id="info"

Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cybersecurity, national security, policy and privacy. He is based out of the New York newsroom, and can also be found on sister sites CNET and CBS News. You can contact him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Speculation over possible Skype backdoor

Speculation over possible Skype backdoor

There's growing speculation coming out of Europe that there's a backdoor in Skype that allows remote eavesdropping of telephone conversations.A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior ministry claims "it is not a problem for them to listen in on Skype conversations.

July 24, 2008 by in Telcos

Apple looking to hire iPhone hacker

Apple looking to hire iPhone hacker

Apple is in the market for someone capable of hacking into the iPhone.According to this job listing, the company is looking for an iPhone Security Engineer capable of, among other things, developing "proof of concept" attacks on the device's current security mechanisms.

July 24, 2008 by in Security

|)ruid and HD Moore release part 2 of DNS exploit

|)ruid and HD Moore release part 2 of DNS exploit

[Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.]Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan Kaminsky.

July 23, 2008 by in Networking

Attack code published for DNS flaw

Attack code published for DNS flaw

The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches.Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool.

July 23, 2008 by in Security

'Spam King' escapes from federal prison

'Spam King' escapes from federal prison

[ UPDATE:  Davidson was found dead, involved in an apparent murder-suicide that involved his wife and 3-year-old daughter. ] Edward "Eddie" Davidson, a notorious e-mail spammer who was sentenced to jail time in April, has escaped from a federal prison camp in Florence, Colorado.

July 23, 2008 by in Collaboration

iPhone vulnerable to phishing, spamming flaws

iPhone vulnerable to phishing, spamming flaws

Security researcher Aviv Raff (left) has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks.According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which allow attackers to conduct phishing attacks.

July 23, 2008 by in iPhone

McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position

McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position

Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products :"A recent ZDnet blog discusses a large number of vulnerabilities German research team N.

July 22, 2008 by in Security

75% of online banking sites found vulnerable to security design flaws

75% of online banking sites found vulnerable to security design flaws

In a paper entitled "Analyzing Web sites for user-visible security design flaws" to be published at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25, Atul Prakash and two of his doctoral students examined 214 financial institutions in 2006, finding that over 75% of all the sites have at least one security design flaw :"These design flaws aren't bugs that can be fixed with a patch.

July 22, 2008 by in Security

RIM ships fix for BlackBerry code execution bug

RIM ships fix for BlackBerry code execution bug

Just a quick note to update a story I wrote last week on an unpatched remote execution vulnerability affecting BlackBerry business users:Research in Motion (RIM) has finally shipped patches to cover the issue, which affects the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.From the alert:A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service.

July 22, 2008 by in Hardware

A look at the recent Firefox 3 vulnerability

A look at the recent Firefox 3 vulnerability

True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3.  As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed widely through the use of a cross-site scripting attack vector.

July 22, 2008 by in Enterprise Software

E-gold owners plead guilty to money laundering

E-gold owners plead guilty to money laundering

Wow, big morning!  If anyone has seen Nitesh Dhanjani and Billy Rios's talk on phishing and identity theft, which was presented at the last couple Black Hat conferences, and will be on display again at Black Hat Vegas, you know that the identity theft market is a huge problem.

July 22, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories