The Quiet Earth - local

PCs mit Dreien, Vieren oder eventuell Fünfen?

nospam@example.com (Axel Eble) — Thu, 11 Dec 2008 13:24:41 +0100

Ohne Worte.

Reisebüro

nospam@example.com (Axel Eble) — Thu, 11 Dec 2008 11:43:56 +0100

Abends in Freiburg kommt man gelegentlich an Reisebüros vorbei. Diese haben häufiger auch große Flatscreens als Werbeträger im Schaufenster.
Continue reading "Reisebüro"

BarCamp Freiburg: Security Metrics

nospam@example.com (Axel Eble) — Tue, 04 Dec 2007 21:54:27 +0100

Well, it's been on my mind for quite a while to set up some sort of security meeting in the area.

It should have something to do with security and I want to learn something through it as well.

Over at JollyOrc I got intrigued by the idea of a barcamp and, what can I say: the three items seem to match up nicely.

We've been over the issue of security metrics time and time again in many different places and in many different company - without any meaningful result so far. I think it's time for a get-together and a discussion about what metrics make sense in what context.

The format of a BarCamp seems to be ideally suited for exactly that: a get-together of like-minded people with different backgrounds working on the same topic.

I'm sure the location could be provided, maybe even by my company.

Democracy, Freedom and the Internet.

nospam@example.com (Axel Eble) — Fri, 12 Jan 2007 12:59:04 +0100

The German District Attorney of Halle has urged the Credit Card Industry to screen all 20-22 million German credit cards for transactions along some criteria - without having an initial suspicion of any criminal behaviour. Any such screening and searching is only legal through a warrant. Now there are two immediate scandals obvious:

the District Attorney had no warrant whatsoever, but they threatened the credit card companies that non-compliance would be illegal and punishable

the credit card companies' lawyers obviously didn't care to think this would be illegal and complied.

It almost comes as no surprise that the Police Union says that illegal means in investigations are fine to get results.

What it was all about? Child pornography. Which, according to German Law, is about in the same category as Wilful Damage to Property (which would almost be a joke in itself if it wasn't so sad). The screening of the 20 million German credit cards yielded 322 suspects.

Udo Vetter wants to have a court state if the District Attorney's action was legal or not.

I'm wondering what our current government will try next.

German Government plans a Federal Trojan

nospam@example.com (Axel Eble) — Fri, 12 Jan 2007 10:16:43 +0100

The German Federal Government plans to have a Trojan created to ~~spy on its citizens~~ help the law enforcement agencies in their investigations.

Currently the legality of this plan is under scrutiny (the first try to get an "online search" done was stopped as illegal by a judge), but the government is not afraid to tout that they will create the legal grounds for it if necessary.

Heise has published more information, among them the factoid that two programmers will be hired to write the trojan and that the development should not cost more than 200,000 € in total.

The brazenness of this idea is astounding (not to mention dumbfounding) - not to mention that they will have a hard time against people with at least some security skill.

Oh well, it's always good to see perfectly good tax money go down the drain.

The Quest to Shutdown A Credit Card Fraud Site

nospam@example.com (Axel Eble) — Mon, 07 Aug 2006 12:54:27 +0200

In Viruslist.com - Analytiker-Tagebuch (German only) a Kaspersky Labs technician describes how they found a Russian web site hosting data of about 300 credit cards, some with only basic information, some with deluxe information like ATM PIN, email address and phone number of the owner.

Kaspersky labs then called the Bundeskriminalamt , the German Federal police - to no avail. All three people they were named as responsible for this sort of information were already gone for the weekend. The same at the State police authorities. What is really scary is the fact that they didn't reach anybody from MasterCard or VISA, both. The hotline for lost cards wanted to know the credit card number of the calling party. Ouch.

Well, Kaspersky is not without resources. They finally contacted their US branch office which in turn got in contact with the FBI - and the Russian headquarters took care of shutting the site down.

I'm curious if this experience will change something at the German police institutions. However, I really doubt it.

SLAs are news items nowadays

nospam@example.com (Axel Eble) — Mon, 03 May 2004 15:17:19 +0200

Microsoft unterst�tzt Bundesinnenministerium bei IT-Sicherheit is a news item stating that Microsoft will support the Bundesamt f�r Sicherheit in der Informationstechnik (BSI) in securing the operation of critical infrastructure (like TelCo or Electrical Power). The BSI is supposed to help operators of critical infrastructure in securing their information technology equipment.

It does sound like nothing more than a simple SLA about vulnerability information, even more so since they don't want to publish the nature of the information that Microsoft will share.

Anyone willing to bet that it's nothing more than a simple information service about vulnerabilities?