Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Red Hat (belatedly) confirms security breach

Red Hat (belatedly) confirms security breach

More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH packages.The confirmation follows eight days of media speculation and conjecture over a brief e-mail that simply mentioned "an issue in the infrastructure systems" and calls into question Red Hat's ability to promptly -- and accurately -- disclose security breaches.

August 22, 2008 by in Linux

Websense reports China Netcom DNS cache poisoning

Websense reports China Netcom DNS cache poisoning

The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits.According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer,  Adobe Flash Player and Microsoft Snapshot Viewer.

August 21, 2008 by in Networking

More security holes appear in Microsoft Office

More security holes appear in Microsoft Office

In addition to this long list of missing Microsoft patches, there are at least three serious (unpatched) vulnerabilities in the Microsoft Office productivity suite.On August 12, the same day Microsoft released a slew of Office patches, TippingPoint's DV Labs published a bare-bones advisory warning about a new high-risk Office flaw that allows code execution attacks.

August 21, 2008 by in Microsoft

FEMA's PBX network hacked, over 400 calls made to the Middle East

FEMA's PBX network hacked, over 400 calls made to the Middle East

Someone's been chatting a lot during the weekend, but picking up FEMA's PBX network as their main carrier might not have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :"A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.

August 20, 2008 by in Networking

Opera patches 7 vulnerabilities but keeps one a secret

Opera patches 7 vulnerabilities but keeps one a secret

Opera Software has shipped a new version of its flagship Web browser with fixes for at least seven documented security problems but details on one vulnerability -- a cross-site scripting issue reported by Chris Weber-- is being kept under wraps.Opera warned that one of the seven flaws is rated "extremely severe" because of the risk of arbitrary code execution.

August 20, 2008 by in Security

Can Adobe mitigate 'clipboard hijack' issue?

Can Adobe mitigate 'clipboard hijack' issue?

Adobe's product security incident response team (PSIRT) says it is investigating possible solutions to the clipboard hijack attacks spotted on Flash-based advertisements on high-profile Web sites.A barebones note on the PSIRT blog simply acknowledges the issue and promised more information after the investigation but, by mentioning "possible solutions," it is clear that that Adobe is looking for ways to mitigate the threat.

August 20, 2008 by in Security

Visa, banks to test real-time fraud alerts

Visa, banks to test real-time fraud alerts

Credit card giant Visa is teaming up with with eight North American banks to deliver fraud alerts in real-time via SMS (text messages) and e-mails to cell phones.The pilot program will allow about 2,000 Visa cardholders to set thresholds that will trigger an immediate transaction alert to a mobile device.

August 20, 2008 by in Telcos

Android security team appeals to hackers

Android security team appeals to hackers

Already burned by the discovery of serious security vulnerabilities in its SDK, the Android Security Team emerged from the shadows this week with an appeal to the security community for help fixing flaws in the Linux-based mobile platform.In a note posted to several public mailing lists, the open-source group published a detailed FAQ covering its security philosophy and process and made a direct request for hackers to use responsible disclosure (.

August 19, 2008 by in Mobility

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories