Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can send tips securely via Signal and WhatsApp to 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Developers at fault?  SQL Injection attacks lead to wide-spread compromise of IIS servers

Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers

There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack. For those of you who aren't familiar with SQL Injection attacks, it's a pretty well known web application attack vector that exists in high volume on dynamic applications, say for instance, on your banking site.

April 28, 2008 by in Developer

More URI handler issues to come

More URI handler issues to come

Rob Carter, Billy Rios, and I have been blogging about and speaking at conferences like Black Hat and ToorCon all year on the subject of URI handler abuse.  One might think these types of flaws are soon to go away, but one look at SecurityFocus and FullDisclosure today and you can see that's not the case.

April 25, 2008 by in Security

LendingTree insiders leak customer data

LendingTree insiders leak customer data

LendingTree, an online loan referral service owned by IAC, has informed select customers that their confidential data has been leaked to "a handful of lenders" by company insiders.An email to customers that may have been impacted by the breach refers folks to an FAQ that's basically hidden on the LendingTree site.

April 22, 2008 by in Collaboration

Websense: UN, UK sites compromised by JavaScript injection

Websense: UN, UK sites compromised by JavaScript injection

Websense on Tuesday said that the UN and UK government sites are being attacked in a mass JavaScript injection attack.According to Websense:Websense Security Labs has been tracking a recent development of the malicious JavaScript injection that compromised thousands of domains at the start of this month, just 2-3 weeks ago.

April 22, 2008 by in Developer

RSA finds new malware enhanced phishing technique

RSA finds new malware enhanced phishing technique

RSA said Monday that it discovered a new phishing technique that uses elements of a malware attack to swipe personal information.The discovery illustrates a series of attacks from the Rock Phish group, which is a gang reportedly based in Russia that has been targeting financial institutions since 2004.

April 21, 2008 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories