Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Microsoft downplays BitLocker password leakage

Microsoft downplays BitLocker password leakage

Microsoft is downplaying the severity of a password leakage issue in BitLocker, the full disk encryption feature built into Windows Vista, insisting that a real world attack scenario is "very unlikely."According to an advisory from iViZ, the password checking routine of Microsoft Bitlocker fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.

September 2, 2008 by in Hardware

VMware ships patches for 'highly critical' server flaws

VMware ships patches for 'highly critical' server flaws

Virtualization specialist VMware has shipped a mega-patch to cover several "highly critical" vulnerabilities affecting its server and workstation product lines.In all, the patch batch addresses at least 16 documented vulnerabilities affecting the VMware Workstation, VMware Player, VMware ACE, VMware Server and VMware ESX server.

September 2, 2008 by in Hardware

Google Chrome, the security tidbits

Google Chrome, the security tidbits

The oft-rumored Google browser is real. It's called Google Chrome and it comes with a handful of security-related features like privacy mode and blacklist-based blocking of phishing and malware sites.

September 1, 2008 by in Security

Inside India's CAPTCHA solving economy

Inside India's CAPTCHA solving economy

No CAPTCHA can survive a human that's receiving financial incentives for solving it, and with an army of low-waged human CAPTCHA solvers officially in the business of "data processing" while earning a mere $2 for solving a thousand CAPTCHA's, I'm already starting to see evidence of consolidation between India's major CAPTCHA solving companies.

August 29, 2008 by in Social Enterprise

Intel ships BIOS fix for Rutkowska's Black Hat flaw

Intel ships BIOS fix for Rutkowska's Black Hat flaw

Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor.The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were withheld until Intel could release its patch.

August 27, 2008 by in Virtualization

iPhone passcode lock rendered useless

iPhone passcode lock rendered useless

Do not trust that passcode lock on Apple's iPhone.The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information.

August 26, 2008 by in iPhone

Feel like taunting an identity thief? Don't.

Feel like taunting an identity thief? Don't.

The next time you get the urge to enter angry messages to phishers on fake (malicious) Web sites, stop and consider this discovery by researcher Joe Stewart.The identity thieves behind the Asprox botnet have built extra logic into phishing sites to detect taunts and subject those computer users to drive-by malware exploits.

August 26, 2008 by in Banking

Microsoft confirms 'InPrivate' IE 8

Microsoft confirms 'InPrivate' IE 8

When Microsoft's Internet Explorer 8 browser makeover ships later this year, it will feature several nifty privacy features aimed at giving surfers control over their Web footprints.One week after bloggers discovered clues that IE 8 will include a private browsing (ahem, porn mode), Microsoft used the official IE blog to discuss four new granular controls in the browser.

August 25, 2008 by in Enterprise Software

Twitter's "me too" anti-spam strategy

Twitter's "me too" anti-spam strategy

With Twitter's continuing growth, its popularity is logically starting to attract the attention of malicious parties, like spammers, phishers, and malware authors who wouldn't mind the fact that nobody is following them when they're actively updating several hundred users with their latest propositions.

August 25, 2008 by in Security

Facebook refuses to fix obvious security flaw

Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]  The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook.The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user's session identification cookies, deliver pop-up messages or change the color of Facebook pages.

August 25, 2008 by in Collaboration

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories