Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

D-Link router's CAPTCHA flawed, WPA passphrase retrieved

It took only a week for the researchers at SourceSec to find a flaw in the CAPTCHA implementation of D-Link's recently introduced CAPTCHA in its routers, originally aimed to prevent DNS changing malware from automatically achieving its objective.According to SourceSec, the flawed implementation allows an attacker/malware to retrieve the router's WPA passphrase with user-level access only, and without even a properly solved CAPTCHA.

May 19, 2009 by in Security

Study: password resetting 'security questions' easily guessed

Study: password resetting 'security questions' easily guessed

How secret are in fact the 'secret questions' used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled "It's no secret: Measuring the security and reliability of authentication via 'secret' questions" according to which 17% of the study's participants were not only able to answer the 'secret questions' of strangers, but also, that the most popular questions were in fact the easiest ones to answer.

May 18, 2009 by in Security

Apple eliminates CanSecWest Pwn2Own flaws

Apple eliminates CanSecWest Pwn2Own flaws

Here's a little ditty that was almost lost in the sheer volume of this week's Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year's CanSecWest Pwn2Own hacking contest.The two flaws were used by Charlie Miller and a German researcher known only as "Nils" to launch successful drive-by download attacks against Apple's Safari browser.

May 14, 2009 by in Apple

Apple snags ex-OLPC security chief

Apple snags ex-OLPC security chief

Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system.Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security.

May 13, 2009 by in Apple

Adobe plugs PDF Reader zero-day holes

Adobe plugs PDF Reader zero-day holes

Adobe joined the Patch Tuesday barrage late yesterday, dropping fixes for a pair of code execution holes affecting its Adobe Reader and Acrobat products.[ SEE: Exploit posted for brand-new Adobe PDF zero-day ] The critical update (APSB09-06) addresses a publicly known vulnerability that was being exploited with booby-trapped PDF files.

May 13, 2009 by in Enterprise Software

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows).

May 12, 2009 by in Apple

Pirated Windows 7 leads to malware, botnet

Pirated Windows 7 leads to malware, botnet

Several news outlets (including eWEEK and Washington Post) are reporting on a new piece of malware embedded into pirated copies of Microsoft's Windows 7 for the express purpose of building a botnet.According to researchers at Damballa, the bootleg copies of the new operating system have been posted on torrent sites and was infecting downloaders at a rate of 552 users per hour.

May 12, 2009 by in Windows

D-Link adds CAPTCHA to home routers

D-Link adds CAPTCHA to home routers

On the heels of a series of malware attacks targeting home routers, D-Link today announced the integration of a CAPTCHA system to its home and small office routers.The new CAPTCHA system will be particularly useful to thwart malicious attacks that target default passwords on routers to alter DNS records to hijack all future connections.

May 12, 2009 by in Networking

Microsoft plugs 14 PowerPoint security holes

Microsoft plugs 14 PowerPoint security holes

Microsoft has slapped a massive band-aid on its PowerPoint presentation software to cover at least 14 documented security vulnerabilities.The MS09-017 update, rated "critical," includes a fix for a known code execution flaw that was used to launch targeted exploits via rigged PowerPoint files.

May 12, 2009 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories