Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Internet Explorer 'feature' causing drive-by malware attacks

Internet Explorer 'feature' causing drive-by malware attacks

My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks.The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.

June 27, 2008 by in Enterprise Software

Tech heavyweights launch security response consortium

Tech heavyweights launch security response consortium

Interesting bit of news coming out of the FIRST Conference in Vancouver today:  Five big-name IT firms have created a non-profit consortium aimed at "proactively driving excellence and innovation in security response."The group -- called ICASI (Industry Consortium for Advancement of Security on the Internet) -- counts Cisco, IBM, Intel, Juniper Networks and Microsoft Corp among its founding members.

June 26, 2008 by in Security

Zero-day flaw haunts Internet Explorer

Zero-day flaw haunts Internet Explorer

An unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:Do you believe in ghosts?

June 25, 2008 by in Enterprise Software

Yahoo swats serious cross-site scripting bug

Yahoo swats serious cross-site scripting bug

Web application security firm Cenzic has flagged a serious cross-site scripting vulnerability affecting millions of Yahoo Mail users.The flaw, which was patched by Yahoo on June 13,  opened the door for hackers to steal Yahoo identities and gain access to users' sensitive and private information.

June 24, 2008 by in Collaboration

Another Trojan hits Mac OS X

Another Trojan hits Mac OS X

From a Slashdot article posted by "kdawson", written by "Don't Believe in Imaginary Property": "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user.

June 24, 2008 by in Apple

How does Apple get away with this badware behavior?

How does Apple get away with this badware behavior?

As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.

June 24, 2008 by in Tech & Work

Spam attack shut downs Marshall Islands email service

Spam attack shut downs Marshall Islands email service

Marshall Islands National Telecommunications Authority is reporting that a sustained spamming attack during the past 24 hours managed to cause a successful Denial of Service attack on the email services of the islands only Internet Service Provider. More info on the attack : More than 18 hours after the initial attack Tuesday incoming email service to the monopoly provider had still not been restored.

June 24, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories