Stories by Carl Jongsma

Are international standards organisations no longer incorruptible?

For the last several months Microsoft has been pushing for their Office Open XML (OOXML) office suite file specification to be accepted as an international standard by ISO, presumably to help them gain traction for future government contracts (look, this file specification is an ISO standard, it must be good).

Written by Carl Jongsma08 Oct. 08 13:55

Sarah Palin demonstrates the peril of webmail

If you needed any more reminders about why it isn't a good idea to use external mail services to conduct critical business, the recent break-in to US Republican Vice-Presidential candidate Sarah Palin's Yahoo inbox should be it. Of note is that following the disclosure of the inboxes the compromised address and another address,, have been suspended.

Written by Carl Jongsma18 Sept. 08 12:35

Microsoft to share vulnerability data. Will you be rocked?

Microsoft's impending announcement at Black Hat on the 7th of this month, titled "Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World", being delivered by some of the best security names inside Microsoft, has already gained the attention of many in the wider community.

Written by Carl Jongsma07 Aug. 08 10:11

Korean Govt experiences first-hand the fickleness of online media

In South Korea, the world's most online country (by percentage), the Internet has become a tool of politics as much as it has a tool for the everyday Web surfer. When a former CEO took the reins of the country earlier this year, it was effective use of the Internet which contributed to his rise to power. According to Reuters, the power that helped the new president Lee Myung-bak take power is now threatening the ongoing survival of his government.

Written by Carl Jongsma05 Aug. 08 10:57

An interesting changing of the guard at Microsoft

It normally isn't news when IT people move from company to company, but there are times and circumstances when personnel movements do attract attention. Microsoft's announcement that Kevin Johnson is leaving for a position with Juniper Networks is noteworthy.

Written by Carl Jongsma25 July 08 13:19

Think twice before you blog or email

Once information has been released it is almost impossible to recover what has been published. The more sensitive or 'interesting' the information then the more likely it is that it will eventually reach widespread dissemination. Efforts to suppress distribution can and often do backfire (Streissand effect) and this is the lesson that Matasano Chargen has experienced first hand with their accidental release of the technical details behind Dan Kaminsky's DNS discovery.

Written by Carl Jongsma25 July 08 09:14

Are we about to witness a real OS X virus?

Mac antivirus maker, Intego, have published an interesting alert about a potential OS X virus that an enterprising individual is trying to sell through auction. With absolutely no technical information to go on, the antivirus maker is treating the announcement with caution.

Written by Carl Jongsma24 July 08 14:27

Lessons learned from the Kaminsky DNS vulnerability

There has been a lot of speculation devoted to the impending release of information about a DNS vulnerability discovered and initially announced by Dan Kaminsky almost two weeks ago. A lot of the coverage has been back and forth arguing about whether what has been discovered is relevant or not but the best thing to have done in the intervening period is to have sat on your hands and waited.

Written by Carl Jongsma18 July 08 10:25

How your cold explains network intrusion

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

Written by Carl Jongsma01 July 08 14:50

The Thermocline of Truth

Business consultants and analysts use a range of models and analogies to explain and describe complex concepts in a manner that is understandable by their audience. Sometimes they fail, quite spectacularly, and sometimes there comes along a new way of encapsulating difficult concepts. One such approach is Bruce Webster's "Thermocline of Truth".

Written by Carl Jongsma27 June 08 11:22

Online poker cheating demonstrates insider risk

When determining the risk to a system and the data stored on it, insider threats are generally regarded as lower risk. Despite the complete access (high risk) that insiders generally have, most of the time insiders are trusted agents (very low risk) on the network. When it breaks down, it can break down in a catastrophic manner, especially if there is money at stake.

Written by Carl Jongsma18 June 08 15:55

When weak web security can expose medical records

With recent reporting showing the ineffectiveness of breach disclosure laws on the rate and scope of data losses, what sort of teeth will HIPAA and similar laws have when electronic health records are compromised in similar numbers and scope.

Written by Carl Jongsma16 June 08 10:46

Is data loss compensation unfair?

A well known Information Security researcher who is best known for his recent work in collating and archiving reports of the often-inextricably linked forerunner to identity theft, data loss, has recently spoken out against the seemingly poor standard of compensation generally offered by the affected companies to their consumers.

Written by Carl Jongsma13 June 08 15:39

A resurgent Denial of Service threat emerges

A less known part of the recent ARP attack against H D Moore's MetaSploit site was an attempted Denial of Service attack that coincided with the successful ARP attack.

Written by Carl Jongsma11 June 08 19:12

Silence of top security voices a cause for concern

Remaining platform and technology agnostic in Information Security is a progressively more difficult task as people and companies develop the skills and abilities to form professional fee-based relationships with the vendors that they previously reported about.

Written by Carl Jongsma27 May 08 14:35