November 3, 2012

DigiNotar hacker came in through front door

Filed under: IT by Branko Collin @ 4:28 pm

In 2011 Dutch web certificate company DigiNotar was compromised completely by an Iranian hacker, and a report released this week details how it was done.

The report, written by security auditors Fox-IT and published by the state last Monday, shows that the hacker managed to get access to Diginotar’s public website, which had already been hacked in 2009. In fact, the defacements from that year were still online when the hack was discovered in August 2011, security.nl reported at the time.

According to Webwereld, Fox-IT’s report reads like a how-to for pwning a badly secured system. The hacker installed a shell on the web server, which must have been easy to do, as the still online defacements showed the way. DigiNotar had a firewall between its public network (which it called the Demilitarised Zone) and its segmented internal network, but it also had a long list of exceptions in the firewall. The certificate servers were also attached to the office network of DigiNotar, so that the hacker could use the standard MS Windows Remote Desktop tool to create false certificates.

Just another day at the office for an experienced black hat hacker.

Techworld reports that the DigiNotar hack was mainly used to attack Gmail users in Iran. DigiNotar declared bankruptcy in September 2011. The company’s certificates were heavily relied upon by the Dutch government, but also by Google.

Web certificates are a means to tell your browser that the website you are visiting real is the website it claims to be. This is useful for online banking and so on.

Tags: , , , , , ,

March 11, 2012

Vote for the pretty girl behind the anchor

Filed under: Shows,Technology by Branko Collin @ 11:51 am

Three friends from the Eindhoven University of Technology run a website to crowd source the detection of pretty girls behind popular TV anchor Matthijs van Nieuwkerk.

The interface to hetmeisjeachtermatthijs.nl is very simple. It presents you with a screenshot of last night’s episode of talk show De Wereld Draait Door, covered in squares that any visitor can click on. Just click the square that covers the pretty girl, in your opinion, and your vote is recorded.

According to Bright, the site has been up for about 18 months, and drew 10,000 visitors last year.

“Part of the fun”, founder Teun Vinken told the tech site, “is that the girls are blurry. Half the time you cannot even be sure they are really that pretty.”

Screenshot: hetmeisjeachtermatthijs.nl.

Tags: , , ,

November 11, 2008

Musician ‘fined’ by social networking site, possibly for faulty grammar

Filed under: General,Music,Online by Branko Collin @ 9:17 am

An unnamed musician got fined recently by a social networking site (Muzikanten-in-jouw-stad, Musicians in your city) after she had aborted the registration process, according to a report by Volkskrant blogger Satuka. Though the site’s administrators would not tell the musician what the fine was for, they did present her with a list of finable offenses, among which:

  • Posting meaningless texts and random characters
  • Using bad grammar
  • Using something other than the local language

Muzikanten-in-jouw-stad presents itself as the online meeting place for local musicians, but Satuka’s blog entry suggests it’s mostly a place for extracting hard-earned cash from those unlucky enough to register. Last week she wrote that a friend was fined 10 euro after not finishing her registration. The friend had gotten tired of the large number of obligatory fields on the sign-up form, and had started to enter non-sensical texts. When the site told her—still during the “free” sign-up process—to call an 0900 number and record some demo music for the mere sum of 40 euro, the friend decided to abort.

As a result she received an e-mail “a little while later” (Satuka’s entry is nothing if not vague), which claimed that she had violated the site’s General Terms & Conditions and that she therefore had to pay a ten 10 fine.

Law blogger Arnoud Engelfriet has this to say about this case:

  • You should send a reminder before you fine people, not during,
  • If you want to fine people you should not leave any mention of fines out of the T&C, and
  • The T&C are invalid in their entirety because they are presented in a pop-up window without the possibility of saving the T&C to a local medium.

I’d like to add that the musician never finished the registration process, so you have to wonder what legal obligations she has towards the site. I’d guess none, but IANAL. Also, I was told by reputable legal scholars that only courts can impose fines. Engelfriet suggests Satuka’s friend tell the networking blog to take a long walk off a short pier, though in politer and legally binding terms.

Today’s special rich creamy irony sauce: the letter that claims the social networking site can fine you for bad grammar is full of, yes, you guessed right, examples.

(Photo by Tomascastelazo, some rights reserved.)

Tags: , , , , ,