Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

VoIP vulnerabilities in Microsoft Communicator

VoIP vulnerabilities in Microsoft Communicator

Researchers at VoIPshield Labs have pinpointed a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging , voice, and video tools.The flaws, rated "high severity," could cripple VoIP-powered communications on Office Communications Server 2007, Office Communicator and Windows Live Messenger.

November 17, 2008 by in Security

Sun plugs holes in StarOffice

Sun plugs holes in StarOffice

Two weeks after the OpenOffice.org team shipped patches for code execution flaws in office suite, Sun Micrososystems has followed up with a high-priority update for StarOffice, which is based on the open-source code.

November 14, 2008 by in Oracle

Google Chrome vulnerable to data theft flaw

Google Chrome vulnerable to data theft flaw

Google has seeded a new version of its Chrome browser to developers with fixes for a pair of security issues that could expose users to data theft.The issue, rated as a "moderate" risk could allow hackers to use HTML files to steal arbitrary files from a victim's machine.

November 12, 2008 by in Security

$10k hacking contest announced

$10k hacking contest announced

Israeli software developer Gizmox is challenging hackers to try hacking into the company's Visual WebGui Platform, by offering a $10,000 incentive to those who manage to achieve the objectives of their contest launched at the beginning of the month. What's particularly interesting about the contest is the fact that the company is running the contest as an investigation into the identity of their secret agent, the data for whom resides on their unhackable platform.

November 12, 2008 by in Security

Google fixes critical XSS vulnerability

Google fixes critical XSS vulnerability

All your accounting data are not belong to us. Hours after a proof of concept example detailing a XSS vulnerability at Google's account login page was posted at the XSS Project's clearing house, the company quickly took notice and fixed it.

November 12, 2008 by in Security

Spam rates massively down on shutdown of rogue ISP

Spam rates massively down on shutdown of rogue ISP

Several major news outlets are reporting that the shutdown of a rogue ISP in the Bay Area has lead to a massive drop in the global amount of spam. While this is "good thing", this event is not an end of spam, nor is it even the beginning of the end of spam; it is merely a temporary lull.

November 12, 2008 by in Security

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

One of the code execution vulnerabilities fixed in this month's Microsoft Patch Tuesday release dates back to 2001 when it was first disclosed by Cult of the Dead Cow hacker Sir Dystic (pictured left).If that wasn't cause for worry, get this:  An exploit for the bug -- in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials -- has been part of the Metasploit hacking tool since July 2007.

November 12, 2008 by in Security

MS Patch Tuesday: Critical Windows, Office flaws fixed

MS Patch Tuesday: Critical Windows, Office flaws fixed

Microsoft's scheduled batch of patches for November crossed the wires today with fixes for at least four documented vulnerabilities affecting millions of Windows and Office users.As previously reported, the company released two security bulletins -- one rated critical, one rated important -- with fixes for flaws that could lead to remote code execution attacks.

November 11, 2008 by in Enterprise Software

BBC hit by a DDoS attack

BBC hit by a DDoS attack

The British Broadcasting Corporation (bbc.co.uk) was hit by a DDoS attack on Thursday, according to a statement sent to the Inquirer :"In a statement to the INQ, the BBC said the attack originated in a number of different countries but didn't specify which.

November 11, 2008 by in Security

AVG and Rising signatures update detects Windows files as malware

AVG and Rising signatures update detects Windows files as malware

Yesterday, a signatures update pushed by AVG falsely labeled a critical Windows file as a banker malware, prompting the company to quickly fix the issue and issue a workaround, following end users complaints at its support forums.AVG's false positive causing downtime for Windows users is happening a week after Rising antivirus apologized to its customers for falsely detecting Outlook Express as malware leading to loss of emails, and yes, productivity too.

November 11, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories