Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Stanford University data breach leaks sensitive information of approximately 62,000 employees

Stanford University data breach leaks sensitive information of approximately 62,000 employees

A data breach resulting from a stolen laptop has leaked sensitive information including Social Security Numbers of approximately 62,000 (as reported by Stanford University) former and current Standford University employees.  The Privacy Rights Clearinghouse, a site devoted to the collection of data breach information, reports this number as 72,000, and I'm not positive which is more accurate at this time.

June 23, 2008 by in Data Centers

How Snow Leopard can save Mac OS X from malware attacks

How Snow Leopard can save Mac OS X from malware attacks

Guest Editorial by Dino Dai ZoviAs reported by Intego and Matasano Security, a new local privilege escalation vulnerability has been found that gives local root access on Mac OS X Tiger and Leopard.While Intego calls this a critical vulnerability, I'm mostly with Matasano's Thomas Ptacek on this one where I am saying this vulnerability is not nearly that serious.

June 23, 2008 by in Apple

Demo exploits posted for unpatched MS Word vulnerability

Demo exploits posted for unpatched MS Word vulnerability

A security researcher has released demo exploits for what appears to be a critical --  unpatched -- memory corruption vulnerability affecting the ubiquitous Microsoft Word software program.The proof-of-concept exploits accompany a warning that the flaw affects Microsoft Office 2000 and Microsoft Office 2003.

June 23, 2008 by in Security

Researcher keeps 'carpet bomb' attack alive, despite patch

Researcher keeps 'carpet bomb' attack alive, despite patch

Security research Billy Rios posted an article today about the Apple Safari "Carpet Bomb" attack, discussing a new issue that, despite the patch which prevented a "blended" remote command execution attack when Safari was used in conjunction with IE on a Windows system, keeps the "Carpet Bomb" attack alive and well.

June 20, 2008 by in Security

Apple security team finds code execution holes in Ruby

Apple security team finds code execution holes in Ruby

A member of Apple's security team has discovered multiple serious security vulnerabilities in Ruby, the popular open-source scripting language.According to an advisory on the Ruby project site, Apple's Drew Yao reported at least six of the vulnerabilities, which can be exploited to cause a denial-of-service  condition or the execution of arbitrary code.

June 20, 2008 by in Apple

Phishers targeting Facebook users, fake logins spammed through hacked accounts

Phishers targeting Facebook users, fake logins spammed through hacked accounts

A currently active phishing campaign is circulating across Facebook end users' walls, using already compromised accounts to post the phishing links, tricking the user into thinking it's a legitimate friend sending the message in order to redirect them to a fake login page. The campaign is taking advantage of multiple typosquatted domains which are in a fast-flux state, namely, they respond to multiple IP addresses and change them automatically every three minutes in this particular attack.

June 20, 2008 by in Social Enterprise

Free Sourcefire tool pinpoints hostile MS Office files

Free Sourcefire tool pinpoints hostile MS Office files

Sourcefire, the company behind the popular Snort intrusion detection system, has released a freeware utility to help identify potentially threatening Microsoft Office files.The tool, called OfficeCat, can be used to process Microsoft Office documents -- Word, PowerPoint, Excel and Publisher -- determine if possible exploit conditions exist.

June 20, 2008 by in Microsoft

Microsoft blames 'human issues' for Bluetooth patch hiccup

Microsoft blames 'human issues' for Bluetooth patch hiccup

Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch.The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

June 19, 2008 by in Enterprise Software

Security breach hits DivShare, unauthorized access to its database

Security breach hits DivShare, unauthorized access to its database

The popular document and media sharing service DivShare, suffered a security breach according to a security announcement posted by DivShare's support team earlier this week :Late last night we were alerted of a security breach that allowed a malicious user to access our database, which included user e-mail addresses and other basic profile information. No financial information has been accessed by any unauthorized parties.

June 19, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories