November 11, 2020

Dutch tech journalist hacks lights on Rotterdam bridge

Filed under: Technology by Orangemaster @ 6:00 am

On 9 November Dutch tech journalist and author Daniël Verlaan hacked the online lighting system of the Erasmus Bridge in Rotterdam. Although he went for the colour pink, most people said it looked more like purple, but that’s besides the point.

In a tweet he claims that the lighting system had been accessible to everyone for a year, and there wasn’t even a password protecting it. That fact is very interesting since his very first book just came out and is aptly called ‘Ik weet je wachtwoord‘ (‘I Know Your Password’). Verlaan got the tip from a white hat hacker who pointed the wide open bridge system out to him. Using the keyword ‘Rotterdam’, the open system showed up in one of the first results on search engine Shodan.io, made for smart devices. The system was accessible online using an IP, protected by an easy to circumvent login.

The city of Rotterdam has now taken the system offline. And the lights are only for special occasions.

(Link: rtlnieuws.nl, Photo of Erasmus Bridge by Joop van Houdt – Beeldbank.rws.nlSome rights reserved)

Tags: , , ,

March 6, 2017

Imagine Hitler on Dutch reality television

Filed under: General,Shows by Orangemaster @ 11:08 am

Facepalm

The website of popular Dutch reality television show Expeditie Robinson recently fell victim to a hacker with a sense of humour.

The hacker placed a picture of Adolf Hitler on the site as a potential candidate for a new season in which ordinary citizens can participate alongside celebrities. Television chain RTL was slow in noticing the ‘intruder’, not having noticed anyone hacking into their site or disgruntled employees.

When people clicked on Hitler, they could read the words ‘Sieg Heil’, which was in the process of collecting likes as a potential participant. Once social media starting talking about the incident, the media got wind of it. I’m not even going to check if the situation has been rectified, I had a good laugh and I’m thinking, it could happen again.

(Link: tubantia.nl, Photo of Paris Louvre facepalm by Phelan Riessen, some rights reserved)

Tags: , ,

August 11, 2015

Dutchman designs DIY surgical robot

Filed under: Design,Science,Technology by Orangemaster @ 10:34 am

OpenSurgery

London-based Dutch designer Frank Kolkman, a graduate of the Royal College of Art, has built an open-source device that could enable ordinary people to perform keyhole surgery on themselves, aptly entitled ‘Open Surgery’.

This DIY surgical robot was made using 3D printing and laser cutting technologies, and would be suited to do surgery on the lower abdomen, procedures including prostate surgery, appendectomies or hysterectomies. The device would normally be controlled by a person and in this case, using a PlayStation 3 controller to be able to move in all directions.

“Open Surgery investigates whether DIY surgical tools outside regulated healthcare systems could plausibly provide a more accessible version of healthcare,” Kolkman explains. His idea is to demonstrate that medical innovation can come from outside the medical field, as more and more people from first world countries turn to medical hacks that can be found on YouTube.

It cost Kolkman 5,000 USD to make the device, and at the time of filming, he claims that an appendectomy in the US costs 10,000 USD, while a professional surgery robot costs 2 mln USD.

(Link and screenshot: www.dezeen.com)

Tags: , , , ,

July 14, 2015

Apeldoorn plans to pay hackers for finding leaks

Filed under: IT by Orangemaster @ 3:58 pm

Need some cash? As of today if you find a proper security leak in the online systems of the city of Apeldoorn, Gelderland they’ll give you 300 euro for it. However, there are some rules to follow to get your hands on the cash.

– You can’t expose or mess around with employee data
– You can’t damage the system and make it inaccessible
– You can’t post any information you find online

If you’re up for the challenge, hit up Apeldoorn with your security leak by mailing them to incident@apeldoorn.nl, I’m guessing preferably in Dutch. You’ll be asked to encrypt your findings and if all goes well, 300 euro and more could be yours. Let the hacking begin!

(Link: www.binnenlandsbestuur.nl)

Tags: , ,

August 24, 2014

Extending the self into the corporate cloud

Filed under: Technology by Branko Collin @ 9:19 pm

interferenceI went to Interference last weekend, a hacker convention run by anarchists in a former squat called Binnenpret. Most Dutch people know the part of the complex called OCCII, a music venue on Amstelveenseweg.

The talks were somewhat similar to what I have encountered at other hacker conventions in the past. If there was a difference, it was that in the Q&As audience members were criticizing language that could be used as a weapon, as a means to disempower outgroups.

Also, the hosts did not appear to serve coffee.

Cory Shores had a talk about post-humanism and spoke about the blind man’s cane. This is apparently an issue of some contention in philosophy: is the cane part of the man, of the self? A blind man ‘sees’ with the tip of the cane after all, his hand being no more than a relay.

A similar extension of the self was identified by Paulan Korenhof and Janneke Belt who pointed out technological differences in the way people remember things, such as remembering a shopping list versus writing one down. They did not further explore the issue of the self, but instead looked at where our shopping lists (and therefore maybe parts of ourselves) end up: in the cloud, specifically in the indexes of search engines owned by international companies.

Earlier this week I mocked visitors of the Lowlands festival in a posting who gave away their privacy for RFID trinkets, but perhaps my commentary wasn’t entirely fair. The Lowlands RFID wristbands do have some value to the user as they extend the self, even if the company behind them is solidly grounded in the philosophy of “if we give you something for free, you are in fact the product”.

See also: the Interference reader.

Tags: , , , , ,

August 7, 2013

Nijmegen university fights British ban on car hacking research

Filed under: Automobiles,IT by Orangemaster @ 8:00 am

A British judge has imposed a ban in favour of car manufacturer Volkswagen who claims that the publication of research on car-starting codes for luxury cars would be detrimental to their business. Roel Verdult and Baris Ege of the Radboud Universiteit Nijmegen together with Flavio Garcia of the University of Birmingham wrote the publication ‘Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser. Since Volkswagen and other car manufacturers don’t want all those codes out in the open, they went to court in the UK and won. Oddly enough, much of the information has apparently already been floating around the Internet since 2009 but nobody really noticed until now.

The Radboud Universiteit Nijmegen is not taking it lying down and is going to court to fight the ban. The university claims that the researchers’ aim was to improve security for everyone, not to give criminals a helping hand at hacking into high-end cars. They argued that “the public have a right to see weaknesses in security on which they rely exposed”. Otherwise, the “industry and criminals know security is weak but the public do not”.

It seems to me that basing a security algorithm on secrecy rather than complexity is asking for problems once someone cracks the code, and assuming that that will never happen is not smart. The researchers didn’t do anything illegal yet they got a gag order. Why not comprise with a ban for like 6 months to let the car manufacturers get their act together? And do the researchers really need to publish damaging details to make their point that the security is weak? Stay tuned.

(Links: www.theguardian.com, www.bright.nl, Photo: guusterbeek.nl)

Tags: , ,

December 4, 2012

International outrage for Dutch hack back plan

Filed under: Online by Orangemaster @ 11:07 am

More than 40 civil rights organisations and security experts from around the world are said to be ‘gravely concerned’ about a Dutch proposal to break into foreign computers and search and delete data. “The proposal would grant powers to the Dutch police to break into computers, including those located in other countries, in order to search and delete data and install spyware. The Dutch government argues that the new powers are required to effectively combat cybercrime in the Netherlands.”

Breaking into computers in other countries is a breach of that country’s sovereignty, not to mention crappy diplomacy. Dutch digital rights organisation Bits of Freedom is urgently calling upon the Minister of Security and Justice to withdraw his proposal, to be debated in Dutch parliament this week. Problem is, many countries are likely to follow suit. Imagine countries hacking each other back and you’ve got a subplot for an entire season of American hit TV series Homeland.

Anyone involved in politics, as well as journalists, dissidents and the likes run the risk of being hacked purely for reasons of blasphemy, homosexuality or alledged copyright infringement.

(Link: www.bof.nl)

Tags: ,

November 3, 2012

DigiNotar hacker came in through front door

Filed under: IT by Branko Collin @ 4:28 pm

In 2011 Dutch web certificate company DigiNotar was compromised completely by an Iranian hacker, and a report released this week details how it was done.

The report, written by security auditors Fox-IT and published by the state last Monday, shows that the hacker managed to get access to Diginotar’s public website, which had already been hacked in 2009. In fact, the defacements from that year were still online when the hack was discovered in August 2011, security.nl reported at the time.

According to Webwereld, Fox-IT’s report reads like a how-to for pwning a badly secured system. The hacker installed a shell on the web server, which must have been easy to do, as the still online defacements showed the way. DigiNotar had a firewall between its public network (which it called the Demilitarised Zone) and its segmented internal network, but it also had a long list of exceptions in the firewall. The certificate servers were also attached to the office network of DigiNotar, so that the hacker could use the standard MS Windows Remote Desktop tool to create false certificates.

Just another day at the office for an experienced black hat hacker.

Techworld reports that the DigiNotar hack was mainly used to attack Gmail users in Iran. DigiNotar declared bankruptcy in September 2011. The company’s certificates were heavily relied upon by the Dutch government, but also by Google.

Web certificates are a means to tell your browser that the website you are visiting real is the website it claims to be. This is useful for online banking and so on.

Tags: , , , , , ,

February 28, 2011

Copyright vigilantes Brein seize servers illegally

Filed under: Online,Technology by Branko Collin @ 8:46 am

Dutch MPAA representatives Brein have broken the law by removing computer equipment worth hundreds of thousands of euro without a court order, law professor Ton Jongbloed told Tweakers.net last Tuesday. Brein seized 8 servers from hosting provider Al Transa last January.

The Brein foundation claims that the servers contained the warez site SWAN, although its not clear how it reasons that this makes it OK to break the law. Owner Craig Salmond says he will report the foundation to the police for theft, unless Brein gives back his hardware and offers a formal apology. His lawyer added that computervredebreuk, illegal hacking of a computer would also be a possible charge. Internet lawyer Arnoud Engelfriet sees a charge of fraud as more likely to lead to a conviction, whereas the lawyers of IT en Recht are putting their money on a charge of vigilantism.

According to Webwereld, Brein gained the ability to log in to Salmond’s servers before they took the computers. Engelfriet thinks a charge of theft is unlikely to stick, as the maintainer of the 8 computers, another provider called Worldstream, voluntarily handed the machines over to Brein.

On a totally unrelated note, in December 2010 a judge decided to keep a 16-year-old script kiddie another two weeks in jail (by now he has been released) after he allegedly had hacked websites of MasterCard and Visa in retaliation for their treatment of Wikileaks front man Julian Assange. Call it a hunch, but I have severe doubts that we will ever hear of Brein manager Tim Kuik receiving a similar treatment at the hands of his good buddies at the Justice department. I doubt he will even ever spend a second in jail, at least not for copyright related matters. He just doesn’t fit the profile, never mind that the wealthy Brein foundation is in a much better position to make the prosecutor look silly than a gormless teenage high school student is.

(Photo by Malene Thyssen, some rights reserved)

Tags: , , , , , ,

January 26, 2011

Free and undetected travel with public transport chip card

Filed under: Technology by Orangemaster @ 1:24 pm

After a series of nasty blows, like bludgeoning some game monster that just won’t die, the Dutch public transport chip card has been given what mainstream media see as the kiss of death.

With a computer running Windows and a hacker’s program called LogicAnalyz3r, not only can you top up your chip card like there’s no tomorrow, but travel without any kind of detection. If you put fake money on a proper card, check in or out normally while it doesn’t register, you have yourself a ticket to ride.

“The gates and top-up devices don’t check whether actual money was transferred from the bank to your chip card. Cracking the card takes about an hour, after that, it’s just a matter of seconds.”

Yes, it’s in Dutch, but computer magazine PC-Active has written up the entire how to in a handy PDF.

TLS, the company responsible for the chip card kept saying this was ‘a hacker thing, and not for ordinary people’. If that’s not begging to be bludgeoned by hackers, I don’t know what it. TLS’ Financial Director was pathetically (yes, value judgement) quoted on telly yesterday as saying, “It’s forbidden, why would anybody do that?” Sure dude, nobody downloads from the Internet, that would be wrong.

Yes, NOS Dutch news item is in Dutch, but it’s all about the tech shown in the video.
‘Tampering with balance on chipcard is easy’

UPDATE: TLS is currently looking for a Security Officer & Fraud Manager (Thanks @AlexanderNL, @gronical!)

(Link: webwereld, Photo by Franklin Heijnen, some rights reserved)

Tags: , , ,