"To be trusted is a greater compliment than being loved." - George MacDonald
myRL.net
R.I.P. Robert Budd Dwyer † 1987
Home Services Downloads About
Posted on 2010-11-21 by IceBear

I got up the other day after a long night, not fearing anything being wrong, just the usual morning. Still a little sleepy I turned to my PC just to find this in my face: "Germany on high alert due to 'plot'"
I panicked. Immediately I called my local police station to report these weird looking Middle Easterns who moved in next door. They don't speak German, they don't look German, they just look like a big bomb waiting to explode to me. After what seemed to me the longest half hour of my life, a black van pulled in the driveway, men rushing to my neighbor's door with weapons drawn, kicking the door in. I hear screaming and loud noises. Five minutes later the men escorted these monsters out the door, into the van and tagged them with a yellow star. What a relief.

Oh no, wait. I think I got a little bit confused with history there. Anyhow.

So, I was relieved, lying back proudly in my chair thinking I did a fine service to my country when suddenly the men from the van rang my doorbell. They were probably going to thank me, or so I thought, so I opened the door just to suddenly have a gun in my face and get arrested. What for? The reason seems obvious enough, really. I'm a terrorist. Now that I think about it, it all makes sense. How could I, as a citizen of a democratic country, read articles by a terrorist network like Al Jazeera? What was I thinking? I must have been out of my mind. Of course the Stasi logged what I was doing on the Internet and acted appropriately.

OK, fine. While this might have been a work of fiction in some parts, just take a minute and think about what my point is.

Let me quote what the interior minister of Berlin, Ehrhart Körting, said:

"If we see something in our neighborhood, if suddenly three rather strange-looking people move in who try to keep out of sight and who only speak Arabic or another foreign language that we don't understand, then I think one should make sure the authorities know what is going on." - Ehrhart Körting (Spiegel article)

And with the findings of a "bomb" in Namibia that apparently was headed for Munich, Germany, I have reason to be scared, or do I?
Let's recap.
What appeared to be a "bomb" was found at the airport of Windhoek, Namibia. It was a suitcase which had:

"batteries that were attached with wires to a detonator and a ticking clock". - Bundeskriminalamt (BKA) statement

Later it turned out that this was just a "test". A testing device manufactured in the U.S. for usage at airports and other security areas, to see whether detectors and employees will detect the major threat this device eradiates. Have you seen the device? It's actually pretty funny:

X-RAY TEST OBJECT

It reads:

X-RAY TEST OBJECT NON-HAZARDOUS

and some info about the manufacturer (Larry Copello Inc.) below. On a funny but irrelevant side note, the wiring was apparently done by an 80-year old woman.

Question is, who planted this device? At the moment they're blaming it on a police officer in Namibia.
Whoever they're going to blame it on, let me see if I got this right:
You're telling me a device that appears to be a bomb was found at the airport of Windhoek, Namibia (which once was a German colony) and was supposed to head for Munich, Germany one day after Germany raised their "terrorist threat level" because they're fearing an attack. Really? They're still looking for the culprit?

The only real terrorist here is politics and that's about it.

Posted on 2010-10-25 by IceBear

We all know what an email is, right? Germans had the great idea of reinventing the wheel, once again. In particular I want to talk about the "E-Postbrief" which is a new service by Deutsche Post AG.

First of all, what's "E-Postbrief" supposed to mean? The "E" stands for electronic, just like when talking about conventional emails. I was wondering how to translate "Postbrief" so I consulted a dictionary to help me out:

E = electronic
Post = mail
Brief = letter

So, that would make it "electronic mail letter". Awesome.

Now, what's the difference between a conventional email and this new E-Postbrief? You can send usual letters with it, either completely electronic (should your second party also use E-Postbrief) or have them printed and sent as a normal, written letter. Both options cost a minimum of 0,55€ though. Also the electronic delivery is limited to a size of max. 20MB. The idea is to have an email with legal ground, which is legally binding, so you can get doctor's bills, etc. via E-Postbrief and save them digitally instead of having to deal with printed letters.

My first thought: Hell no, I'm not going to pay 0,55€ for each mail. But really, that's still the least of my concerns with this service.
Because what I didn't mention so far: the service is supposed to be secure and encrypted!

And how does that work? Well, not with your own public and private keys like PGP or GPG, that's for sure. Instead, it's made simple for the average citizen. That is: Deutsche Post AG is doing all the work for you. They encrypt and decrypt everything for you. Anybody else noticing this weird smell?
In case you're at least wondering what encryption algorithms they're using, well, you won't know. Because they're not telling.
Security through obscurity. Except that this pretty much equals having no security at all.

Also they claim that it's "not possible" for Deutsche Post employees to read any E-Postbrief saved in your account. The second sentence corrects that down in a way though by saying it's secured against access by "unauthorized" people. Who is authorized?

In case you're still not convinced that this is some utter insecure crap, by accepting the terms of services you agree that Deutsche Post may forward your mails (unencrypted!) to law enforcement agencies in case public security is being endangered. (aka terrori- ohshit, I'm scared.) (9. 9(3))
Did I mention your emails are mirrored and not deleted once you delete them? Yes, that's right, they'll only be deleted after an unspecified period of time. You may not see them anymore in your inbox but they're still there. That's of course just because you might delete something by accident. (2. 2(5))

Because of all the criticism, Deutsche Post added a service so you can generate your own private key and a signature. Funny though: they claim this key is only accessible to you, but who guarantees that? The key is generated on their servers, you simply download it from them. The only way to have a real secure private key is by generating it on your own machine, not anywhere else.

I only raise one question: When they reserve the right to forward mails to law enforcement agencies in an unencrypted format, how is it not possible for any employee to read mails? They have the ability to decrypt them, they have the ability to forward them, but they don't have the ability to read them? Blind employees, the security concept of the future. Germany's always one step ahead.

So, to recap these awesome features of E-Postbrief: Costs money, insecure, totally unnecessary, insecure, did I mention insecure already?

Leave it, don't use it, is my suggestion. Stick to GPG/PGP and once again: Stay private.

Newer posts
Dynamically generated
2019-01-22T02:28:35+00:00

2 unique sql queries
page executed in 409ms
load 0%

Served by dd6922
© myRL.net
PHPIDS LGPL PHPIDS Team
Font Awesome SIL OFL 1.1 Dave Gandy