Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cyber and national security. He is based in New York newsroom, and is also found on sister-sites CNET and CBS News. You can reach him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B | Research/security tips email: cingred@protonmail.com.

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

DIY phishing kits introducing new features

DIY phishing kits introducing new features

What are some of the main factors for the increase of phishing attacks, and their maturity from passive emails to blended threats attempting to not just steal personal information, but also infect with malware by embedding client-side vulnerabilities at the pages? It's all a matter of perspective, which in this post will emphasize on the continuing efforts on behalf of phishers to innovate, and introduce new features within the most recently obtained do-it-yourself phishing page generators.

May 15, 2008 by in Security

With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

So, for those who haven't heard, a Debian packager modified the source used for OpenSSL on Debian based systems (Debian and the whole of the Ubuntu family) to remove the seed used for PRNG (Pseudo Random Number Generator) used when creating SSL keys.  Well, HD Moore set a new record for speed to exploit with the release of what he calls Debian-OpenSSL Toys.

May 14, 2008 by in Enterprise Software

Security Researcher to release Cisco rootkit at EUSecWest

Security Researcher to release Cisco rootkit at EUSecWest

According to good friend Robert McMillan of IDG News, Sebastian Muniz, a researcher with Core Security Technologies, has developed malicious rootkit software for Cisco's routers, which he will release on May 22 at the EuSecWest conference in London. This will mark the first time (at least publicly) that someone has released a rootkit written for the Cisco IOS.

May 14, 2008 by in Security

McAfee isn't "McAfee Secure" or "Hacker Safe"

McAfee isn't "McAfee Secure" or "Hacker Safe"

In my most recent discussion on McAfee, I posted a talkback to Russ McRee stating, tongue in cheek mind you, that it'd be interesting to see an XSS or SQL Injection on McAfee's site, see if they are indeed "McAfee Secure". Well, I guess you get what you ask for...

May 13, 2008 by in Security

A U.S military botnet in the works

A U.S military botnet in the works

Make botnets, not war? In April, last year, I asked the question "Why establish an offensive cyber warfare doctrine when you can  simple install a type of Lycos Spam Fighting screensaver on every military and government computer and have it periodically update its hit lists?

May 12, 2008 by in Security

Major career web sites hit by spammers attack

Major career web sites hit by spammers attack

As assessment of a recently discovered in the wild email harvesting service, released for the purpose of harvesting names, email addresses, and other personal information from major career web sites, to be later on used for targeted spamming and malware campaigns.

May 12, 2008 by in Security

Microsoft previews three critical bulletins; two for Office

Microsoft previews three critical bulletins; two for Office

Microsoft on Thursday previewed three critical bulletins for Microsoft Office and Windows and a moderate denial of service vulnerability for the company's security software.According to Microsoft's advance notification, the software giant will address the following in its Patch Tuesday update May 13:A critical remote code execution vulnerability primarily affecting Microsoft Office (Word) and another critical remote code execution flaw in Publisher.

May 8, 2008 by in Enterprise Software

Can I interest you in a glass of Berry Blue Kool-Aid?: A recap of Microsoft Blue Hat v7

Can I interest you in a glass of Berry Blue Kool-Aid?: A recap of Microsoft Blue Hat v7

Hey all,I was fortunate enough to be invited to attend Microsoft Blue Hat v 7 as I had some research that Microsoft was interested in bringing me in to talk about.  Microsoft got to have co-worker and fellow researcher Rob Carter and I in to talk to product security teams about some of the things we'd found, and we got a free pass to an invite only conference that had some great talks.

May 6, 2008 by in Microsoft

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories