Shreddered Stasi Documents Reconstructed

In the November 1989, the agents of the east german secret police Stasi, had a problem: On the streets there was revolution that would soon take over the government and in the archives there was a precise documentation of what they did in the last 40 years. So, they hurriedly shreddered as much documents as they could.

In the years to follow, people hat to accept the fast that it was just not feasible to reconstruct these documents.

One engineer of Fraunhofer Gesellschaft didn't accept that and developed a program that can reconstruct shreddered documents. The trick is to categorize the shreds before making an attempt to match them. Otherwise, the number of possible combination would grow exponentially with the number of shreds.

The security lesson? Shredding documents no longer keeps them secret.

Kaspersky wants to end Internet Anonymity

In an interview with zdnet Asia Eugene Kaspersky suggests to put an end to internet anonymity. He says "I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement". Well, first this won't happen because it would be way to expensive. Even if an established system like OpenID would be used as the source of the identity management required here all ISPs and website operators would have to adopt their software. Second, it should not happen because anonymity is sometimes a part of freedom.

However the present system of website logins is a mess and should be fixed by using a voluntary identity management system.

Cnet reports that Comcast have a similar initiative where they disconnect users with infected PCs. This is also problematic, but it sounds a little better becasue it's good internet citizenship not to act as a springboard for internet criminals.

Realistically spaking, the responsibility for PC security remains with the vendors, not with the users as long as the systems are too complicated to be fully managed by the end users.

Google suggest Online Payment with Single Sign On

Google has suggested a micropayment System to the Newspaper Association of America. How is this asecurity issue? They suggest to combine it with a Single Sign On System also operated by Google.
I welcome paid-for Internet content because I believe that advertising As the only Business model for online content endangers the journalistic quality of the articles. The dependency on the advertisers leads to articles written for the advertisers, not for the readers. Also, I hope that flash and popups will become less intrusive if publishers get an additional revenue stream.
The bad news is that Google would know even more about their users, in particular if they operate the micropayment system.
I really would prefer having a small micropayment token connected to my computer that performs Single Sign On and micropayment operations under my control.

Voting Computer Tempest Attack

Youtube has a video where the german hacker club CCC shows how to read out the votes cast on an online voting machine. The electromagnetic radiation generated by the machine, in particular it's pressure sensitive input device, is measured by a sensitive radio scanner. It seems that almost any man-machine interface is threatend by this kind of attack.

SWIFT

As many news outlets report, the European Commision starts negotiations with the USA about sharing financial data from SWIFT transactions with the USA.

Once the data are in USA it will be quite hard to ensure that the data are only used as intended. The security of these data does not only depend on the present US government, but only on all future governments.

This underlines and old and wellknown rule of data security: Mimimize the amount of data given at any time. Applied to this case, give SWIFT as few as possible.

German Health Smart Card Troubles

The German health smart card is in trouble. My take on that is: On one hand, there are real issues like terminals being too expensive, on the other hand it looks like the doctors who are supposed to use these cards are a little technophobic.

We learn that if security comes with embracing technology it still hard to achieve wide acceptance, at least in germany.