Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Katie Moussouris on HOPE 2008: HOPE Springs Eternal

Katie Moussouris on HOPE 2008: HOPE Springs Eternal

Guest Editorial by Katie Moussouris of MicrosoftIf cyberspace is a mass, consensual hallucination, as William Gibson characterized it, then HOPE was a dream manifested in meatspace that would not die. While Hackers On Planet Earth has been running every other year since 1994, it was my first journey to the con.

July 28, 2008 by in CXO

Safari browser flaw: Session fixation attacks possible

Safari browser flaw: Session fixation attacks possible

Another day, another unpatched Safari browser vulnerability.According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.

July 28, 2008 by in Security

Evilgrade: Exploit toolkit pwns insecure online updates

Evilgrade: Exploit toolkit pwns insecure online updates

A security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

July 28, 2008 by in Networking

Gaping holes in RealPlayer patched

Gaping holes in RealPlayer patched

Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks.The patch comes a few hours after Secunia released an advisory warning for one of the vulnerabilities, a heap-based buffer overflow caused by a design error within RealPlayer's handling of frames in Shockwave Flash (SWF) files.

July 25, 2008 by in Hardware

Britain moves against illegal file sharing

Britain moves against illegal file sharing

CBC News out of Canada is reporting that British ISPs are making an aggressive move against illegal file sharing by implementing a program designed to discover copyright violators, who will be sent warning letters and may potentially have their internet connections disconnected.For more on the article, read below.

July 25, 2008 by in Enterprise Software

GMail adds "https:"-only connections but still not by default

GMail adds "https:"-only connections but still not by default

Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default.In the Settings tab, at the very bottom, GMail users can now select an "Always use https" option for stronger security, especially when connecting via Wi-Fi.

July 25, 2008 by in Cloud

Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame

Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame

Whereas the overall click fraud rate isn't increasing, it's not decreasing either, remaining flat for the first two quarters of 2008, according to data gathered from the Click Fraud Network, consisting of more than 4,000 online advertisers and agencies. Click Forensics report for the second quarter of 2008, indicates that botnets continue being used for click fraud, the preferred and more efficient approach compared to hiring human clickers on a revenue sharing basis.

July 24, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories