Author: Kristian Fiskerstrand

Earlier today it got known that at least 250 customers of the banking groups Sparebank 1, Nordea, DNB Nor and Skandiabanken have gotten their bank accounts emptied after having been infected by trojan horses.

My first thought was, but why isn't there any random token authentication to protect against this. But the more I thought about it, the more clear it got to me that I would rather just monitor the activity of the customer, wait until the user him/her-self logged in and then capture the computer, do the necessary transfers, change the password and log out, while the user only thought there was a lag in the system by forcing up another window.

Which brings us back to the root cause of the problem, the users. Albert Einstein is often attributed the quote "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." and indeed, security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivete, or ignorance come into play.

I really hope the banks doesn't take full responsibility for this, as it will only result in higher prices for users that actually bother to protect themselves.

And for crying out loud, learn how to protect your computer, or don't use it at all. The last time something similar happened, a vulnerability that was fixed by Microsoft in April got used, so the users had more than half a year to upgrade the systems, yet didn't.

More about protecting your computer can be read at http://www.secure-my-internet.com

Althought not really comforting, it does strike me as comforting that other governments wastes as much or more money as the Norwegian one. What gives light to the situation is when the judge set forth in a court case reacts to it. This was the case in an article in The Times

A man who called a police surgeon a “f***ing Paki” was advised yesterday by a judge: “Next time call him a fat bastard and don’t say anything about his colour.”

The judge gave the unusual advice after describing the decision by the Crown Prosecution Service to prosecute the man for a racially aggravated offence as “a nonsense”.

“A gratuitous single piece of racist abuse was uttered as the surgeon left. This was the charge on which the full weight of the law had been brought to bear. My comments were not intended to make light of racist remarks.

“I fully accept that in a circumstance and time they can be both offensive and distressing to those to whom they are addressed. When made by a drunk towards an obviously highly professional, educated and respected member of society in a position of clear authority over the defendant, I found it hard to conceive that it could be taken as seriously upsetting abuse.”

“It struck me as disproportionate to have brought this particular charge on its own to the Crown Court.”

I wrote another post (although in Norwegian) on valg27.com, as I don't know how many actually monitor that site, the article can be read here.

Hopefully I won't be the only one to write at that site, although that is the case so far.