Zack Whittaker

Zack Whittaker is a security writer-editor for ZDNet. He can be found on sister sites CNET and CBS News. He is based in the New York newsroom. You can send him secure email with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Secunia: It's not a flaw if it's a feature

Secunia: It's not a flaw if it's a feature

When I reported on the Vocera certificate security bypass flaw, SecurityFocus picked up on it and created Bugtraq ID 27935 to warn their customers about the vulnerability.  I dropped a note to Secunia about the flaw but they seem to believe that a flaw is only a flaw if it was accidental and not an irresponsible design choice.

February 27, 2008 by in Security

Report: Hackers swipe FTP server credentials using SaaS

Report: Hackers swipe FTP server credentials using SaaS

Finjan said it has uncovered a database with more than 8,700 FTP account credentials--user name, password and server address--that allow hackers to compromise security and deliver malware as a service.In a report released Wednesday, Finjan said the list of stolen accounts includes many Fortune 500 type companies.

February 26, 2008 by in Innovation

McAfee: Trojan targets Windows Mobile

McAfee: Trojan targets Windows Mobile

McAfee has unearthed a Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can't be uninstalled and makes itself your home page.According McAfee's Avert Labs blog, the Trojan has been discovered in China.

February 26, 2008 by in Mobile OS

Researcher: Critical vulnerability found in VMware's desktop apps

Researcher: Critical vulnerability found in VMware's desktop apps

Core Security Technologies said Monday that it has discovered vulnerability in VMware's desktop virtualization software that allows an attacker to gain complete control a system and launch executable files on the host operating system.The discovery is notable given that virtualization security is largely uncharted territory.

February 24, 2008 by in Hardware

Cisco confirms vulnerability in 7921 Wi-Fi IP phone

Cisco confirms vulnerability in 7921 Wi-Fi IP phone

Two days after news of the Vocera Wi-Fi VoIP communicator PEAP security bypass vulnerability, I received confirmation from Cisco that their model 7921 Wi-Fi VoIP phone is also vulnerable to the same issue where digital certificates aren't cryptographically verified.  Both Cisco and Vocera have told me that they intend to fix future implementations of PEAP and do the necessary steps to ensure certificate authenticity.

February 22, 2008 by in Cisco

Microsoft: 'We try to reproduce every vulnerability that comes in'

Microsoft: 'We try to reproduce every vulnerability that comes in'

Microsoft outlined what it does with incoming vulnerability research, how it designates flaws and playing the cloak-and-dagger game with hackers.In a Q&A with Ryan Naraine, Jonathan Ness, the lead software engineer on Microsoft's SWI Defense team, addressed a big emerging issue between the software giant and security researchers: Who has the onus to reproduce the flaw?

February 19, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories