January 26, 2013

Art thieves wanted to burn Monet, Picasso

Filed under: Art by Branko Collin @ 11:49 am

The thieves that stole seven paintings from the Kunsthal museum in Rotterdam last October considered burning the art, Rheinische Post reports.

The German newspaper says that Romanian detectives overheard a phone conversation in which the suspects discussed getting rid of the paintings. The suspects were unable to find buyers and presumably wanted to clear any traces that would lead to them.

It is not known whether the suspects managed to put their plan into action. Romanian broadcaster Antenna 3 claimed that two of the seven paintings had been found, but Dutch police was unable to confirm this, NRC reports. Last Monday three suspects were arrested in Bucharest.

The Kunsthal theft made headlines because the security system was laughably easy to break. The entire theft took no more than two minutes, Business Week reported back then.

The missing paintings are;

  • Tête d’Arlequin by Pablo Picasso.
  • Waterloo Bridge, London by Claude Monet.
  • Charing Cross Bridge, London by Claude Monet.
  • La Liseuse en Blanc et Jaune by Henri Matisse.
  • Femme Devant une Fenêtre Ouverte, dite la Fiancée by Paul Gauguin
  • Autoportrait by Meyer de Haan.
  • Woman with Eyes Closed by Lucian Freud.

(Illustration: Charing Cross Bridge by Claude Monet. Source: politie.nl)

Tags: , , , , , , , , , ,

November 3, 2012

DigiNotar hacker came in through front door

Filed under: IT by Branko Collin @ 4:28 pm

In 2011 Dutch web certificate company DigiNotar was compromised completely by an Iranian hacker, and a report released this week details how it was done.

The report, written by security auditors Fox-IT and published by the state last Monday, shows that the hacker managed to get access to Diginotar’s public website, which had already been hacked in 2009. In fact, the defacements from that year were still online when the hack was discovered in August 2011, security.nl reported at the time.

According to Webwereld, Fox-IT’s report reads like a how-to for pwning a badly secured system. The hacker installed a shell on the web server, which must have been easy to do, as the still online defacements showed the way. DigiNotar had a firewall between its public network (which it called the Demilitarised Zone) and its segmented internal network, but it also had a long list of exceptions in the firewall. The certificate servers were also attached to the office network of DigiNotar, so that the hacker could use the standard MS Windows Remote Desktop tool to create false certificates.

Just another day at the office for an experienced black hat hacker.

Techworld reports that the DigiNotar hack was mainly used to attack Gmail users in Iran. DigiNotar declared bankruptcy in September 2011. The company’s certificates were heavily relied upon by the Dutch government, but also by Google.

Web certificates are a means to tell your browser that the website you are visiting real is the website it claims to be. This is useful for online banking and so on.

Tags: , , , , , ,

August 25, 2012

The least safe PIN is 2580

Filed under: Technology by Branko Collin @ 1:04 pm

Two students of the Eindhoven University of Technology have discovered that the least safe code for your bank card (PIN) is 2580.

They did this by estimating which hand movements are easiest to observe, then calculating the amount of fits for each series of movements. The PIN 2580 on a grid that consists of the rows 123, 456, 789 and x0x requires a continuous downward motion of the hand, and is the only code possible for that series of movements. A bad actor should be able to guess that PIN 100% of the time.

Eindhoven Dichtbij reports that 292 codes can be guessed in three goes after observing hand movements. This also produces a 100% success rate, assuming the bad actors get three attempts before access is blocked. Codes that are relatively safe require lots of back and forth movements. The code 1959 belongs to the same set of hand movements as 105 other PINs.

I wonder if making fake movements would help against PIN thieves?

The students, Anne Eggels and Aukje Boef, also considered other ways of hacking PINs:

  • Dabbing the keys in salts, and measuring which salts were gone after use of the keypad—especially useful for PINs in which the same key is used more than once.*
  • Camera surveillance.
  • Observing wear and tear of keys—useful in locations where the same PIN is shared my most users, such as nursing home wards.

Aukje Boef has a telling name by the way, as her last name means ‘crook’ in Dutch.

Update: found an article from last year that claims 2580 is the third most used PIN.

*) This is an old trick that I was aware of. To this day paranoid me wipes all keys with his fingers after entering a code.

(Photo by Flickr user Redspotted, some rights reserved. Link: Bright.)

Tags: , , , , ,

September 19, 2009

Lock picking increasingly popular hobby

Filed under: Sports,Technology by Branko Collin @ 10:49 am

The New York Times has an article (behind a pay-wall) about lock picking as a hobby almost exclusive to Germany and the Netherlands, and about Toool, The Open Organization of Lockpickers, which …

[…] is dedicated to picking locks for fun. The movement has been growing over the last five years, with a chapter now in Eindhoven, in the east of the country, and foreign branches in several places, including Germany and the United States.

[…] Its members see lock picking as a sport and organize annual competitions, a sort of Olympics of lock picking, at which entrants compete in various categories — padlocks, mechanical locks and freestyle, in which contestants confront a variety of locks with any tools they choose, as long as they do not damage the lock. The next tournament will be held in May in Istanbul.

At the hacker camps I attended the past 12 years, there always was a lock picking tent (where for some reason you had to take your shoes off, as if visiting a temple or Canadians), but I never imagined that what they were doing there was such a local hobby. According to the NYT, lock picking as a sport was invented by Steffen Wernéry of Germany, who in 1997 started the Sportsfreunde der Sperrtechnik club. The difference between the Dutch and German lock pickers is apparently that the former, in good security tradition, share their secrets with the lock makers.

(Photo of Kevin Mitnick‘s business card by Nathan Yergler, some rights reserved.)

Tags: , , , , ,

August 25, 2008

Warm welcome for Olympic athletes in 1928 stadium

Filed under: Shows,Sports by Branko Collin @ 7:00 pm

The Olympic athletes arrived home today, and they were given a warm welcome at the 1928 Olympic stadium in Amsterdam. I live right around the corner, and decided to take my crummy old digital camera there. As luck would have it, the organizers had decided that the athletes would enter through the front gate, where there is ample opportunity for non-accredited press (i.e. l’il ole me) to climb onto flowerbeds and the pedestals of pompous statues.

Below you see Anky van Grunsven (gold, dressage) being interviewed by famous sports presenter Tom Egberts. It was very hard to get a photo of her not grinning like a maniac, but here she had to be serious for a moment. She was one of the first there, and being a gold medal winner had to wait until the end to enter the stadium, and she was all smiles all the time.

More below the fold…

(more…)

Tags: , , , , , , , , ,

January 4, 2008

Push-up bras hinder probation work

Filed under: Weird by Orangemaster @ 8:00 am
bra1.jpg

Push-up bras are currently at the centre of a huge conflict for probation employees in the Den Bosch region and the Penitentiaire Inrichting (PI)(prison) in Grave, Noord-Brabant. Nobody can come into the prison as long as the detection ports peep. Metal objects that cause the peeping have to be removed. You all see where this is going – push-up bras make the detection ports go ‘peep peep’, which stops female probation employees from doing their work by going into the prison to prepare reports. They also refuse to take off their bras or change bras just to be able to do their work. Security refuses to let them in and so the women are pretty pissed off and aren’t getting work that needs to be done in the short term to the detriment of prisoners. The ports are not an issue anywhere else in the Netherlands. The worst case scenario is to send only men. Why isn’t anyone talking about getting them fixed? Seems pretty obvious what has to be done.

(Link: waarmaarraar.nl)

Tags: , ,