Category: General

There has been a new post on valg27.com that can be found at http://www.valg27.com/2007/01/brukerens-ansvarlighet/. This website is in Norwegian, so sorry for international readers.

It started as an ordinary Sunday, reading up on economic trends and trying to learn some Italian, when my RSS reader suddenly made me aware of an earthquake in the region the primary server resides in my home town, some 600 kilometers away from my place of residence, so I had to check up on it.

Ok, it was obviously not a great earthquake. The server did not experience any downtime whatsoever, not even any power flickering was noticed by the Uninterruptible Power Supply (UPS), but it was still an earthquake that is stronger than we are used to in Norway. Apparently it is the 8th quake the past 100 years in the region of the approximate magnitude, around 4 on Richter's magnitude scale. The last time was in 1986, which I for obvious reasons don't remember too well (being born in August 1985).

The quake lasted for about four seconds as shown from NORSARS graph below

and it was also noticed by British Geological Survey's station at Lerwick on Shetland

European-Meditteranean Seismological Centre places the quake about 24km north-east from Ã…lesund.

No persons have been reported to getting hurt, and there are only minor material damages, as expected by a light quake such as this.

Earlier today it got known that at least 250 customers of the banking groups Sparebank 1, Nordea, DNB Nor and Skandiabanken have gotten their bank accounts emptied after having been infected by trojan horses.

My first thought was, but why isn't there any random token authentication to protect against this. But the more I thought about it, the more clear it got to me that I would rather just monitor the activity of the customer, wait until the user him/her-self logged in and then capture the computer, do the necessary transfers, change the password and log out, while the user only thought there was a lag in the system by forcing up another window.

Which brings us back to the root cause of the problem, the users. Albert Einstein is often attributed the quote "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." and indeed, security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivete, or ignorance come into play.

I really hope the banks doesn't take full responsibility for this, as it will only result in higher prices for users that actually bother to protect themselves.

And for crying out loud, learn how to protect your computer, or don't use it at all. The last time something similar happened, a vulnerability that was fixed by Microsoft in April got used, so the users had more than half a year to upgrade the systems, yet didn't.

More about protecting your computer can be read at http://www.secure-my-internet.com