Stories by: Carl Jongsma

There has been a lot of speculation devoted to the impending release of information about a DNS vulnerability discovered and initially announced by Dan Kaminsky almost two weeks ago. A lot of the coverage has been back and forth arguing about whether what has been discovered is relevant or not but the best thing to have done in the intervening period is to have sat on your hands and waited.

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

Outsourcing of critical business components to third parties has been a trend for a number of years and it has been something that Information Security personnel have been concerned about from the start, particularly due to the risk posed by having sensitive company data in a remote location that is outside the control of the company.

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

In South Korea, email might be only for old people, as the Slashdot meme suggests, but the Korean government is taking a very progressive and interesting approach to helping the less privileged to improve their Information Security position.

One of the first commercial Linux distributions aimed at the average computer user, Linspire, has just been sold to Xandros and undergone a name change to Digital Cornerstone. Xandros may not be very commonly known, but it is the distro being used by Asus on the EeePC.

Information Security can sometimes be a funny field to work in. Some days it seems as if anybody with their hands on unpublished exploit code can sell it for all they're worth, and others it seems that they are set to become the target of law enforcement and the companies the code affects. It does help if you don't work for one of the companies that is set to be affected by the exploits you are trying to sell and aren't trying to bootstrap a competing company in the process.

The US Air Force's Cyber Command might have some competition on its hands, this time from a sister service, with the official activation of the US Army's Network Warfare Battalion earlier this week.

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

If you are using Windows Server Update Services Version 3.0 or version 3.0 Service Pack 1, then the following might be important to you with the monthly security release for July only a week away.

Business consultants and analysts use a range of models and analogies to explain and describe complex concepts in a manner that is understandable by their audience. Sometimes they fail, quite spectacularly, and sometimes there comes along a new way of encapsulating difficult concepts. One such approach is Bruce Webster's "Thermocline of Truth".