Zack Whittaker

Zack Whittaker is a security writer-editor for ZDNet. He can be found on sister sites CNET and CBS News. He is based in the New York newsroom. You can send him secure email with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Secunia finds 'highly critical' Foxit Reader Flaw

Secunia finds 'highly critical' Foxit Reader Flaw

Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.

May 20, 2008 by in CXO

DoS Attacks Using SQL Wildcards Revealed

DoS Attacks Using SQL Wildcards Revealed

Yesterday, Ferruh Mavituna of Portcullis released a whitepaper entitled "DoS Attacks Using SQL Wildcards", with some  insightful comments on how it's possible to multiply the attack tactics discussed to the point where not even a botnet would be needed to successfully accomplish them.Summary of the paper :This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.

May 20, 2008 by in Servers

Are you wary of the insider on the outside?

Are you wary of the insider on the outside?

Whenever the risks from the inside threat are discussed, it's usually about the disgruntled/malicious employee within the firewall abusing permissions to steal data or plant malware in sensitive parts of the network.But, there's an insider on the outside that's often forgotten -- the ex-employee with access to user accounts (and default settings) that remain active after he/she has left the company.

May 20, 2008 by in Security

The Storm Worm would love to infect you

The Storm Worm would love to infect you

The Storm Worm malware is back in the game, with its most recent campaign currently active and trying to entice users into executing iloveyou.exe by spamming them with links to already infected hosts acting as web servers, next to SQL injecting malicious domains into legitimate sites for the campaign to scale faster.

May 19, 2008 by in Security

I'm stepping aside...

I'm stepping aside...

I'm becoming a contributor on Zero Day to let the experts handle our security blog.As you may have noticed, Ryan Naraine has returned to Zero Day creating what I consider a security dream team.

May 19, 2008 by in Security

Fast-Fluxing SQL injection attacks executed from the Asprox botnet

Fast-Fluxing SQL injection attacks executed from the Asprox botnet

The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling and diversifying its campaigns from fake Windows updates, to fake Yahoo ecards, as well as executable news items.

May 18, 2008 by in Security

Redmond Magazine Successfully SQL Injected by Chinese Hacktivists

Redmond Magazine Successfully SQL Injected by Chinese Hacktivists

Irony at its best. It appears that Redmond - The Independent Voice of the Microsoft IT Community, formerly known as Microsoft Certified Professional Magazine is currently flagged as a badware site, and third-party exploit detection tools are also detecting internal pages as exploit hosting ones, in this particular case Mal/Badsrc-A.

May 16, 2008 by in Security

DIY phishing kits introducing new features

DIY phishing kits introducing new features

What are some of the main factors for the increase of phishing attacks, and their maturity from passive emails to blended threats attempting to not just steal personal information, but also infect with malware by embedding client-side vulnerabilities at the pages? It's all a matter of perspective, which in this post will emphasize on the continuing efforts on behalf of phishers to innovate, and introduce new features within the most recently obtained do-it-yourself phishing page generators.

May 15, 2008 by in Security

With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

So, for those who haven't heard, a Debian packager modified the source used for OpenSSL on Debian based systems (Debian and the whole of the Ubuntu family) to remove the seed used for PRNG (Pseudo Random Number Generator) used when creating SSL keys.  Well, HD Moore set a new record for speed to exploit with the release of what he calls Debian-OpenSSL Toys.

May 14, 2008 by in Enterprise Software

Security Researcher to release Cisco rootkit at EUSecWest

Security Researcher to release Cisco rootkit at EUSecWest

According to good friend Robert McMillan of IDG News, Sebastian Muniz, a researcher with Core Security Technologies, has developed malicious rootkit software for Cisco's routers, which he will release on May 22 at the EuSecWest conference in London. This will mark the first time (at least publicly) that someone has released a rootkit written for the Cisco IOS.

May 14, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories