jondos's blog

As analogon to the "all-in-one device suitable for every purpose", they now really exist: the "pirate copying child porn terrorists" as Times Online states in a recent article (17.10.2008). Terrorists are supposed to hide secret messages in child pornographic images and to thereby spread them over the internet. We suppose that they also lack opyrights among other legal deficiencies - that's why the new term PCCPT may be established.

As the german web site Heise reports, companies might now be able to contact arbitrary visitors of their web sites using a new technology. This may be realised by a software of the company demandandbase, which may in many cases even identify individual employees of a specific company.

According to a report on Spiegel-Online, the german Federal Office for Information Security (BSI) explicitly warns from using the new Google browser "Chrome" productively. The browser may be half-baked (explicit beta, not a complete product) and had been released to market far too early. Moreover, Google may very probably use this browser to collect private surf information and other personal user data.

Since a while, a new profiling system named Phorm is in beta test at U.S. american and british access providers. Without asking the customers meanwhile some hundred thousand, partially quite detailed, data sets about visited websites and requested content (e.g. also from web e-Mails) have been created. It might be just a matter of time until such a technology will be applied in other european countries.

After recent reports about the german BKA looking for suspects in the visitors of their web sites, now even more threatening measures against web surfers have been uncovered to be used by the U.S. FBI. After clicking on prepared web links (or after automatic download by browser prefetching...). the FBI searches the houses of those people whose IP addresses could be backtraced to their identities.

The FakeNameGenerator makes ist quite easy to create plausible identities for exploring the web. This service is free and does not need any registration.

For synchronizing Firefox bookmarks we have been developing an extension that should - in contrast to all other existing ones - keep the privacy of its users. As Mozilla is now developing a far more flexible concept, Weave, that fulfills the same requirements, we have decided to stop our own development without releasing it.

Simon Pecher, a computer scientist experiences in anonymisation techniques, is now a member of our development team. Some users know him from former forum postings he did as private person to give techical help.

As the CCC is still installing a new server, the whole CCC Cascade is not available at present.

As known since some weeks, even the pure installation of Internet Explorer 7 may lead to a major security breach of the Windows operating system. Links (URLs) in non-Microsoft applications (e.g. Adobe Reader, Mozilla Firefox, Skype, Miranda,...) may be modified in a way that clicking on them starts arbitrary Windows applications. This could be used to install and start spyware, viruses, trojan horses and so on.

As already known to us, but now confirmed by a report of the Georgia Tech Information Security Center, online videos (like from YouTube) may become THE favorite of hackers and online-spies. The browser plugins needed for these videos, like Flash and Java (do not confuse with JavaScript), may contain evil code in many ways, which is generally executed on the web surfers' computer without his control. Thereby this code gets control of the user's computer - virus scanner and firewalls do not help.

As was published recently, the german Bundeskriminalamt, by the help of providers, uncovers the identity if internet users, who visit some of their purely informative internet pages. Those who do not anonymise their IP address on visiting these BKA pages may therefore fall into a search raster through no fault of their own.

The consequent introduction of HTTPS on our web pages seems to have finally thwarted the spam robots. Even before, thanks to a spam filter developed by us, only very few spam messages showed up in the forum. We assume that spammers won't develop a https spam software specifically for us in the near future. If this should be the case, we will react with a strong captcha (test for real humans) and more filter rules.

The forum may thereby still be used without login, and our maintenance work is nevertheless quite small.

From today, our pages are only reachable via HTTPS. This protects login data from getting read, and downloads from getting changed during download.

Chinese scientists have discovered a way to track down the author of forum posts (or any other text) with about 90% accuracy. Their method, which they call "writeprinting" (analogous to a fingerprint) uses data like the vocabulary used, typography and layout of the text to identify its author. Using the data of about 30 forum posts to feed the algorithm achived 90% accuracy. Using a larger base of 40 articles, accuracy of up to 99% becomes possible.