Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Latest Posts

Google Chrome vulnerable to data theft flaw

Google Chrome vulnerable to data theft flaw

Google has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.

November 12, 2008 by in Security

$10k hacking contest announced

$10k hacking contest announced

Israeli software developer Gizmox is challenging hackers to try hacking into the company's Visual WebGui Platform, by offering a $10,000 incentive to those who manage to achieve the objectives of their contest launched at the beginning of the month. What's particularly interesting about the contest is the fact that the company is running the contest as an investigation into the identity of their secret agent, the data for whom resides on their unhackable platform.

November 12, 2008 by in Security

Google fixes critical XSS vulnerability

Google fixes critical XSS vulnerability

All your accounting data are not belong to us. Hours after a proof of concept example detailing a XSS vulnerability at Google's account login page was posted at the XSS Project's clearing house, the company quickly took notice and fixed it.

November 12, 2008 by in Security

Spam rates massively down on shutdown of rogue ISP

Spam rates massively down on shutdown of rogue ISP

Several major news outlets are reporting that the shutdown of a rogue ISP in the Bay Area has lead to a massive drop in the global amount of spam. While this is "good thing", this event is not an end of spam, nor is it even the beginning of the end of spam; it is merely a temporary lull.

November 12, 2008 by in Security

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

One of the code execution vulnerabilities fixed in this month's Microsoft Patch Tuesday release dates back to 2001 when it was first disclosed by Cult of the Dead Cow hacker Sir Dystic (pictured left).If that wasn't cause for worry, get this:  An exploit for the bug -- in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials -- has been part of the Metasploit hacking tool since July 2007.

November 12, 2008 by in Security

MS Patch Tuesday: Critical Windows, Office flaws fixed

MS Patch Tuesday: Critical Windows, Office flaws fixed

Microsoft's scheduled batch of patches for November crossed the wires today with fixes for at least four documented vulnerabilities affecting millions of Windows and Office users.As previously reported, the company released two security bulletins -- one rated critical, one rated important -- with fixes for flaws that could lead to remote code execution attacks.

November 11, 2008 by in Enterprise Software

BBC hit by a DDoS attack

BBC hit by a DDoS attack

The British Broadcasting Corporation (bbc.co.uk) was hit by a DDoS attack on Thursday, according to a statement sent to the Inquirer :"In a statement to the INQ, the BBC said the attack originated in a number of different countries but didn't specify which.

November 11, 2008 by in Security

AVG and Rising signatures update detects Windows files as malware

AVG and Rising signatures update detects Windows files as malware

Yesterday, a signatures update pushed by AVG falsely labeled a critical Windows file as a banker malware, prompting the company to quickly fix the issue and issue a workaround, following end users complaints at its support forums.AVG's false positive causing downtime for Windows users is happening a week after Rising antivirus apologized to its customers for falsely detecting Outlook Express as malware leading to loss of emails, and yes, productivity too.

November 11, 2008 by in Security

'Memoryze' utility pinpoints malware code in live memory

'Memoryze' utility pinpoints malware code in live memory

Jamie Butler, a Windows internals expert who co-wrote the definitive book on rootkits, has created a free forensics tool capable of finding malicious code in live memory.The utility, called Mandiant Memoryze, was released at this year's Hack in the Box conference in Kuala Lumpur, Malaysia.

November 10, 2008 by in Hardware

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories