Privacy Blog

According to the reports of Onlinekosten.de and Gulli.com there appeared a new tendency, according to which users are able to look for information about themselves (which is not be bad at all), but also for other users with the help of the Internet search sites. Some companies have already recognized the trend and even offer different services. Finally the users get combined information from different sources in one file. These services provide with the information from legal sources but still the development in itself is not very positive.
As an example of the dangerous development, I want to name the rising popularity of online gaming platforms. Just imagine, 3 friends together buy a game on such a platform and play the game alternately, depending on whether one or the other has the time for playing. This is perfectly feasible, since only the simultaneous games is not possible. Then one of the friends apply for a job at a large company Xxxx Ltd. The company orders an external service provider to find out the information about the candidate. The service provider is looking for different social networks like BlablaVZ and by the way buys some information about the game behavior of the person in the on-line gaming platform XY (has anyone already read the licenses, which you agree in order to join such a platform?). The problem is that according to the information of the game platform the user was playing about 30 hours a week the “evil Killer”. But it is not truth, because the user has shared his account with 2 other friends, but from the employer perspective viewed that is a reason for rejection of the candidate. The example is quite realistic and can be applied for other cases too.

Heise.de with the reference to Spiegel Online reports that the government begin soon the first tests of the new nude scanners in Germany. It was unexpected for me.
In a previous article about nude scanner Heise.de reported that the SPD, Greens and the Left were against nudity scanner and I thought that this technology will not be used in Germany. But in this article only the Green and Left parties are noted. And what is with the SPD? Did they change their opinion or how I should understand that? Lately, I sadly noted that citizens’ interests will be respected and defended only by the small parties, others have already the power and now they try to defend their own interests, but not the interests of the citizens. Secondly, I do not understand how this technoligy could be approved for the test, if almost all politicians say that they are not aggrieve to use nude scanners. Who should want to use the scanners, if all politicians are against them? It looks more likely that some politicians promise some things but they do nothing to make all their promises to be real. That is the same thing, like „Vorratdatenspeicherung-Gesetz“ (data retention low). A lot of politicians said then, they would never admit for this low, but in reality they made this.

“Online shop for fraudsters” is a very interesting article about modern development of Internet crime, published today in the Spiegel.
The article is about that the cyber crime is already at industrial level. According to Spiegel, there are online shops, where potential fraudsters have a possibility to buy the stolen data for quite symbolic sum. Some vendors offer some kind of warriantee, so if the data are not up to date any more, they would replace it.
Apart from the theft of data in the Internet is often practiced so-called skimming. When skimming the fraudsters steal the data of bank customers by using special devices that manipulate ATMs. Those deviced will be attached to an ATM. It is a specific machine card reader that is hard to detect. These devices allow a fraudster to read and copy all cards in the ATMs. The pure copy (clone) an EC is not enough for the bank card fraudsters. He must also get the PIN. This will be done often with the help of a hidden video camera.
In most cases, the stolen money will be refunded by the bank, but not always. Especially you get to feel the problem when your EC-card information is stolen and then somebody steals your money.
This issue is highly topical. I therefore would like to point out how important it is to protect private data. Be it on the Internet or in private life.

When I read this message, I could not imagine that it is possible that a commercial organization like Microsoft, make backdoors in its own software, and offers programs to crack the system. They claim that the spy software is only for the government investigators, but I am 100% sure that at the time of no more than a few months, this software will be going into the wrong hands. The P2P-Software, as well as relevant underground sites will distribute it for free to everyone. And I currently see no way how to resolve the problem, unless you encrypt the entire of your disk with TrueCrypt.
Incidentally, I tried the tool already on my hard drive. I encrypted completely. I choose, as recommended a password that is longer then 20 characters, with special characters, small and large letters and numbers. Of course I don’t saved the password and created the rescue disk only as an image. It makes no sense to keep such things because of security reasons. Not that I have some special to hide, I’m just a technology freak and that’s why I do this.
Well, after a few days I forgot my password …
Actually, I thought, I have no other choice but to format the hard disk and forget about my photos (most important thing I save on the disk). I decided to wait some time with the formatting, a decision correct, because after a few weeks, I remembered my password. I noticed me a crib, so I can not forget the password, but I forgot the order of large and small letters in it.
Yesterday, when I read the above message, I thought to encrypt the hard disk of my notebook. This time I decided to wait and backup my data, before I beginn with the encryption.
The other possibility to avoid this security problem is more radically. We should switch to Linux. This decision is for some people even more difficult to take because the skills are simply not there and it is still often happens that we need specific software. This applies as for companies, as well as for individual users. WINE The project makes great progress already, but it will be very difficult for the developers, to make the project always up to date. As an example, I cantake the Photoshop. I have a student license for Photoshop CS3 acquired WINE supports only the previous version of Photoshop – CS2. The individual plug-ins that I have with Photoshop using, I can simply forget.
The final is – Microsoft made a real problem, both for customers, as well as for their own image. There is now any perfect solution for this security problem at this time.

Yesterday I read some interesting story about Russian hackers that developed a Trojan horse for attacking consumers of German banks. This software modifies the source code of bank site in browser so that if the consumer tries to make a transaction, he receives an error. The error message tells that the TAN that consumer just entered is not valid and he must try again.

After that the transaction will be executed without any problems. But the first TAN that was not valid will be transferred to criminal.

This security leak was already closed, but I thought that it’s the right time to change my online banking with TAN-method into mTAN. I entered my mobile phone number and approved it. Than I had 2 possibilities, I could print the order and send it via fax, or I could call a special number and approve my order at this way. I don’t have any fax, that’s why I decided to call the number. At telephone I was prompted to enter my bank account number and PIN and after that I was informed that I could not be validated and the once way that I can activate mTan is to print the order and send it via post.

Is it accident? I hope that the hackers are not able (yet) to trick a service number of the banks )