Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cybersecurity, national security, policy and privacy. He is based out of the New York newsroom, and can also be found on sister sites CNET and CBS News. You can contact him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Adobe: Beware of fake Flash downloads

Adobe: Beware of fake Flash downloads

Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.The company's notice comes on the heels of malware attacks on Facebook, MySpace and Twitter that attempt to trick Windows users into installing a Flash Player update that turns out to be a malicious executable.

August 4, 2008 by in Windows

Twitter being used to distribute malware

Twitter being used to distribute malware

Last week, when I wrote about Aviv Raff's auto follow-me vulnerability on Twitter, I warned that it was only a matter of time before we see nasty social engineering (malware) attacks on the popular microblogging service.Well, it's here.

August 4, 2008 by in Security

Purewire raises funding, adds Noonan to board

Purewire raises funding, adds Noonan to board

Purewire, a security start-up competing in the software-as-a-service (Saas) market, has banked $2 million in friends-and-family funding and added industry veteran Tom Noonan to its board of directors.The latest funding round, which was led by Imlay Investments, Inc.

August 4, 2008 by in Cloud

On GIFARs

On GIFARs

Ever since Rob McMillan of IDG published a story giving a preview of our coming Black Hat talk, specifically a preview of the portion of our talk related to GIFARs, media coverage of the research has swirled a bit out of control and there's been some misconceptions.  My co-presenter John Heasman has a write-up on GIFARs that explains this all just a bit more.

August 2, 2008 by in Security

Rise of the 'legit' malware sites

Rise of the 'legit' malware sites

About 75 percent of all Web sites serving up malicious code are legitimate sites that have been hacked/compromised, according to a new report from WebSense.This number validates statistics from ScanSafe showing a dramatic rise in 'good' sites being being used as a conduit for drive-by malware downloads and other social engineering attacks.

August 1, 2008 by in Security

The empty debate over open source security

The empty debate over open source security

Guest editorial by Roger ThorntonLast week, Fortify published a study on adoption of security best-practices within the Open Source community. Given mounting risk posed by extensive use of Open Source technologies within business and government IT, we were gratified to see the passionate discussions that followed.

July 31, 2008 by in Open Source

Black Hat Sneak Preview

Black Hat Sneak Preview

Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined the GIFAR attack.

July 31, 2008 by in Enterprise Software

Black Hat talk on Apple encryption flaw pulled

Black Hat talk on Apple encryption flaw pulled

Brian Krebs from the Washington Post "Security Fix" Blog reported that one of the talks slated for next week's Black Hat convention on a previously undiscovered flaw in Apple's FileVault encryption system has been canceled, the researcher citing confidentiality agreements as the reason he will not be speaking.The article states:Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac.

July 31, 2008 by in Security

Web worms squirm through Facebook, MySpace

Web worms squirm through Facebook, MySpace

My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.

July 31, 2008 by in Collaboration

CSRF vulnerability allows Twitter 'follow' abuse

CSRF vulnerability allows Twitter 'follow' abuse

Last week, TechCrunch's Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called "johng77536" to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.The "johng77536" account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new vulnerability that lets users easily game the "follow" system.

July 31, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories