Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Twitter API ripe for abuse by web worms

Twitter API ripe for abuse by web worms

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it's much easier to misuse the Twitter API as a "weak link" to send worms squirming through Twitter.

May 26, 2009 by in Security

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Borrowing a few pages from Microsoft's playbook, Adobe today announced plans for a quarterly Patch Day for its Reader/Acrobat product lines and new initiatives to beef up its code hardening and security response processes.Starting this summer, Adobe Reader and Acrobat security patches will be released on a quarterly schedule and will be timed to coincide with Microsoft's second-Tuesday-of-the month bulletin releases.

May 20, 2009 by in Security

Mac OS X vulnerable to 6-month old Java flaw

Mac OS X vulnerable to 6-month old Java flaw

Attention Mac OS X users:  Turn Java off immediately or you could be at high risk of malicious code execution attacks.Tired of waiting for a patch from Apple for a Java flaw that was fixed upstream six months ago, Mac developer Landon Fuller (of Month of Apple Bugs/Fixes fame) has released a proof of concept exploit to demonstrate the severity of the issue.

May 20, 2009 by in Enterprise Software

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

It took only a week for the researchers at SourceSec to find a flaw in the CAPTCHA implementation of D-Link's recently introduced CAPTCHA in its routers, originally aimed to prevent DNS changing malware from automatically achieving its objective.According to SourceSec, the flawed implementation allows an attacker/malware to retrieve the router's WPA passphrase with user-level access only, and without even a properly solved CAPTCHA.

May 19, 2009 by in Security

Study: password resetting 'security questions' easily guessed

Study: password resetting 'security questions' easily guessed

How secret are in fact the 'secret questions' used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled "It's no secret: Measuring the security and reliability of authentication via 'secret' questions" according to which 17% of the study's participants were not only able to answer the 'secret questions' of strangers, but also, that the most popular questions were in fact the easiest ones to answer.

May 18, 2009 by in Security

Apple eliminates CanSecWest Pwn2Own flaws

Apple eliminates CanSecWest Pwn2Own flaws

Here's a little ditty that was almost lost in the sheer volume of this week's Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year's CanSecWest Pwn2Own hacking contest.The two flaws were used by Charlie Miller and a German researcher known only as "Nils" to launch successful drive-by download attacks against Apple's Safari browser.

May 14, 2009 by in Apple

Apple snags ex-OLPC security chief

Apple snags ex-OLPC security chief

Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system.Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security.

May 13, 2009 by in Apple

Adobe plugs PDF Reader zero-day holes

Adobe plugs PDF Reader zero-day holes

Adobe joined the Patch Tuesday barrage late yesterday, dropping fixes for a pair of code execution holes affecting its Adobe Reader and Acrobat products.[ SEE: Exploit posted for brand-new Adobe PDF zero-day ] The critical update (APSB09-06) addresses a publicly known vulnerability that was being exploited with booby-trapped PDF files.

May 13, 2009 by in Enterprise Software

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows).

May 12, 2009 by in Apple

Pirated Windows 7 leads to malware, botnet

Pirated Windows 7 leads to malware, botnet

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft's Windows 7 for the express purpose of building a botnet.According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

May 12, 2009 by in Windows

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories