Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Firefox joins security patch day treadmill

Firefox joins security patch day treadmill

Mozilla is joining Microsoft and Opera on the browser patching treadmill.The open-source group has rolled out the final security fix for the Firefox 2 branch and a new version of Firefox 3 to plug about a dozen security holes that could lead to remote code execution attacks, browser crashes and information disclosure issues.

December 16, 2008 by in Security

As attacks escalate, MS readies emergency IE patch

As attacks escalate, MS readies emergency IE patch

Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability.[ SEE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks ]The out-of-band update, which will be rated critical, follows the public discovery of password-stealing Trojans exploiting the bug on Chinese-language Web sites.

December 16, 2008 by in Windows

Google sponsored links spreading (scareware) rogue AV

Google sponsored links spreading (scareware) rogue AV

Malware hunters at Websense Security Labs have discovered legitimate Google sponsored links being used to plant scareware programs (rogue anti-virus applications) on the computers of Windows users.In a blow-by-blow description of the rogueware attack, Websense researcher Elad Sharf shows how an innocent Google search for the Winrar file archiver and data compression utility can lead to a fake C|Net downloads.

December 16, 2008 by in Security

Talkback Tuesday: Apple's AV non-announcement

Talkback Tuesday: Apple's AV non-announcement

I was traveling the eastern seaboard all of last week, visiting family, friends, and old work colleagues in Philadelphia, New York, and Boston, so I didn't have much opportunity to provide feedback to what had become the most heavily discussed blog post I have yet generated.Two weeks ago, people got all hot and bothered because Apple appeared to have posted and retracted a recommendation that people run anti-virus software on their Mac.

December 15, 2008 by in Apple

Apple plugs 21 Mac OS X security holes

Apple plugs 21 Mac OS X security holes

Apple has released a peck of patches to cover at least 21 documented security vulnerabilities affecting Mac OS X users.With its eighth security update for 2008, the company shipped fixes for flaws that could lead to remote code execution and denial-of-service attacks .

December 15, 2008 by in Enterprise Software

Major Web browsers fail password protection tests

Major Web browsers fail password protection tests

That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.That's the biggest takeaway from the results of this test which shows that all the major Web browsers -- including IE, Firefox, Opera, Safari and Chrome -- are vulnerable to a total of 20 vulnerabilities that could expose password-related information.

December 15, 2008 by in Enterprise Software

Four XSS flaws hit Facebook

Four XSS flaws hit Facebook

Project XSSed, the clearing house for cross site scripting flaws has just released details on four flaws affecting Facebook's developers page, iPhone login page and the new users registration page, potentially assisting malicious attackers into adding more legitimacy to their campaigns.

December 15, 2008 by in Social Enterprise

Firefox tops list of 12 most vulnerable apps

Firefox tops list of 12 most vulnerable apps

Mozilla's flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform.According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008.

December 15, 2008 by in Enterprise Software

IE zero-day attack surface expands

IE zero-day attack surface expands

The attack surface for password-stealing Trojans currently targeting an unpatched flaw in Microsoft's Internet Explorer has expanded to include all versions of the browser, including the newest IE 8 Beta 2.Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE 7 and to spread the word about additional workarounds that can help limit the damage from actual attacks.

December 12, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories