Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Bogus LinkedIn profiles serving malware

Bogus LinkedIn profiles serving malware

A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works.

January 6, 2009 by in Security

Thousands of Israeli web sites under attack

Thousands of Israeli web sites under attack

In the wake of the escalating conflict between Israel and Hamas, it didn't take long before pro-Hamas supporters organized themselves and started to defacing thousands of pro-Israeli web sites in order to use them as vehicles for propaganda -- Israel is meanwhile hijacking TV signals.

January 6, 2009 by in Security

Twitter phishing... inside Twitter

Twitter phishing... inside Twitter

Over the weekend I received a handful of reports of individuals using Direct Messages inside of Twitter to phish for Twitter accounts and passwords.A cluster of compromised Twitter accounts are sending out person-to-person phishing messages inside the Twitter network.

January 4, 2009 by in Security

Adobe Flash, Apple Safari fail privacy test

Adobe Flash, Apple Safari fail privacy test

Third party plug-ins like Adobe Flash do a poor job of cleaning traces of your browser sessions, rendering private-browsing features somewhat useless, according to a new study by researcher Katherine McKinley.McKinley, a researcher at iSec Partners, created a tool for testing the functionality of clearing private data after a browser session and browsing in private mode and found that some browsers -- most notably Apple's Safari for Windows -- do a poor job of wiping traces of a browser session.

January 2, 2009 by in Apple

Military contractor "cyber-defense" gold rush begins

Military contractor "cyber-defense" gold rush begins

Sensing a shift in upcoming defense priorities, Lockheed and Boeing are both launching information security product divisions.Bloomberg is reporting that both Lockheed Martin and Boeing are building security product groups to address the military's needs in defending cyberspace.

January 2, 2009 by in Security

MD5/rogue CA attack: The sky is not falling

MD5/rogue CA attack: The sky is not falling

Guest post by John Viega Today there’s been a lot of buzz about the clever new attack on public key infrastructure from Alex Sotirov and a team of researchers.   In the attack, the bad guy ends up with his own Certification Authority (CA) that is fully trusted according to every major browser.

December 30, 2008 by in Security

An easy fix ignored

An easy fix ignored

Guest post by Chris EngIn the wake of this morning's 25C3 presentation by Alex Sotirov and Jacob Appelbaum, most of the coverage I've read so far has focused on the technical details and real-world impact of their findings. Rightly so -- their paper describing the attack is a fascinating read filled with enough gory details to make any security practitioner salivate.

December 30, 2008 by in Security

Microsoft pours cold water on WMP flaw warning

Microsoft pours cold water on WMP flaw warning

Microsoft is pouring cold water on public reports of a serious code execution vulnerability in the newest versions of its Windows Media Player software.Following the release of proof-of-concept code alongside a claim that the bug can be remotely exploitable to launch arbitrary code, a Microsoft spokesman insists this "is not a product vulnerability.

December 29, 2008 by in Hardware

Santa left a virus under the Christmas tree

Santa left a virus under the Christmas tree

Amazon has warned its customers that one of Samsung's digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem.

December 27, 2008 by in Security

Microsoft confirms critical SQL Server vulnerability

Microsoft confirms critical SQL Server vulnerability

Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

December 22, 2008 by in Data Management

PlayStation Home virtual world hacked

PlayStation Home virtual world hacked

Hackers are using a combination of DNS redirection, software vulnerabilities and the open-source Apache Web server to exploit holes in Sony's new PlayStation Home virtual world, according to a Telegraph report.The hack is allowing developers to customize their PlayStation Home experience beyond the options provided by Sony but there's a worrysome component to this platform weakness...

December 22, 2008 by in Hardware

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories