Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Who's behind the GPcode ransomware?

Who's behind the GPcode ransomware?

In one of these moments when those who are supposed to know, don't know, and those who don't realize what they know aren't reaching the appropriate parties, it's time we get back to the basics - finding out who's behind GPcode, and trying to tip them on the consequences of their blackmailing actions in between collecting as much actionable intelligence as possible using OSINT (open source intelligence) and CYBERINT (cyber intelligence practices).

June 9, 2008 by in Security

Blackmail ransomware returns with 1024-bit encryption key

Blackmail ransomware returns with 1024-bit encryption key

Virus analysts at Kaspersky Lab (my employer) have intercepted a new variant of Gpcode, a malicious virus that encrypts important files on an infected desktop and demands payment for a key to recover the data.The biggest change in this variant of the ransomeware is the use of RSA encryption algorithm with a 1024-bit key, making it impossible to crack without without the author's key.

June 6, 2008 by in Security

Skype patches security policy bypassing vulnerability

Skype patches security policy bypassing vulnerability

In a security bulletin issued two days ago, Skype's latest version fixes a File URI Security Bypass Code Execution Vulnerability originally reported by Ismael Briones : Remote exploitation of a security policy bypass in Skype could allow an attacker to execute arbitrary code in the context of the user.The "file:" URI handler in Skype performs checks upon the URL to verify that the link does not contain certain file extensions related to executable file formats.

June 5, 2008 by in Social Enterprise

Metasploit Project's site hijacked through ARP poisoning

Metasploit Project's site hijacked through ARP poisoning

Metasploit, the open-source platform for developing, testing, and using exploit code, got its official project site briefly hijacked on Monday by a well known member of the Chinese underground who left the following message offering a new zero day exploit for sale - "hacked by sunwear! just for fun!

June 3, 2008 by in Security

Online brand-jacking increasing

Online brand-jacking increasing

With the evolving sophistication of online scammers' understanding of social engineering and trust building online, the techniques they use to build authenticity into their scam propositions have started directly influencing a targeted brand's reputation online in the most negative way possible - the loss of a customer's trust into the brand's capabilities to defend itself against impersonation attacks.

June 3, 2008 by in Security

Phoenix Mars Lander's mission site hacked

Phoenix Mars Lander's mission site hacked

With the world's eyes on the latest multimedia streaming straight from Mars, during the weekend the Phoenix Mars Mission's site got hit twice, first by an Ukrainian web site defacer who posted a message at the site's blog, and hours later, the Turkish "sql loverz crew 2008" redirected the official mission's site, as well as the Lunar and Planetary Laboratory site to a third-part location serving the defaced page.

June 2, 2008 by in Security

Microsoft's CAPTCHA successfully broken

Microsoft's CAPTCHA successfully broken

UPDATE: Gmail, Yahoo and Hotmail's CAPTCHA broken by spammers. Jeff Yan and Ahmad Salah El Ahmad, at the School of Computing Science, Newcastle University, England recently published a research paper entitled "A Low-cost Attack on a Microsoft CAPTCHA", demonstrating how they've managed to attack the Microsoft's CAPTCHA used on several of their online services such as Hotmail and Windows Live, with over 92% recognition rate.

May 31, 2008 by in Security

Microsoft issues Safari-to-IE blended threat warning

Microsoft issues Safari-to-IE blended threat warning

Microsoft has issued a formal security advisory with a confirmation of public warnings that the Safari "carpet bombing" vulnerability presents a remote code execution threat on all supported editions of Windows XP and Windows Vista.The pre-patch advisory from Redmond follows public pressure from the Google-backed StopBadware.

May 30, 2008 by in Enterprise Software

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories