Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

BlackBerry bitten by ActiveX control flaw

BlackBerry bitten by ActiveX control flaw

Research in Motion (RIM) today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks.When a BlackBerry device user browses to a web site that is designed to install the BlackBerry Application Web Loader ActiveX control on BlackBerry devices over a USB connection, and clicks Yes to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the computer.

February 10, 2009 by in Mobility

Microsoft: 'Consistent exploit code likely' for IE vulnerabilities

Microsoft: 'Consistent exploit code likely' for IE vulnerabilities

Microsoft today shipped four bulletins with patches for at least 8 documented security vulnerabilities affecting Windows users and warned that "consistent exploit code could be easily crafted" to launch attacks via the Internet Explorer browser.The Patch Tuesday batch includes fixes for a pair of code execution holes in IE, two bugs in the Microsoft Exchange Server, a remote code execution issue in the Microsoft SQL Server, and three separate flaws haunting users of Microsoft Office Visio.

February 10, 2009 by in Enterprise Software

Fuzzing for Oracle database vulnerabilities

Fuzzing for Oracle database vulnerabilities

Database security vendor Sentrigo has released an open-source fuzz testing tool to help pinpoint security-related coding deficiencies in Oracle databases.The tool, called FuzzOr, runs on Oracle 8i and is aimed at PL/SQL programmers and DBAs looking to find and eliminate vulnerabilities that may be exploited via SQL injection and buffer overflow attacks -- the most common techniques used to launch hacker attacks on databases.

February 4, 2009 by in Enterprise Software

Commercial Twitter spamming tool hits the market

Commercial Twitter spamming tool hits the market

Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.

February 4, 2009 by in Security

The psychological impact of false positives

The psychological impact of false positives

False positives, or the act of marking legitimate content as being malicious, are an unfortunate but unavoidable consequence of rapid response security technologies. They are relatively rare, unseen events, that make the news only when something goes horribly wrong.

February 3, 2009 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories