/dev/otmar – Page 9 – … as if the Internet needed another blog.

Attacking PalPay, Visa, and Mastercard

Post author By otmar
Post date December 9, 2010

The story so far: WikiLeaks posted some secrets, the US governments throws a hissy fit and some spineless companies see it as their “patriotic duty” to withheld service from WikiLeaks. This doesn’t especially endear them to the 4chan/Anonymous crowd which then starts to DDoS the pushovers.

So how is a Civil Libertarian and Network Security guy supposed to react to that?

Two bads don’t make a right. There are better ways to show disgust of and punish those electronic money movers. Attacking their operation cannot be the right answer.

But: I’ve been arguing for years now that one of the few ways to actually shut down some of the real menaces (not the imagined ones like WikiLeadks) of the Internet like Spammers, Fake AV Software scams, Viagra/… sellers, and other frauds would be to deny them the credit card payment option.

Thus, MasterCard and Visa: If you are so eager to distance yourself from WikiLeaks, when nobody can even tell you what actual laws they are supposed to have violated, why are you not able to deny service to the frauds when it is absolutely clear that they violate laws and cost the worldwide economy huge sums of money to clean up their crap?

Life

Nikolaus 2010

Post author By otmar
Post date December 6, 2010

This year, we organized a Nikolaus Fest again. This time we had:

11 kids (only the twins (Isabel and Leo) could not come)
11 parents
my sister

and a very impressive Bishop.

Many thanks to our neighbor who played the role perfectly and dealt with all the idiosyncrasies of the kids.

Tracks

Post author By otmar
Post date October 31, 2010

Life

Autumn in the Augarten

Post author By otmar
Post date October 30, 2010

Today was a perfect autumn day in Vienna and we met a good number of other families in the park:

Tracks

Lazy Sunday Tracks

Post author By otmar
Post date October 24, 2010

The weather is getting colder and thus building a track on a Sunday afternoon seemed like a good idea:

Tracks

Post author By otmar
Post date October 17, 2010

After a long break we build a full set of tracks again. On the first go I used the bridges, but the kids almost immediately destroyed them as they move the tracks on the wooden floor. So, the next version only used the simple overpasses that survive being shoved.

By now both kids push trains along. Now I have to make sure that a) Clemens’ train doesn’t expand by assimilating cars from Elena’s and b) that Clemens doesn’t just crash his train into Elena’s.

System Administration

RFC 5105, enum.at Client Toolkit and Xerces 3

Post author By otmar
Post date September 29, 2010

I recently got a request for help concerning the generation of ENUM Validation Tokens according to RFC 5105.

In order to check what went wrong, I had to re-install the software I used while writing that RFC. That wasn’t so easy as the upgrade from Xerces 2 to Xerces 3 made a few changes to the XML Signing module necessary:

CERT

Memo to Security Conference Organizers

Post author By otmar
Post date September 24, 2010

First of all, there are more security conferences in September and October in Europe than any sensible organization will ever want to send people to. Sorry.

Aggressive hard-sell phone calls will not help. Quite to the contrary.

And if you send email invitations, remember that you’re sending mail to security professionals. Including tracking images in the HTML version and linking to a tracked version of your conference website is considered rude in these circles.

Cut it out.

Pet Peeves

Windows 7 Sync Center

Post author By otmar
Post date September 15, 2010

I’ve already written about the broken list of available updates in Windows 7. Today I spotted something similar:

Windows supports keeping a copy of a remote directory on the local computer and syncing back offline changes. Today I got confronted with the following dialog:

Okay, I press “Sync” and get:

Conflicts? Show me:

What gives?

Internet

The privacy of fonts on the web

Post author By otmar
Post date September 14, 2010

Today, heise wrote about Linotype’s offer in the “fonts for webpages” market.

If I’m not mistaken, that’s not the first commercial offering of licensing fonts for the new HTML/CSS font feature. On one hand, this a really good offer, as it allows amateur sites to use professional fonts for free and commercial, high-traffic sites can use these fonts for a reasonable price.

But one thing bugs me about these offers: In order to enforce the pay-per-pagehit business model, these services need to serve the fonts from their own servers. That means:

On the plus side, potentially better caching between different sites.
But: the font-servers implicitly track all visitors to the website using these fonts.

Given all the privacy implications that embedded ads and social media gizmos (“click here if you like this”) are starting to raise, fonts seem to be the next thing you need to be careful about if you’re conscious about the traces you leave in third-party access-logs.