Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cybersecurity, national security, policy and privacy. He is based out of the New York newsroom, and can also be found on sister sites CNET and CBS News. You can contact him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Apple security not ready for enterprise prime-time

Apple security not ready for enterprise prime-time

Guest editorial by Andrew StormsLast week Apple proved that they are not ready for prime time enterprise relationships.Apple has tried to position the iPhone as enterprise-ready, but this last round of software updates demonstrated beyond a shadow of a doubt how far they have to go to understand the enterprise mentality.

September 19, 2008 by in Apple

Attacker: Hacking Sarah Palin's email was easy

Attacker: Hacking Sarah Palin's email was easy

A college student identified as Rubico has claimed responsibility for hacking into Sarah Palin's personal email, and provided a detailed 1st person account of how he hacked into the email account using the password "popcorn" which he managed to reset by successfully answering her security question “Where did you meet your spouse?

September 18, 2008 by in Social Enterprise

Norwegian BitTorrent tracker under DDoS attack

Norwegian BitTorrent tracker under DDoS attack

Norway's largest BitTorrent tracker Norbits (norbits.net) with approximately 10,000 users, is currently under a DDoS attack launched from a group known as MORRADi, which is also speculating that it has managed to compromise the tracker and is threatening to release personal details of its users including IPs, until the tracker is closed :"In an NFO file obtained by IT-Avisen, a group called MORRADi takes responsibility for the attack on Norbits.

September 18, 2008 by in Legal

Webmail and traditional e-mail face different threats

Webmail and traditional e-mail face different threats

This week's attack on Sarah Palin's e-mail account highlights how the same application could have very different threat models depending on the technology used. While this is a general issue for all Software-as-a-Service offerings versus traditional desktop packages, let's focus on just e-mail for now.

September 18, 2008 by in CXO

DarkMarket ID theft message board shuts down

DarkMarket ID theft message board shuts down

DarkMarket, an infamous underground message board that provides a haven for identity thieves to buy, trade and sell stolen data, plans to shut down operations.According to Threat Level's Kevin Poulsen, the three-year-old forum will go dark on October 4.

September 18, 2008 by in Security

The most "dangerous" celebrities to search for in 2008

The most "dangerous" celebrities to search for in 2008

Searching for details regarding the latest celebrity gossip may expose you to everything the IT underground has to offer - from adware and spyware to misleading offers and fake newsletters enticing you to opt-in into a spammer's campaign. McAfee owned SiteAdvisor has recently released the 2008 list of the celebrity names that are most actively abused by malicious attackers in order to attract legitimate traffic to their malicious sites.

September 17, 2008 by in Security

Targeted malware attack against U.S schools intercepted

Targeted malware attack against U.S schools intercepted

Timing is everything, and from a cybercriminal's perspective, a new school year means segmenting their email databases to launch a targeted attack welcoming everyone back online. According to MessageLabs Intelligence :"Starting in early September, MessageLabs intercepted a targeted, email-borne malware attack on US schools and government organizations, a majority of which are located in New Mexico, Virginia, Illinois and Hawaii.

September 17, 2008 by in Security

Google downplays Chrome's carpet-bombing flaw

Google downplays Chrome's carpet-bombing flaw

In a recent Q&A with Google's Brian Rakowski, Philipp Lenssen asked him a question in regard to Chrome's carpet-bombing flaw. Not surprising, considering that Apple refused to admit Safari's carpet-bombing flaw at the first place, Google is too, downplaying it  :"Lenssen: There are ways to make Chrome automatically download a file without the user confirming this (at least using Chrome’s default options).

September 16, 2008 by in Enterprise Software

Apple mega-patch covers 34 Mac OS X security issues

Apple mega-patch covers 34 Mac OS X security issues

Apple has shipped another mega-update to address security vulnerabilities affecting Mac OS X users, warning that the most serious issues could lead to arbitrary code execution attacks.The update, available for Tiger and Leopard, addresses a total of 34 documented vulnerabilities, some in third-party components like ClamAV, BIND, OpenSSH and Ruby.

September 15, 2008 by in Apple

Facebook introducing new security warning feature

Facebook introducing new security warning feature

With Facebook persistently under attacks from phishers and malware authors, looking for creative ways to efficiently exploit its users base, Facebook's security team has silently introduced a new "security warning feature" alerting its users on the potential maliciousness of the third-party site they are about to visit. Is the newly introduced featured a PR move, and how applicable is this approach during an ongoing attack?

September 15, 2008 by in Social Enterprise

Exploit published for Windows Media Encoder flaw

Exploit published for Windows Media Encoder flaw

If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button.Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation.

September 15, 2008 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories