Stories by Carl Jongsma

Is data loss compensation unfair?

A well known Information Security researcher who is best known for his recent work in collating and archiving reports of the often-inextricably linked forerunner to identity theft, data loss, has recently spoken out against the seemingly poor standard of compensation generally offered by the affected companies to their consumers.

When System Updates can kill

Information security experts have been steadily increasing their awareness and concern over the risks associated with poorly managed Serial Control and Data Acquisition systems (SCADA), normally used to control and manage public utilities, such as sewage, power, water, and other electronic interfaces to engineered systems.

Surprise ARP Attack Draws Attention

It isn't often that old hacking methods make significant news, but an ARP attack received widespread attention earlier this week, more so for the perceived target, than for the actual attack itself.

Indian outsourcer steals client data, sells to competitors

The Times of India recently reported a case that will strike fear into the hearts and minds of information security specialists and C-level executives that support and promote the use of outsourcing for company processes and operations.

How not to solve the Disclosure Dilemma

Following TJX's major loss of credit card data last year, the company implemented a series of internal changes that were meant to make it more difficult for theft to take place again in the future. The only problem was that the implementation was not exactly ideal and at least one TJX employee identified this and made an effort to report the situation internally. When faced with no response from the company, he chose to release the information publicly.

Silence of top security voices a cause for concern

Remaining platform and technology agnostic in Information Security is a progressively more difficult task as people and companies develop the skills and abilities to form professional fee-based relationships with the vendors that they previously reported about.

First came the Zip Bomb, now comes the PDF Bomb

A Zip Bomb is a small Zip file that exploits capabilities of compression algorithms and settings to expand into a file or set of files that consume system resources to the point of system unusability. Didier Stevens, continuing his recent work in finding interesting sections of the PDF data scheme, has described techniques for the PDF equivalent of the Zip bomb, or a PDF Bomb.

When selling snake oil catches up with you

Recent reporting from AP and The Charleston Gazette demonstrates that selling snake oil will eventually catch up with you. LifeLock, an identity theft protection company based in Arizona, is facing a class-action lawsuit alleging that their services are 'inept' at preventing identity theft from taking place.

This Site is Safe from Hackers. Is it really?

Antivirus and antimalware developers have been in the spotlight for the last month or so and have been the focus of malware developers for much longer over the plan to run the Race to Zero contest at this year's DefCon in Las Vegas. Now, it might be the turn of companies that produce and promote 'This Site is Safe from Hackers'-style certification and coverage for their clients to share the spotlight.

Hackers compromise Red Cross earthquake relief site

Hurricane Katrina proved a fertile ground for fraudsters to scam money off those willing to help the needy. Now the China earthquake has bred a new variant of the morally reprehensible, with donated funds being siphoned off one charity site.

How to avoid the Debian SSH key attacks

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

Recovering PDF redaction

Unintentional exposure of sensitive data through Word files is a has caused problems for companies in the past, especially when people forget that Track Changes can easily allow document recipients to view information that has been deleted or sanitised for release.

Breaking Google's audio CAPTCHA

Recent research is suggesting that Google's audio capture is the latest in a string of CAPTCHA's to have been defeated by software.