Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Latest Posts

Microsoft confirms 'InPrivate' IE 8

Microsoft confirms 'InPrivate' IE 8

When Microsoft's Internet Explorer 8 browser makeover ships later this year, it will feature several nifty privacy features aimed at giving surfers control over their Web footprints.One week after bloggers discovered clues that IE 8 will include a private browsing (ahem, porn mode), Microsoft used the official IE blog to discuss four new granular controls in the browser.

August 25, 2008 by in Enterprise Software

Twitter's "me too" anti-spam strategy

Twitter's "me too" anti-spam strategy

With Twitter's continuing growth, its popularity is logically starting to attract the attention of malicious parties, like spammers, phishers, and malware authors who wouldn't mind the fact that nobody is following them when they're actively updating several hundred users with their latest propositions.

August 25, 2008 by in Security

Facebook refuses to fix obvious security flaw

Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]  The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook.The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user's session identification cookies, deliver pop-up messages or change the color of Facebook pages.

August 25, 2008 by in Collaboration

Red Hat (belatedly) confirms security breach

Red Hat (belatedly) confirms security breach

More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH packages.The confirmation follows eight days of media speculation and conjecture over a brief e-mail that simply mentioned "an issue in the infrastructure systems" and calls into question Red Hat's ability to promptly -- and accurately -- disclose security breaches.

August 22, 2008 by in Linux

Websense reports China Netcom DNS cache poisoning

Websense reports China Netcom DNS cache poisoning

The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits.According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer,  Adobe Flash Player and Microsoft Snapshot Viewer.

August 21, 2008 by in Networking

More security holes appear in Microsoft Office

More security holes appear in Microsoft Office

In addition to this long list of missing Microsoft patches, there are at least three serious (unpatched) vulnerabilities in the Microsoft Office productivity suite.On August 12, the same day Microsoft released a slew of Office patches, TippingPoint's DV Labs published a bare-bones advisory warning about a new high-risk Office flaw that allows code execution attacks.

August 21, 2008 by in Microsoft

FEMA's PBX network hacked, over 400 calls made to the Middle East

FEMA's PBX network hacked, over 400 calls made to the Middle East

Someone's been chatting a lot during the weekend, but picking up FEMA's PBX network as their main carrier might not have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :"A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.

August 20, 2008 by in Networking

Opera patches 7 vulnerabilities but keeps one a secret

Opera patches 7 vulnerabilities but keeps one a secret

Opera Software has shipped a new version of its flagship Web browser with fixes for at least seven documented security problems but details on one vulnerability -- a cross-site scripting issue reported by Chris Weber-- is being kept under wraps.Opera warned that one of the seven flaws is rated "extremely severe" because of the risk of arbitrary code execution.

August 20, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories