Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Evolution is punctuated equilibria

Evolution is punctuated equilibria

Guest editorial by Dino Dai ZoviIn evolutionary biology, the theory of punctuated equilibiria states that evolution is not a gradual process but instead consists of long periods of stasis interrupted by rapid, catastrophic change.  This is supported by fossil evidence that shows little variation within a species and new species that appear to come out of nowhere.

July 29, 2008 by in Security

Passports worth £2.5 million stolen in van hijack

Passports worth £2.5 million stolen in van hijack

Graham Tibbetts of the UK Telegraph is reporting that the British Foreign Office has admitted to losing around 3,000 passports and visa stickers, which were stolen on their way from Manchester to RAF Northolt in London, where they were to be sent to British embassies.  From the article:Officials claimed the chip technology incorporated in the passports would prevent them being used.

July 29, 2008 by in Security

Neosploit exploit kit shutters operations?

Neosploit exploit kit shutters operations?

The distributors of Neosploit, one of the more dangerous drive-by download exploit kits on the Internet, have shut down operations because of financial problems, according to malware researchers at RSA FraudAction Research Labs.In a blog entry, the company said it found evidence that Neosploit will no longer be supported (yes, the do-it-yourself malware installation kit comes with terms of service and customer support!

July 28, 2008 by in Security

DNS cache poisoning attacks exploited in the wild

DNS cache poisoning attacks exploited in the wild

UPDATE: Arbor Networks have provided more details in their "30 Days of DNS Attack Activity" analysis, SANS confirmed HD Moore's statement on DNS cache poisoned AT&T DNS servers. Numerous independent sources are starting to see evidence of DNS cache poisoning attempts on their local networks, in what appears to be an attempt to take advantage of the "recent" DNS cache poisoning vulnerability :" client 143.

July 28, 2008 by in Security

Katie Moussouris on HOPE 2008: HOPE Springs Eternal

Katie Moussouris on HOPE 2008: HOPE Springs Eternal

Guest Editorial by Katie Moussouris of MicrosoftIf cyberspace is a mass, consensual hallucination, as William Gibson characterized it, then HOPE was a dream manifested in meatspace that would not die. While Hackers On Planet Earth has been running every other year since 1994, it was my first journey to the con.

July 28, 2008 by in CXO

Safari browser flaw: Session fixation attacks possible

Safari browser flaw: Session fixation attacks possible

Another day, another unpatched Safari browser vulnerability.According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.

July 28, 2008 by in Security

Evilgrade: Exploit toolkit pwns insecure online updates

Evilgrade: Exploit toolkit pwns insecure online updates

A security research outfit in Argentina has released a malcode distribution toolkit capable of launching man-in-the-middle attacks against popular products that use insecure update mechanisms.The toolkit, called Evilgrade, works in conjunction with man-in-the-middle techniques (DNS, ARP and DHCP spoofing) to exploit a wide range of applications, according to a post on the Metasploit blog.

July 28, 2008 by in Networking

Gaping holes in RealPlayer patched

Gaping holes in RealPlayer patched

Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks.The patch comes a few hours after Secunia released an advisory warning for one of the vulnerabilities, a heap-based buffer overflow caused by a design error within RealPlayer's handling of frames in Shockwave Flash (SWF) files.

July 25, 2008 by in Hardware

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories