows

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories