Hanno's blog

Wie ich heute erfahren durfte, laufen die Beamboards am Stuttgarter Hauptbahnhof mit BeamCon 2.04, außerdem läuft die Lampe schon über 2000 Stunden und noch einige andere Debugging-Informationen sind zu erfahren.

Bruce Schneier writes about Phishing attacks and that he wants financial companies to be responsible for phishing attacks.

This brought me to some thoughts about online banking security and secure authentication in general.
Today, most online banking goes through web interfaces. That's really horrible in the sense of security. I remember when I asked my local bank for an online banking account, they told me "hey, you just need a web browser to do this". They have better alternatives (HBCI), but they don't promote them to their normal customers.
With a web-interface, you only have a one-way-authentication (the user authentificates itself to the bank, but the bank doesn't) and that's the whole thing why phishing works. If there would be any mechanism that verifies the authenticy of the bank for the user (or, to be exact, his applications, because we all now that average users don't manage to do so), the whole phishing-stuff would be senseless.

Even the less secure variant of HBCI with keyfiles is much more secure than web-interfaces. For a successfull phishing-attack, a user would have to upload his keyfile - which he usually won't do, because he doesn't know where it is. But the most obvious way: Smartcards.
Smartcards can be a fine solution for various security problems - and it's not much more complex. Everyone knows that he has to put his bank card into a cash terminal, so why shouldn't the average user be able to put it in a computer slot? But hey, it's even hard to get smartcard-drives - I once asked in the Saturn (big german technology market), they don't sell them at all.
The right thing would be having smartcard-drives in computers by default - and having chipcards for various security-applications.

HBCI, for the ones who don't know, is a german standard for online banking - I wonder why there is no word-wide online-banking-standard yet - with a secure, open design and based on two-way-authentication, together with some easy-to-use standard applications for online banking installed on every PC. That would really help a lot.

From the ffmpeg-list:
>>> Java is rumored to be platform-independent.
>> Highly overhyped rumor, it actually runs on all platforms... that have a JVM.
> Right, both of them. :) Funny essay on the matter:
> http://web.ivy.net/~carton/academia/java_languageoftomorrow.html

And congratulations to the marketing guys of sun who managed to promote their product for years with something that just isn't true.

"Wenn ich mit meiner Relativitätstheorie recht behalte, werden die Deutschen sagen, ich sei Deutscher und die Franzosen, ich sei Weltbürger. Erweist sich meine Theorie als falsch, werden die Franzosen sagen, ich sei Deutscher, und die Deutschen, ich sei Jude." - Albert Einstein
Die Spreeblick-Flickr-Group zu DBD akzeptiert leider keine Uploads mehr, deshalb exklusiv hier mein Beitrag zu »Du bist Deutschland«.