Privacy Blog

There is the case of the screaming injustice happened recently for a joung man in the U.S., who published a short video on YouTube, where he was dancing to one of the copyright protected music title. The music was played in the background and was hardly to heard. Nevertheless, he got promptly a warning from the music industry. I believe that such behavior approach on the edge of the nonsense borders. Especially because the music was very quietly, and very short. The video was only 30 seconds long.
Fortunately the parents of the boy were not scared and decided to fight back. They were able to defend their rights and are ready to sue the music industry. As the mother of the boy says, she has really nothing to lose and she is supported by Electronic Frontier Foundation (EFF).
We can only hope that the courts take a wise decision to ensure the security of citizens from exploitation by profit sue-industry.
I believe that the music industry did not undertand that the sue of its own customers is a very bad idea. If you forward the own customers into prisons, you will have always falling sales, because you will lose you customers.

“Online shop for fraudsters” is a very interesting article about modern development of Internet crime, published today in the Spiegel.
The article is about that the cyber crime is already at industrial level. According to Spiegel, there are online shops, where potential fraudsters have a possibility to buy the stolen data for quite symbolic sum. Some vendors offer some kind of warriantee, so if the data are not up to date any more, they would replace it.
Apart from the theft of data in the Internet is often practiced so-called skimming. When skimming the fraudsters steal the data of bank customers by using special devices that manipulate ATMs. Those deviced will be attached to an ATM. It is a specific machine card reader that is hard to detect. These devices allow a fraudster to read and copy all cards in the ATMs. The pure copy (clone) an EC is not enough for the bank card fraudsters. He must also get the PIN. This will be done often with the help of a hidden video camera.
In most cases, the stolen money will be refunded by the bank, but not always. Especially you get to feel the problem when your EC-card information is stolen and then somebody steals your money.
This issue is highly topical. I therefore would like to point out how important it is to protect private data. Be it on the Internet or in private life.

When I read this message, I could not imagine that it is possible that a commercial organization like Microsoft, make backdoors in its own software, and offers programs to crack the system. They claim that the spy software is only for the government investigators, but I am 100% sure that at the time of no more than a few months, this software will be going into the wrong hands. The P2P-Software, as well as relevant underground sites will distribute it for free to everyone. And I currently see no way how to resolve the problem, unless you encrypt the entire of your disk with TrueCrypt.
Incidentally, I tried the tool already on my hard drive. I encrypted completely. I choose, as recommended a password that is longer then 20 characters, with special characters, small and large letters and numbers. Of course I don’t saved the password and created the rescue disk only as an image. It makes no sense to keep such things because of security reasons. Not that I have some special to hide, I’m just a technology freak and that’s why I do this.
Well, after a few days I forgot my password …
Actually, I thought, I have no other choice but to format the hard disk and forget about my photos (most important thing I save on the disk). I decided to wait some time with the formatting, a decision correct, because after a few weeks, I remembered my password. I noticed me a crib, so I can not forget the password, but I forgot the order of large and small letters in it.
Yesterday, when I read the above message, I thought to encrypt the hard disk of my notebook. This time I decided to wait and backup my data, before I beginn with the encryption.
The other possibility to avoid this security problem is more radically. We should switch to Linux. This decision is for some people even more difficult to take because the skills are simply not there and it is still often happens that we need specific software. This applies as for companies, as well as for individual users. WINE The project makes great progress already, but it will be very difficult for the developers, to make the project always up to date. As an example, I cantake the Photoshop. I have a student license for Photoshop CS3 acquired WINE supports only the previous version of Photoshop - CS2. The individual plug-ins that I have with Photoshop using, I can simply forget.
The final is - Microsoft made a real problem, both for customers, as well as for their own image. There is now any perfect solution for this security problem at this time.

Yesterday I read some interesting story about Russian hackers that developed a Trojan horse for attacking consumers of German banks. This software modifies the source code of bank site in browser so that if the consumer tries to make a transaction, he receives an error. The error message tells that the TAN that consumer just entered is not valid and he must try again.

After that the transaction will be executed without any problems. But the first TAN that was not valid will be transferred to criminal.

This security leak was already closed, but I thought that it’s the right time to change my online banking with TAN-method into mTAN. I entered my mobile phone number and approved it. Than I had 2 possibilities, I could print the order and send it via fax, or I could call a special number and approve my order at this way. I don’t have any fax, that’s why I decided to call the number. At telephone I was prompted to enter my bank account number and PIN and after that I was informed that I could not be validated and the once way that I can activate mTan is to print the order and send it via post.

Is it accident? I hope that the hackers are not able (yet) to trick a service number of the banks :))

I think that security is one of the most important themes in the internet. That’s why I permanent try to refresh and make my knowledge better. I use different sources such as HowTo’s, tutorials and more serious sources like books. The last book that I bought for this reason is Hacking Exposed. Network Security Secrets and Solutions

This book is really good. If you seeking knowledge, how to protect your system, this book is for you.