Friday, January 02, 2009

How to crack online banking

It's time to check your bank if you are banking online. With a bit of bad luck, it isn't safe anymore. Last week I ran into an article on Dutch Tech Magazine Emerce on a security breach in SSL.

SSL Certificate Security Breach

To most people, SSL sounds like a privacy guarantee on the web. Sites like webshops and banks have a secure connection to the internet and have an SSL certificate issued by a CA (Certification Authority) like Verisign or DigiNotar. Hoewever, a team of researchers from the Dutch University of Eindhoven, the CWI (Center of Mathematics and Computer Science), EPEL in Switzerland and independent researchers from California have discovered how to crack the code. They discovered

...that one of the standard cryptographic algorithms, which is used to check digital certificates is subject to abuse. The algorithm in question is the MD5 algorithm. Malicious persons may create a file with a digital signature which is trusted by all major web browsers. The researchers made this use of advanced mathematics and a cluster of more than two hundred game computers.

and

The researchers discovered the security breach which, in combination with the known KAMINSKY vulnerability in the Domain Name System (DNS), can make it difficult to detect phishing attacks.

Crunching Fortis all the way.

In short, if your bank uses an MD5 based SSL certificate, your privacy may be compromised. A quick survey of the methods used by Dutch banks learns that most of them already use the SHA encryption. One of the few exceptions is the troubled Fortis Bank. Fortis is going to a lot of bad weather ever since the acquired (part of) the ABN Amro bank. They were the first Dutch bank to get in trouble due to the credit crunch and the Dutch and Belgian parts have been separated, the Dutch part being taken over by the Dutch Government. They also had to settle for nearly a billion dollar in the Dutch mortgage scandal and also lost about a billion in the Madoff fraud.

MD5 and SHA algorithms

To most of the digitally educated it has been clear for some time that the MD5 encryption in passwords for instance isn't the best practise on the web anymore and have moved over to the more secure SHA-2 and the upcoming SHA-3 encryption algorithms.

  • Read the original Emerce article in Dutch here.
  • Read the Google translation here.

Labels: , , , , , ,

Privacy and Social Networks

It's been quiet on the MindBlizzard blog during the past two weeks. I've enjoyed the holiday season and spent some time with the family skating and stuff. That doesn't mean nothing interesting has happened during the past weeks though.

Let me start off with wishing you all the best for 2009. I hope you'll have fun on the web.

One of the things I just ran into was a video of the Office of the Privacy Commisioner of Canada which made an excellent video about Privacy and Social Networks and shows that harvesting of personal data keeps going on and on...

A couple of great thoughts about this video have been put up by Digital ID Coach Judi,

Coaching moment: There are two sides to this problem. On one side are the account holders of these social networking sites. They are busy disclosing their interests, connections, and lives. These account holders may not realize that they are being mapped and sold out to the extent that they are. Perhaps they think it’s ok.

On the other side are the businesses that run these sites. They have Terms of Service (TOS) contracts that account holders agree to, whether they read the terms or not. The businesses engage in harvesting and selling practices that benefit their bottom line. (Would you expect anything less? They are businesses, and this is one way that it’s done.) The problem is that the buying and selling of account holder data is not transparent to the account holders.

Read the full article here.

Labels: , , ,

Tuesday, March 11, 2008

Immersive Shopping at Weltbild.de

Purely by accident I landed on a sim called 'Weltbild'. Not only the name is German, also the style of the build: A surplus of white. Every German build in Second Life seems to display an absense of color. A color which is used as support-color for the build is a deep red, a combination which reminded me of the Avastar build.

The island is owned by the Weltbild Publishing Group, which is a major German publisher and media retailer, owned by the dioceses of the Roman Catholic Church of Germany, based in Augsburg (see also Augsburg in SL) and now in Second Life as well.

"As of 2006, Weltbild claims to be Germany's largest media and mail-order company, with a market share of ten percent. It also says it is No. 2 among online book retailers (presumably after Amazon.de). Weltbild employs some 4,500
employees and has a revenue of 1,4 billion EUR. According to the enterprise, some 5,5 million customers in the German-speaking countries buy Weltbild books by mail order, in one of the 300 Weltbild shops or over the Internet. Its
mail-order catalogue has a print run of four million.".
(Wikipedia)

The island is another tropical beach setting, like many builds from the rainy North-European continent, today I don't mind however. The weather outside is indeed shitty and I can use some sunshine.




The Avastar association is perhaps more than coincidental, as the islands auditorium is showing a movie auditioning contest in cohoots with the Avastar newspaper.

The main venue of the island consists of three shops:

  1. Film
  2. Books
  3. Music

The thing I like about these shops is that they're not only plain links to the Weltbild website, but also offer trailers you can watch with your friends so it really is a first step towards immersive shopping.


Immersive movies:



Despite my prejudice about German builds I like the quality of the build. There are a few unnecessary things, like a telescope pointing to nowhere and a totally lost 3D tetris game though.




I wonder if the build will be revamped with the new html-on-a-prim technology, making direct interaction with their webshop possible.


SLURL: http://slurl.com/secondlife/Weltbild/128/128/0

Labels: , , , , , , ,

Thursday, October 11, 2007

Sibley's Keynote

I already blogged a few things that came by during today's convention sessions, but here's some more on the Keynotes.


The convention kick-off was presented by Sibley Verbeck, CEO of the Electric Sheep Company. Now everybody was exited about this CSI thing, but Sibley also said a few other noteworthy things.


He started with an overview of the industry. Here's a few pointers:


  • Lots of Virtual Worlds focus on special agegroups

  • Teen worlds are currently the most successfull when it comes to business returns.

  • We're still early in the game, but there are already some breakthrough sucesses.

  • Teen worlds are going to see brutal competition in the next year and a half.

  • Because of this competition and success, teenworlds are the spots where the innovation will be.

  • One businessmodel comes to taking existing teen communities and communications and add virtual components and value.

  • Other models will be build around sponshorship and advertisement

  • I'm missing VW's that take all and incorporate profiling and stuff.

  • In adult spaces a lot of technology has been developed, yet it's lagging in innovation.

  • In 5 to 10 years from now there will be more e-commerce in Virtual Worlds than on the World Wide Web.

Labels: , , , , , ,