Stories by Carl Jongsma

  • Strange account management at Amazon

    Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

  • Are international standards organisations no longer incorruptible?

    For the last several months Microsoft has been pushing for their Office Open XML (OOXML) office suite file specification to be accepted as an international standard by ISO, presumably to help them gain traction for future government contracts (look, this file specification is an ISO standard, it must be good).

  • Upcoming PHP 5.3 beefs up security

    PHP security guru Stefan Esser recently posted on some of the changes and important security issues that are likely to have significant effects for the everyday PHP coder (and user) with the release of the upcoming PHP 5.3.

  • Who is behind that Gmail account?

    Who is the real identity behind that Gmail account? While finding out may not be as easy as knowing who is behind (Homer Simpson, for the curious), it apparently isn't much harder.

  • The mobile Internet you'll be using in 10 years

    After being plagued with project overruns and a scaling back of the final system, the US military's next generation satellite communications network is another step closer to reality, with completion of the payload module for the third and final Advanced Extremely High Frequency (EHF) satellite.

  • Sarah Palin demonstrates the peril of webmail

    If you needed any more reminders about why it isn't a good idea to use external mail services to conduct critical business, the recent break-in to US Republican Vice-Presidential candidate Sarah Palin's Yahoo inbox should be it. Of note is that following the disclosure of the inboxes the compromised address and another address,, have been suspended.

  • Due diligence works, onenote patch reveals

    Last week Microsoft released MS08-055 [1], patching a remote code execution vulnerability affecting the handling of onenote:// URLs in different versions of Office. What was surprising about the patch is that the vulnerability being fixed only bore a passing resemblance to the one that was notified to Microsoft in March of this year.

  • Wider implications of the Red Hat breach

    Reports of data losses and system breaches are almost becoming passe but from time to time events happen that take on a life of their own and have effects far beyond what the initial breach would normally represent.

  • Internet Explorer 8's XSS Filter examined

    Microsoft's Security Vulnerability Research & Defense team (SVRD) have recently posted information online about the Cross Site Scripting (XSS) filter to be incorporated into Internet Explorer 8 when it is released.

  • New attack against multiple encryption functions

    Unless you're a dyed in the wool cryptographic geek you probably didn't know that there was a Crypto conference, or even a chain of worldwide crypto conferences that take place each year. Fortunately, for the most of us that aren't crypto geeks there are a handful of very highly skilled people who are; they can take the highly theoretical and complex mathematical proofs and arguments that make up most of modern cryptographic and cryptanalytic research and put it into plain language.

  • Online vandalism does not equal cyberwar

    Without getting into the argument of who is right in a five-sided conflict (South Ossetia, Georgia, Russia, Abkhazia, and the various external groups and individuals who are motivated enough to be involved), interesting conclusions can be drawn from what is happening online and also how those events are being reported upon.

  • PHP 4 is dead, long live PHP 4

    For a technology that has been in stable release since May 22, 2000, PHP 4 has finally reached the end of its official life. With the release of PHP 4.4.9, official support has ended and the final security patch for the platform issued.

  • VX Groups a dying breed, but they wont be missed

    Microsoft's Malware Protection Center has picked up on some positive news that comes at a time when online threats are apparently increasing without limit. According to the MMPC's blog, there have been two VX (Virus writing and sharing) groups to have shut down in a very short period of time, seemingly without any external pressure. According to the post, there is really only one active group remaining, something which would have seemed far fetched not even a decade ago.

  • Microsoft to share vulnerability data. Will you be rocked?

    Microsoft's impending announcement at Black Hat on the 7th of this month, titled "Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World", being delivered by some of the best security names inside Microsoft, has already gained the attention of many in the wider community.