Stories by Carl Jongsma

Strange account management at Amazon

Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

Carl Jongsma | 09 Oct | Read more

Who is behind that Gmail account?

Who is the real identity behind that Gmail account? While finding out may not be as easy as knowing who is behind (Homer Simpson, for the curious), it apparently isn't much harder.

Carl Jongsma | 23 Sep | Read more

Sarah Palin demonstrates the peril of webmail

If you needed any more reminders about why it isn't a good idea to use external mail services to conduct critical business, the recent break-in to US Republican Vice-Presidential candidate Sarah Palin's Yahoo inbox should be it. Of note is that following the disclosure of the inboxes the compromised address and another address,, have been suspended.

Carl Jongsma | 18 Sep | Read more

Due diligence works, onenote patch reveals

Last week Microsoft released MS08-055 [1], patching a remote code execution vulnerability affecting the handling of onenote:// URLs in different versions of Office. What was surprising about the patch is that the vulnerability being fixed only bore a passing resemblance to the one that was notified to Microsoft in March of this year.

Carl Jongsma | 15 Sep | Read more

USAF: Cyberspace represents a fifth, costly, realm of warfare

Once the USAF Cyber Command was effectively put on ice recently, coverage of the US military's approach to network warfare and defence also went away. The existing infrastructure and systems that had been in place prior to the attempted set up of Cyber Command still continue to operate and the head of US Strategic Command, General Kevin Chilton, recently spoke about a range of the issues being faced in operating the US military's lesser-classified networks.

Carl Jongsma | 11 Sep | Read more

New attack against multiple encryption functions

Unless you're a dyed in the wool cryptographic geek you probably didn't know that there was a Crypto conference, or even a chain of worldwide crypto conferences that take place each year. Fortunately, for the most of us that aren't crypto geeks there are a handful of very highly skilled people who are; they can take the highly theoretical and complex mathematical proofs and arguments that make up most of modern cryptographic and cryptanalytic research and put it into plain language.

Carl Jongsma | 22 Aug | Read more

Conference papers - academic vs. commercial

Information Security is an odd environment in that most of the leading edge research takes place away from academic and designated research institutions, out in the industry. As a result there is a curious approach to publishing new information that doesn't really exist anywhere else.

Carl Jongsma | 21 Aug | Read more

VX Groups a dying breed, but they wont be missed

Microsoft's Malware Protection Center has picked up on some positive news that comes at a time when online threats are apparently increasing without limit. According to the MMPC's blog, there have been two VX (Virus writing and sharing) groups to have shut down in a very short period of time, seemingly without any external pressure. According to the post, there is really only one active group remaining, something which would have seemed far fetched not even a decade ago.

Carl Jongsma | 08 Aug | Read more

DNS flaw felt Down Under - here's what to do

Dan Kaminsky's disclosed DNS flaw seems to be causing more and more problems for Internet users as time goes on. With detailed exploit code readily available from any number of sources, and with talented researchers creating their own highly tuned versions of the exploit, things are beginning to look perilous for a large portion of the Internet's userbase, including Australian ISPs.

Carl Jongsma | 31 Jul | Read more

Are we about to witness a real OS X virus?

Mac antivirus maker, Intego, have published an interesting alert about a potential OS X virus that an enterprising individual is trying to sell through auction. With absolutely no technical information to go on, the antivirus maker is treating the announcement with caution.

Carl Jongsma | 24 Jul | Read more

Lessons learned from the Kaminsky DNS vulnerability

There has been a lot of speculation devoted to the impending release of information about a DNS vulnerability discovered and initially announced by Dan Kaminsky almost two weeks ago. A lot of the coverage has been back and forth arguing about whether what has been discovered is relevant or not but the best thing to have done in the intervening period is to have sat on your hands and waited.

Carl Jongsma | 18 Jul | Read more

Hack a million systems - earn a job

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

Carl Jongsma | 16 Jul | Read more

When university research is responsible for that network probe

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

Carl Jongsma | 10 Jul | Read more

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release