Stories by Carl Jongsma

Losing Your Data - The Third Party Way

Outsourcing of critical business components to third parties has been a trend for a number of years and it has been something that Information Security personnel have been concerned about from the start, particularly due to the risk posed by having sensitive company data in a remote location that is outside the control of the company.

Hack a million systems - earn a job

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

When university research is responsible for that network probe

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

Korean poor get InfoSec help

In South Korea, email might be only for old people, as the Slashdot meme suggests, but the Korean government is taking a very progressive and interesting approach to helping the less privileged to improve their Information Security position.

Selling zero-day exploits has a down side

Information Security can sometimes be a funny field to work in. Some days it seems as if anybody with their hands on unpublished exploit code can sell it for all they're worth, and others it seems that they are set to become the target of law enforcement and the companies the code affects. It does help if you don't work for one of the companies that is set to be affected by the exploits you are trying to sell and aren't trying to bootstrap a competing company in the process.

Bad blood over Linspire's sale to Xandros

One of the first commercial Linux distributions aimed at the average computer user, Linspire, has just been sold to Xandros and undergone a name change to Digital Cornerstone. Xandros may not be very commonly known, but it is the distro being used by Asus on the EeePC.

US Army Challenges USAF on Network Warfare

The US Air Force's Cyber Command might have some competition on its hands, this time from a sister service, with the official activation of the US Army's Network Warfare Battalion earlier this week.

WSUS 3.0 and Office 2003 = No updates for you

If you are using Windows Server Update Services Version 3.0 or version 3.0 Service Pack 1, then the following might be important to you with the monthly security release for July only a week away.

How your cold explains network intrusion

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

The Thermocline of Truth

Business consultants and analysts use a range of models and analogies to explain and describe complex concepts in a manner that is understandable by their audience. Sometimes they fail, quite spectacularly, and sometimes there comes along a new way of encapsulating difficult concepts. One such approach is Bruce Webster's "Thermocline of Truth".

EU struggles with diversifying technology

In the immortal words of the Young Ones "[A] social conscience is like a garden shed. If you try to eat it, it will stick in your throat!". At least that is the lesson that the EU seems to be learning [1] in its efforts to promote greater competition in the technology industry as it tries to implement the use of alternate (to Microsoft) office software and operating systems that adhere to open standards.

Chinese financial systems begin hardening

China's financial markets have paralleled the rapid growth and development of the country and for a time were regarded as something of a 'Wild West' environment, where the risks were significant but the rewards were immense. Rapid growth in cities like Shanghai and the handover of Hong Kong and Macau have provided ample opportunities for investment and the development of a form of capitalist communism has created an environment where the potential rewards seemed to justify the risk.

Assessing the long term survival of social networking sites

Recent reporting on funding received by business social networking site LinkedIn has speculated that the site is worth just over US$1 billion, based on a 5% stake that several equity firms recently took for US$53 million. The equity firms would be looking to recoup significant returns on their investments, so their internal valuation of the site would be much higher than the current billion dollar valuation.

Online poker cheating demonstrates insider risk

When determining the risk to a system and the data stored on it, insider threats are generally regarded as lower risk. Despite the complete access (high risk) that insiders generally have, most of the time insiders are trusted agents (very low risk) on the network. When it breaks down, it can break down in a catastrophic manner, especially if there is money at stake.

When weak web security can expose medical records

With recent reporting showing the ineffectiveness of breach disclosure laws on the rate and scope of data losses, what sort of teeth will HIPAA and similar laws have when electronic health records are compromised in similar numbers and scope.