Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

An easy fix ignored

An easy fix ignored

Guest post by Chris EngIn the wake of this morning's 25C3 presentation by Alex Sotirov and Jacob Appelbaum, most of the coverage I've read so far has focused on the technical details and real-world impact of their findings. Rightly so -- their paper describing the attack is a fascinating read filled with enough gory details to make any security practitioner salivate.

December 30, 2008 by in Security

Microsoft pours cold water on WMP flaw warning

Microsoft pours cold water on WMP flaw warning

Microsoft is pouring cold water on public reports of a serious code execution vulnerability in the newest versions of its Windows Media Player software.Following the release of proof-of-concept code alongside a claim that the bug can be remotely exploitable to launch arbitrary code, a Microsoft spokesman insists this "is not a product vulnerability.

December 29, 2008 by in Hardware

Santa left a virus under the Christmas tree

Santa left a virus under the Christmas tree

Amazon has warned its customers that one of Samsung's digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem.

December 27, 2008 by in Security

Microsoft confirms critical SQL Server vulnerability

Microsoft confirms critical SQL Server vulnerability

Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

December 22, 2008 by in Data Management

PlayStation Home virtual world hacked

PlayStation Home virtual world hacked

Hackers are using a combination of DNS redirection, software vulnerabilities and the open-source Apache Web server to exploit holes in Sony's new PlayStation Home virtual world, according to a Telegraph report.The hack is allowing developers to customize their PlayStation Home experience beyond the options provided by Sony but there's a worrysome component to this platform weakness...

December 22, 2008 by in Hardware

Firefox joins security patch day treadmill

Firefox joins security patch day treadmill

Mozilla is joining Microsoft and Opera on the browser patching treadmill.The open-source group has rolled out the final security fix for the Firefox 2 branch and a new version of Firefox 3 to plug about a dozen security holes that could lead to remote code execution attacks, browser crashes and information disclosure issues.

December 16, 2008 by in Security

As attacks escalate, MS readies emergency IE patch

As attacks escalate, MS readies emergency IE patch

Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability.[ SEE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks ]The out-of-band update, which will be rated critical, follows the public discovery of password-stealing Trojans exploiting the bug on Chinese-language Web sites.

December 16, 2008 by in Windows

Google sponsored links spreading (scareware) rogue AV

Google sponsored links spreading (scareware) rogue AV

Malware hunters at Websense Security Labs have discovered legitimate Google sponsored links being used to plant scareware programs (rogue anti-virus applications) on the computers of Windows users.In a blow-by-blow description of the rogueware attack, Websense researcher Elad Sharf shows how an innocent Google search for the Winrar file archiver and data compression utility can lead to a fake C|Net downloads.

December 16, 2008 by in Security

Talkback Tuesday: Apple's AV non-announcement

Talkback Tuesday: Apple's AV non-announcement

I was traveling the eastern seaboard all of last week, visiting family, friends, and old work colleagues in Philadelphia, New York, and Boston, so I didn't have much opportunity to provide feedback to what had become the most heavily discussed blog post I have yet generated.Two weeks ago, people got all hot and bothered because Apple appeared to have posted and retracted a recommendation that people run anti-virus software on their Mac.

December 15, 2008 by in Apple

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories