Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

MS Patch Tuesday: 3 critical SMB vulnerabilities

MS Patch Tuesday: 3 critical SMB vulnerabilities

Microsoft today shipped a solitary bulletin with patches for at least three documented security flaws in the Microsoft Server Message Block (SMB) Protocol.The three vulnerabilities, rated "critical" on Windows 2000, Windows XP and Windows Server 2003, exposes Windows users to remote code execution attacks, Microsoft said in its MS09-001 bulletin.

January 13, 2009 by in Enterprise Software

Phishers as street-level drug dealers

Phishers as street-level drug dealers

The Microsoft report on the profitability of phishing and its associated economic constraints is reminiscent of another illegal enterprise: street-level drug dealing.Microsoft released a report stating that phishing is no where near as profitable as commonly believed.

January 11, 2009 by in Security

Oracle planning Patch Tuesday whopper

Oracle planning Patch Tuesday whopper

Microsoft may be offering a Patch Tuesday respite this month but, if you're an Oracle database administrator, January 13 will be a very busy day.The database server giant announced plans for a monster Patch Day next Tuesday with fixes for 41 security vulnerabilities in "across hundreds of  Oracle products.

January 9, 2009 by in Data Centers

Microsoft study debunks phishing profitability

Microsoft study debunks phishing profitability

Do phishers actually make money, or is phishing an unprofitable business, scammers lose time and resources into? Taking the economic approach of generalizing how much money phishers make, a recently released study by Microsoft researchers Cormac Herley and Dinei Florencio (A Profitless Endeavor: Phishing as Tragedy of the Commons), states that phishing isn't as profitable as originally thought.

January 8, 2009 by in Security

Microsoft planning quiet Patch Tuesday (1 critical)

Microsoft planning quiet Patch Tuesday (1 critical)

Microsoft plans to ship a solitary security bulletin next Tuesday with fixes for a serious security problem in its flagship Windows operating system.The bulletin will carry a "critical" rating, which means that exploitation of the vulnerability could allow the propagation of an Internet worm without user action.

January 8, 2009 by in Windows

A roadmap for the Twitter CSO

A roadmap for the Twitter CSO

The folks at Twitter had to deal with an attack from both phishers and hackers over the past few days. As someone who has been in their shoes many times before, I deeply sympathize with their team and I understand the amount of work that they need to do.

January 7, 2009 by in Security

Bogus LinkedIn profiles serving malware

Bogus LinkedIn profiles serving malware

A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works.

January 6, 2009 by in Security

Thousands of Israeli web sites under attack

Thousands of Israeli web sites under attack

In the wake of the escalating conflict between Israel and Hamas, it didn't take long before pro-Hamas supporters organized themselves and started to defacing thousands of pro-Israeli web sites in order to use them as vehicles for propaganda -- Israel is meanwhile hijacking TV signals.

January 6, 2009 by in Security

Twitter phishing... inside Twitter

Twitter phishing... inside Twitter

Over the weekend I received a handful of reports of individuals using Direct Messages inside of Twitter to phish for Twitter accounts and passwords.A cluster of compromised Twitter accounts are sending out person-to-person phishing messages inside the Twitter network.

January 4, 2009 by in Security

Adobe Flash, Apple Safari fail privacy test

Adobe Flash, Apple Safari fail privacy test

Third party plug-ins like Adobe Flash do a poor job of cleaning traces of your browser sessions, rendering private-browsing features somewhat useless, according to a new study by researcher Katherine McKinley.McKinley, a researcher at iSec Partners, created a tool for testing the functionality of clearing private data after a browser session and browsing in private mode and found that some browsers -- most notably Apple's Safari for Windows -- do a poor job of wiping traces of a browser session.

January 2, 2009 by in Apple

Military contractor "cyber-defense" gold rush begins

Military contractor "cyber-defense" gold rush begins

Sensing a shift in upcoming defense priorities, Lockheed and Boeing are both launching information security product divisions.Bloomberg is reporting that both Lockheed Martin and Boeing are building security product groups to address the military's needs in defending cyberspace.

January 2, 2009 by in Security

MD5/rogue CA attack: The sky is not falling

MD5/rogue CA attack: The sky is not falling

Guest post by John Viega Today there’s been a lot of buzz about the clever new attack on public key infrastructure from Alex Sotirov and a team of researchers.   In the attack, the bad guy ends up with his own Certification Authority (CA) that is fully trusted according to every major browser.

December 30, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories