November 26, 2009

Hiring a hacker to check up on hubby’s online activities

Filed under: Online by Orangemaster @ 1:14 pm

I bet Internet lawyer Arnoud Engelfriet gets all kinds of questions and this one I just had to share with you.

A woman asked if she could hire a hacker to find out what her husband does on the Internet. In other words, what he does online at home using their shared computer. Surprise, surprise, she thinks he’s mailing (nice euphemism) another woman and wants some confirmation.

Engelfriet explains that in the Netherlands, installing spyware or hacking someone’s password to read their mail is technically ‘ruining their peaceful enjoyment’, which is illegal and cannot be done directly or indirectly.

However, within a (obviously not very healthy) marriage, a computer is common property, unless otherwise specified in a pre-nuptial agreement (not very popular here). Then it’s not a crime to hack your own system, like it’s not a crime to hire someone to break one of your locks.

Of course, it could be considered an invasion of the husband’s privacy. And then Engelfriet gets cocky: “Even in a marriage people have privacy, although not much at all, if you ask me. After all, you got married to share everything with one another.”

My advice to the woman, putting aside the mess of advice to be given about the obvious trust issues, is why not check his mobile phone? Follow him under another name on Twitter, MSN or Facebook. And get some professional help, collectively or otherwise.

(Link: security.nl)

Tags: ,

October 16, 2009

Hacker students score pizza for pennies

Filed under: Food & Drink,General,Online by Orangemaster @ 10:10 am
pizza

If students and pizza (and probably beer) is not the perfect combination, then imagine students and pizza for next to no money and the money to buy beer.

For months, hundreds of students from cities such as Groningen, Breukelen and Utrecht had been getting pizza from Dutch website Justeat.nl for EUR 0.01 or 0.05 after hacking into the payment system. Just before paying for the pizza through an online banking system, a page was added somewhere to be able to change the final price to a few cents. In other words, the payment system wasn’t installed properly and certainly not secure.

The manager of the website is going to try and get the students to pay for the pizzas after all, as he’s out EUR 30,000. I think he should kick the IT incompetents he hired to install the payment system on his site really hard and claim damages (we don’t run out and sue here). It’s not like he’s the first ever online restaurant using the highly praised and easy-to-use Ideal payment system. Going after the smart students is easier, but lame, and they have no money.

(Link: nu.nl, Photo of Pizza pie by Adam Kuban, some rights reserved)

Tags: , , ,

August 14, 2009

Hacking at Random: hackers in the bible belt

Filed under: Online by Branko Collin @ 2:19 pm

har_09_02Yesterday was the start of the official, lecture-filled part of Hacking at Random, an episode of a Dutch hackers convention that takes place every four years under a different name and at a different location. This year’s HAR is situated at Nunspeet, in the Dutch bible belt, and as always has a strong emphasis on debating the confluence of politics and technology.

Speakers this year include the guy who’s getting a camera planted in an empty eye socket, the people who make prostheses for 50 bucks instead of 250,000 (presumably we’re not talking about eyes anymore), IP/IT lawyer Arnout Engelfriet, and the infamous BREIN organisation, the Dutch ‘RIAA’.

If I have the time, I will report on the activities from the scene of the action in future postings.

Tags: , , , ,

April 27, 2009

Anatomy of an ATM skimmer

Filed under: Technology by Branko Collin @ 8:39 am

Last December, Paul Wiegmans from Alkmaar discovered an ATM skimming device (Dutch) attached to an NS ticket vending machine (Nederlandse Spoorwegen, i.e. Dutch railways). Being a hacker, he pulled the device loose and photographed it extensively before turning it in to the police. Marvel at the diminutive size of these things!

The Nederlandse Bank estimates that skimming at train stations and banks results in ten million euro in damages per year, reports Algemeen Dagblad (Dutch). The NS told the same daily that approximately two skimming accidents occur per day at its train stations. That’s a rather small amount compared to the number of ATM transactions taking place per day there—200,000.

Update: Meanwhile, Salima Douhou and Jan Magnus of the University of Tilburg claim that skimming would become almost impossible if banks incorporated code that would verify the way people type their PIN codes, reports De Telegraaf (Dutch). Apparently, nobody does that quite the same way, making your punch as distinct as your signature. The article unfortunately doesn’t mention what the percentage of false positives is with this method, and calls the method “almost unhackable”, which in this reality means the same as positively hackable.

(Photo: Paul Wiegmans.)

Tags: , , , , , ,

January 8, 2008

Public transport chip card suffers another blow

Filed under: Technology by Orangemaster @ 10:15 am
chip card logo

The security of the public transport chip card (OV-chipkaart), which was supposed to replace the strip tickets in 2007, has been compromised. German hackers have apparently cracked the secret code of the chip in the card. For Rop Gonggrijp, Dutch hacker and initiator of the campaign against voting computers, the consequences are clear: “This chip card technology is gone, broken, can no longer be used.”

According to the government, the chip card will now be introduced in 2009. However, more problems for the chip card just mean more delay in implementing it. Since the chip has been cracked, travellers could travel for free. And then imagine the breach of privacy with all the data on the chip. Other companies have simply taken measures to avoid being cracked, which was not the case here.

The two German researchers presented their breakthrough at the 24th Chaos Computer Congress in Berlin late last year. Cracking this ‘Mifare’ chip has been a huge thing with hackers for years. It was done with equipment that cost no more than EUR 100.

The Ministry of Transport, Public Works and Water Management says on their site that “The OV chip card will be phased in from 2007 starting in the Randstad. The rest of the country will have a functioning OV chip card system around 2008. The strip ticket will be abolished no later than January 2009.” The last time they announced the abolishment of the strip ticket, the government has to reverse its decision because the chip card simply did not work. The list of problems in the Rotterdam test areas include gates that don’t open, broken card chargers, money transfers that never went through and checking in through a port, but forgetting to check out. Oh and about more than 3,000 complaints.

Having spent Christmas in Oslo, Norway, I saw the exact same chip card machine everywhere not being used by people and looking vandalised. I asked my Norwergian IT friend and he said “oh that thing, that doesn’t work at all”. They use strip tickets too.

(Link and image: Volkskrant)

Tags: , , ,

May 30, 2007

Illegal but fun broadband access

Filed under: IT by Orangemaster @ 9:18 am
slurpr

The Slurpr, a WiFi access point which aggregates up to six ‘available’ (actually, unprotected) 54 Mbps WiFi channels into (as the link puts it) “one bigazz, ‘free’ connection”. It is the latest invention of Dutch hacker, Mark Hoekstra and his friend, Boris Veldhuizen van Zanten. Of course, use of the Slurpr in its current incarnation will likely violate wardriving (warbiking in the Netherlands) laws in certain countries. One can bravely pre-order Slurpr at Mark’s site for EUR 999 (US$1,347) a box today.

(Link: Engadget)

Tags: ,

April 18, 2007

Stop hackers

Filed under: IT by Branko Collin @ 9:00 am
hacker1.gif

Automate your network intrusion detection; that seems to be the inevitable conclusion from Sebastiaan Tesink’s research into systems that can teach themselves to recognise hacking attempts. Tesink performed his research as part of his Master’s thesis. According to his conclusions, automated systems can learn to recognize well over 90% of all hacking attempts, helping system administrators considerably.

(Source: Blik op Nieuws, Dutch.)

Tags: ,