Zack Whittaker

Zack Whittaker is the security editor for ZDNet. You can securely reach him on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Charlie Osborne

Charlie Osborne is a cybersecurity journalist and photographer who writes for ZDNet and CNET from London. PGP Key: AF40821B

Jennifer Leggio

Jennifer Leggio has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices. PGP Key: 3A708289 | She prefers other contact on Twitter via @mediaphyter.

Latest Posts

Botnet herders pounce on Windows DNS RPC flaw

Botnet herders pounce on Windows DNS RPC flaw

Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets. The latest twist in the ongoing attacks comes less than a week after Microsoft's pre-patch advisory provided clues for hackers to write and release detailed exploit code.

April 17, 2007 by in Windows

Oracle Patch Day: 37 flaws fixed

Oracle Patch Day: 37 flaws fixed

Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products. One of the bugs fixed in this patch batch dates back to 2003.

April 17, 2007 by in Oracle

Microsoft's advisories giving clues to hackers

Microsoft's advisories giving clues to hackers

How's this for a new twist on the old responsible disclosure debate:  Hackers are taking advantage of information released in Microsoft's pre-patch security advisories to create exploits for zero-day vulnerabilities.The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the MSRC (Microsoft Security Response Center) about how much information should be included in the pre-patch advisory.

April 16, 2007 by in Windows

How to turn off RPC management of DNS on a large scale

How to turn off RPC management of DNS on a large scale

In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

April 13, 2007 by in Windows

'Storm Worm' surge exposes AV deficiencies

'Storm Worm' surge exposes AV deficiencies

The crime ring behind the latest Storm Worm-related malware attack (Techmeme discussion) is using new tactics to slip malicious executables past anti-virus defenses, serving up another black eye to an industry that already uses questionable tactics to find new customers.Arbor Networks researcher Jose Nazario flagged the poor anti-virus detections of the Storm Worm Trojan in a blog entry that noted the use of password-protected ZIP files to hide .

April 13, 2007 by in Security

Windows DNS Server code execution hole under attack

Windows DNS Server code execution hole under attack

An zero-day vulnerability in the DNS server service in Windows is under attack, Microsoft warned in a security advisory.The "limited attacks" are exploiting a stack overflow error in the Windows Domain Name System (DNS) Server's RPC interface implementation when processing malformed requests sent to a port between 1024 and 5000.

April 13, 2007 by in Servers

MS Patch Tuesday: Vista dinged again

MS Patch Tuesday: Vista dinged again

The carefully crafted image of Windows Vista as the most secure operating system of all time is beginning to take a beating.For the second time this month, Microsoft has shipped a security bulletin with patches for a "critical" Vista vulnerability that puts millions of users at risk of code execution attacks.

April 10, 2007 by in Windows

New Word 2007 flaws, exploits released

New Word 2007 flaws, exploits released

Microsoft just can't seem to keep pace with hackers finding serious flaws in Office applications.Several new security bugs in the desktop productivity suite have been found and released to the public, including proof-of-concept Word 2007 .

April 10, 2007 by in Microsoft

Apple swats Airport Base Station security bugs

Apple swats Airport Base Station security bugs

Apple has rolled out a firmware update to fix a pair of security vulnerabilities in the Airport Extreme Base Station.The most serious of the two -- a weakness in the way the default configuration of Airport Extreme handles IPv6 connections -- could allow remote hackers to bypass certain access restrictions.

April 9, 2007 by in Security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

Top Stories