id="info"

Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cybersecurity, national security, policy and privacy. He is based out of the New York newsroom, and can also be found on sister sites CNET and CBS News. You can contact him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

The Storm Worm would love to infect you

The Storm Worm would love to infect you

The Storm Worm malware is back in the game, with its most recent campaign currently active and trying to entice users into executing iloveyou.exe by spamming them with links to already infected hosts acting as web servers, next to SQL injecting malicious domains into legitimate sites for the campaign to scale faster.

May 19, 2008 by in Security

I'm stepping aside...

I'm stepping aside...

I'm becoming a contributor on Zero Day to let the experts handle our security blog.As you may have noticed, Ryan Naraine has returned to Zero Day creating what I consider a security dream team.

May 19, 2008 by in Security

Fast-Fluxing SQL injection attacks executed from the Asprox botnet

Fast-Fluxing SQL injection attacks executed from the Asprox botnet

The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling and diversifying its campaigns from fake Windows updates, to fake Yahoo ecards, as well as executable news items.

May 18, 2008 by in Security

Redmond Magazine Successfully SQL Injected by Chinese Hacktivists

Redmond Magazine Successfully SQL Injected by Chinese Hacktivists

Irony at its best. It appears that Redmond - The Independent Voice of the Microsoft IT Community, formerly known as Microsoft Certified Professional Magazine is currently flagged as a badware site, and third-party exploit detection tools are also detecting internal pages as exploit hosting ones, in this particular case Mal/Badsrc-A.

May 16, 2008 by in Security

DIY phishing kits introducing new features

DIY phishing kits introducing new features

What are some of the main factors for the increase of phishing attacks, and their maturity from passive emails to blended threats attempting to not just steal personal information, but also infect with malware by embedding client-side vulnerabilities at the pages? It's all a matter of perspective, which in this post will emphasize on the continuing efforts on behalf of phishers to innovate, and introduce new features within the most recently obtained do-it-yourself phishing page generators.

May 15, 2008 by in Security

With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

So, for those who haven't heard, a Debian packager modified the source used for OpenSSL on Debian based systems (Debian and the whole of the Ubuntu family) to remove the seed used for PRNG (Pseudo Random Number Generator) used when creating SSL keys.  Well, HD Moore set a new record for speed to exploit with the release of what he calls Debian-OpenSSL Toys.

May 14, 2008 by in Enterprise Software

Security Researcher to release Cisco rootkit at EUSecWest

Security Researcher to release Cisco rootkit at EUSecWest

According to good friend Robert McMillan of IDG News, Sebastian Muniz, a researcher with Core Security Technologies, has developed malicious rootkit software for Cisco's routers, which he will release on May 22 at the EuSecWest conference in London. This will mark the first time (at least publicly) that someone has released a rootkit written for the Cisco IOS.

May 14, 2008 by in Security

McAfee isn't "McAfee Secure" or "Hacker Safe"

McAfee isn't "McAfee Secure" or "Hacker Safe"

In my most recent discussion on McAfee, I posted a talkback to Russ McRee stating, tongue in cheek mind you, that it'd be interesting to see an XSS or SQL Injection on McAfee's site, see if they are indeed "McAfee Secure". Well, I guess you get what you ask for...

May 13, 2008 by in Security

A U.S military botnet in the works

A U.S military botnet in the works

Make botnets, not war? In April, last year, I asked the question "Why establish an offensive cyber warfare doctrine when you can  simple install a type of Lycos Spam Fighting screensaver on every military and government computer and have it periodically update its hit lists?

May 12, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories