Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Malware-infected USB drives distributed at security conference

Malware-infected USB drives distributed at security conference

The folks at Australian mega-telco Telstra are wiping eggs from their faces after distributing malware-infected USB drives to attendees at this year's AusCERT security conference.AusCERT's marketing manager Claire Groves confirmed the USB sticks came certified pre-owned (thanks Dan Geer) and were given out at a tutorial at the conference.

May 22, 2008 by in Hardware

Gaping holes in Trillian IM client

Gaping holes in Trillian IM client

Trillian users beware:  There are multiple serious security holes in the popular cross-platform IM application.According to alerts issued by TippingPoint's Zero Day Initiative (ZDI), the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro.

May 22, 2008 by in Security

How to wipe data off an iPhone

How to wipe data off an iPhone

In reponse to reports that personally identifiable private information can be easily swiped from used iPhones sold on eBay, the tireless Rich Mogull has cooked up a nifty way to wipe data from iPhones.Mogull admits his process is "not perfect" but it does look to be an easy way to overload the iPhone with music files to force an overwrite of the device's storage.

May 21, 2008 by in Storage

iCal vulnerabilities put Mac OS X users at risk

iCal vulnerabilities put Mac OS X users at risk

Heads up to Mac OS X users:  It appears Apple will be shipping high-priority security patches sometime today. (See important update at the end)According to a security alert from vulnerability research and pen testing firm Core Security, Apple is about to release patches for three remotely exploitable security vulnerabilities in iCal, the personal calendar application that ships on Mac OS X.

May 21, 2008 by in Apple

No security software, no E-banking fraud claims for you

No security software, no E-banking fraud claims for you

Rational, but unrealistic in today's threatscape. According to the Times :"Customers using their credit or debit cards online have been advised that high street banks are likely to become increasingly reluctant to help victims of internet fraud as new rules added to the Banking Code signal less willingness to cover losses.

May 20, 2008 by in Banking

McAfee partner isn't McAfee secure

McAfee partner isn't McAfee secure

I was over reading Russ McRee's blog today, and I've got to say, if McAfee's HackerSafe (or whatever they're calling it now) doesn't die off soon, then he'll be able to write a novel about their trials and tribulations.Apparently, McAfee authorized distributor Winferno.

May 20, 2008 by in Security

What is the U.S. doing about security?  Part 2.

What is the U.S. doing about security? Part 2.

Wow that was quick.  No sooner did I get done posting my last article and I see on Wired the following story:Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys — and that information turns out to be not very sensitive after all.

May 20, 2008 by in Telcos

Over 1.5 million pages affected by the recent SQL injection attacks

Over 1.5 million pages affected by the recent SQL injection attacks

In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all the malicious domains used in the continuing efforts by copycats to inject as many legitimate sites as possible. Currently counting over fifty malicious domains, and the corresponding number of affected pages by them, the total number is just over 1.

May 20, 2008 by in Security

False alarm!

False alarm!

Update 05/20/08: Sorry ladies and gents, I have to retract my previous entry.  I had mentioned that 24 flaws were patched for Mozilla today, but what I didn't realize was that the announcement was specific to gentoo emerge packages and that this was actually fixed sometime ago.

May 20, 2008 by in Open Source

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories