Zack Whittaker

Zack Whittaker is the security editor for ZDNet, covering cybersecurity, national security, policy and privacy. He is based out of the New York newsroom, and can also be found on sister sites CNET and CBS News. You can contact him with his PGP key: EB6CEEA5.

Charlie Osborne

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charlie currently works as a journalist and photographer -- with the occasional design piece -- and writes for ZDNet, CNET and SmartPlanet. She has particular interests in social media, IP law, social engineering and security.

Latest Posts

Trojan masquerades as IE 7 downloads

Trojan masquerades as IE 7 downloads

Spammers are using fake Internet Explorer 7 (Beta 2) downloads to lure Windows users into downloading a nasty backdoor Trojan.The fake downloads are part of a massive spam run that includes an official-looking graphic (see image below) linked to Web sites that auto-launch an executable named "ie7.

March 29, 2007 by in Security

Exploit published for gaping (patched) IE hole

Exploit published for gaping (patched) IE hole

If you haven't applied the "critical" patch in Microsoft's MS07-009 bulletin, now might be a good time to hit that download-and-install button.Detailed exploit code for the vulnerability -- discovered during HD Moore's MOBB (month of browser bugs) project and fixed on Patch Tuesday in February -- has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.

March 26, 2007 by in Enterprise Software

Microsoft to 'killbit' MSXML4

Microsoft to 'killbit' MSXML4

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

March 26, 2007 by in Security

How long can a Mac survive the hacker jungle?

How long can a Mac survive the hacker jungle?

Apple's Mac OS X has a date with some of the world's smartest hackers.At this year's CanSecWest 2007 conference in Vancouver, BC, a "PWN to OWN" contest will pit security researchers against a MacBook Pro in an experiment to see how well a default Mac OS X install can survive hacker scrutiny.

March 26, 2007 by in Apple

Vista's Windows Mail vulnerable to file-execution attack

Vista's Windows Mail vulnerable to file-execution attack

A design error in Microsoft's Windows Mail, the e-mail application bundled into Windows Vista, could expose users to remote file-execution attacks, according to a warning from security researchers.A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user is tricked into clicking a malicious link.

March 23, 2007 by in Windows

90-day report card: Windows Vista fared better than competitors

90-day report card: Windows Vista fared better than competitors

Ninety days after the release of Microsoft's Windows Vista to business customers, the new operating system has a much better security vulnerability profile than its predecessor and several other modern workstation operating systems including Red Hat, Ubuntu, Novell and Apple products.That's according to Jeff Jones, security strategy director in Microsoft's Trustworthy Computing group.

March 22, 2007 by in Security

Xbox Live hacked, accounts stolen

Xbox Live hacked, accounts stolen

Online gaming forums are buzzing with reports that Xbox Live accounts linked to Microsoft's Windows Live ID service are being hijacked by malicious hackers. Kevin Finisterre, a security researcher at Digital Munition, raised the issue on the Full Disclosure mailing list over the weekend, calling attention to rumors that Microsoft's Bungie.

March 20, 2007 by in Microsoft

Punditry: Will Microsoft buy flaws?

Punditry: Will Microsoft buy flaws?

Last week, I wrote about hackers starting to agitate for Microsoft (and other software vendors) to start paying for information on security vulnerabilities. As a follow-up to that post, I pinged a few security research pros, asking whether they agreed it's inevitable will start buying bugs.

March 19, 2007 by in Microsoft

A Red Hat (Linux) mega patch

A Red Hat (Linux) mega patch

Here's a major security update that may have slipped under the (mainstream media) radar.The new version of RHEL (Red Hat Enterprise Linux) desktop includes fixes for a wide range of vulnerabilities, some rated "critical.

March 16, 2007 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All

Top Stories