Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Intel ships BIOS fix for Rutkowska's Black Hat flaw

Intel ships BIOS fix for Rutkowska's Black Hat flaw

Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor.The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were withheld until Intel could release its patch.

August 27, 2008 by in Virtualization

iPhone passcode lock rendered useless

iPhone passcode lock rendered useless

Do not trust that passcode lock on Apple's iPhone.The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information.

August 26, 2008 by in iPhone

Feel like taunting an identity thief? Don't.

Feel like taunting an identity thief? Don't.

The next time you get the urge to enter angry messages to phishers on fake (malicious) Web sites, stop and consider this discovery by researcher Joe Stewart.The identity thieves behind the Asprox botnet have built extra logic into phishing sites to detect taunts and subject those computer users to drive-by malware exploits.

August 26, 2008 by in Banking

Microsoft confirms 'InPrivate' IE 8

Microsoft confirms 'InPrivate' IE 8

When Microsoft's Internet Explorer 8 browser makeover ships later this year, it will feature several nifty privacy features aimed at giving surfers control over their Web footprints.One week after bloggers discovered clues that IE 8 will include a private browsing (ahem, porn mode), Microsoft used the official IE blog to discuss four new granular controls in the browser.

August 25, 2008 by in Enterprise Software

Twitter's "me too" anti-spam strategy

Twitter's "me too" anti-spam strategy

With Twitter's continuing growth, its popularity is logically starting to attract the attention of malicious parties, like spammers, phishers, and malware authors who wouldn't mind the fact that nobody is following them when they're actively updating several hundred users with their latest propositions.

August 25, 2008 by in Security

Facebook refuses to fix obvious security flaw

Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]  The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook.The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user's session identification cookies, deliver pop-up messages or change the color of Facebook pages.

August 25, 2008 by in Collaboration

Red Hat (belatedly) confirms security breach

Red Hat (belatedly) confirms security breach

More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH packages.The confirmation follows eight days of media speculation and conjecture over a brief e-mail that simply mentioned "an issue in the infrastructure systems" and calls into question Red Hat's ability to promptly -- and accurately -- disclose security breaches.

August 22, 2008 by in Linux

Websense reports China Netcom DNS cache poisoning

Websense reports China Netcom DNS cache poisoning

The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits.According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer,  Adobe Flash Player and Microsoft Snapshot Viewer.

August 21, 2008 by in Networking

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories