Skip to content

Category: Neuland

WSJ on Government Backdoors, intentional and unintentional

The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services.

the WSJ comments. This time the leak is an unintentional backdoor the NSA used to get onto devices. The NSA used the Vulnerabilities Equities Process to determine that ETERNALBLUE is burnt and informed Microsoft, which then promptly generated an urgent critical patch, which did not make it out to systems in the field fast enough.

There is little difference according to the WSJ between flaws being used as government backdoors, and intentional government backdoors, which may be detected and abused, or leaked. So this whole Wannacry(pt) thing is a very good example of what will happen with Government mandated backdoors in systems.

Leave a Comment

Rittal sends USB sticks that act as keyboards – as advertisement

Holger Köpke got a USB stick (article in German) that supposedly is from data center equipment maker Rittal, unsolicited, in the mail. Of course he did not plug it into a device, it could be anything.

He then (from his first comment in the same article) set up a test VM on a scratch device, inserted the USB stick there and the stick identified not as USB memory, but as a USB HID, a keyboard. Seemed that he was right not to trust it. Sends a mail to Rittal explaining them why he thinks this is dangerous, and asks if this is indeed legit.

Gets a response (another article in German), a letter as a PDF sent by email.

1 Comment

Handling Wannacrypt – a few words about technical debt

So Microsoft had a bug in their systems. Many of their sytems. For many years. That happens. People write code. These people write bugs

Microsoft over the years has become decently good with fixing bugs and rolling out upgrades, quickly. That’s apparently important, because we all are not good enough at not writing bugs. So if we cannot prevent them, we need to be able to fix them and then bring these fixes to the people. All of them.

The NSA found a bug. They called it ETERNALBLUE and they have been using it for many years to compromise systems.

In order to be able to continue doing that they kept the bug secret. That did not work. The bug is now MS17-010 or a whole list of CVE-entries.

The NSA told MS about the bug when they learned that it had leaked, but not before. Microsoft patched the bug in March 2017, even for systems as old as Windows XP (which lost all support in 2014), but many people did not install the patch.

The result is “the largest cyberattack in the world”.

8 Comments

One Cookie Popup? We demand Hundreds of them!

You can’t read any website anywhere in Europe without getting a completely useless “We too are using Cookies” overlay. This has been such a unmitigated success that there exists a separate “Kill all Cookie banners” category in every Adblocker available.

But, says the Article 29 group of European Privacy Commissioners, is by far not annoying enough, we can do worse. Consent cannot be given in general, you need to make this more specific.

That is, they demand hundreds of these overlays on each site (PDF).

Page 17 of that PDF:

The end-user must be able to give separate consent per  website or app for tracking for different purposes (such as social media sharing or advertising). […]

For both browsers and data controllers this means it would be invalid if they would only offer an option ‘to accept all cookies’, since this would not enable users to provide the required granular consent.

Right. How is this even practical.

8 Comments

Strong weak ties

A long time ago, I wrote a text on the German Blog and on Carta: Wieso wir uns veröffentlichen (Why we publish ourselves). In the middle of a discussion about privacy I was explaining why people publish themselves, why they publicly reveal (sometimes intimate) facts about themselves.

They are doing this, I wrote, to find other like-minded people, to become searchable and to become approachable, to build trust.

Trust is a wonderful thing. It is the powerful assumption that most people most of the time want to help you and that falsely trying out to trust people is a recoverable mistake. Having trust and being in a trustworthy environment keeps transactional costs low and makes cooperation possible. And that’s rewarding and awesome.

How does this work in practice?

Leave a Comment

“Breitband für alle” nominated for Bertelsmann Award

Breitband für alle provides FTTH in North Friesland, bluer is better

Because FTTH is a problem in Neuland, especially if you are dependent on German Telekom, a lot of people are taking it into their own hands, bypassing German Telekom.

One Organisation doing this is the Inititative “Breitband für alle” in North Friesland, which has been nominated (german) for the “Mein Gutes Beispiel” (My good example) by Bertelsmann. The awards are being passed out on March, 30. Let’s hope they make it (Bertelsmann Page in German)

Leave a Comment