Hanno's blog

Hanno's Blog

Thursday, January 23. 2014

BSI-Botnetz mit uralten Daten

Das Bundesamt für Sicherheit in der Informationstechnik (BSI) macht ja seit vorgestern mächtig Wirbel um einige Zugangsdaten, die sie angeblich aus einem Botnetz haben. Leider informiert das BSI bislang nur sehr spärlich über Details. Ich habe, nachdem die zugehörige Webseite nach einigen Stunden wieder einigermaßen erreichbar war, verschiedene von mir in der Vergangenheit genutzte Mailadressen prüfen lassen. Bei einer Mailadresse eines großen deutschen Freemail-Anbieters, die ich vor langer Zeit als primäre Mailadresse genutzt hatte, schlug der Test an und ich bekam eine der Warnmails (ich dokumentiere die Mail weiter unten). Das ist jetzt aus zwei Gründen interessant:

1. Ich habe diese Mailadresse seit ungefähr zehn Jahren nicht genutzt. Ich habe alle Accounts, die ich aktiv nutze, auf meine aktuelle Mailadresse auf eigener Domain umgestellt. Das bedeutet: Die Daten, die das BSI da hat, sind also - zumindest teilweise - uralt.

Eine Sache, die hier vielleicht spannend ist: Im November letztes Jahr gab es einen größeren Leak von Accountdaten bei Adobe. Da war ein Account mit dieser Mailadresse dabei (fragt mich nicht warum ich irgendwann einen Adobe-Account hatte, wie gesagt, ist mindestens zehn Jahre her). Es ist natürlich reine Spekulation, aber es scheint mir zumindest vorstellbar, dass es sich bei den BSI-Daten schlicht um die selben Daten handelt. Rein zeitlich würde es ins Bild passen. (Update: Mehrere Leute teilten mir mit dass sie vom Adobe-Leak betroffene Mailadressen haben, die das BSI nicht kennt, also Spekulation höchstwahrscheinlich falsch)

2. Ich erhalte hier eigentlich eine völlig nutzlose Warnung und unpraktikable Tipps. Denn was mir das BSI letztendlich mitteilt: Sie haben Zugangsdaten zu irgendeinem Account irgendwo im Zusammenhang mit einer Mailadresse von mir. Oder, um das BSI zu zitieren: "Dieses Konto verwenden Sie möglicherweise bei einem Sozialen Netzwerk, einem Online-Shop, einem E-Mail-Dienst, beim Online-Banking oder einem anderen Internet-Dienst."

Verbunden ist das ganze mit dem kaum umsetzbaren Vorschlag, ich solle doch am besten alle meine Passwörter ändern.

Was ich ja jetzt gern wüsste: Weiß das BSI, um was für einen Account es geht? Und falls ja: Warum teilen sie es mir nicht mit? Ich werde zumindest versuchen, darauf eine Antwort zu erhalten. Laut Bundesdatenschutzgesetz ist das BSI verpflichtet, mir Auskünfte über Daten, die sie über mich gespeichert haben, zu erteilen.

Hier die vollständige Mail, die man vom BSI erhält:

Sehr geehrte Dame, sehr geehrter Herr,

Sie haben diese E-Mail erhalten, weil die E-Mail-Adresse [...] auf der Webseite www.sicherheitstest.bsi.de eingegeben und überprüft wurde.

Die von Ihnen angegebene E-Mail-Adresse [...] wurde zusammen mit dem Kennwort eines mit dieser E-Mail-Adresse verknüpften Online-Kontos von kriminellen Botnetzbetreibern gespeichert. Dieses Konto verwenden Sie möglicherweise bei einem Sozialen Netzwerk, einem Online-Shop, einem E-Mail-Dienst, beim Online-Banking oder einem anderen Internet-Dienst.

Um diesen Missbrauch zukünftig zu verhindern, empfiehlt das BSI die folgenden Schritte:

1. Überprüfen Sie Ihren eigenen Rechner sowie weitere Rechner, mit denen Sie ins Internet gehen, mittels eines gängigen Virenschutzprogramms auf Befall mit Schadsoftware.

2. Ändern Sie alle Passwörter, die Sie zur Anmeldung bei Online-Diensten nutzen.

3. Lesen Sie die weiteren Informationen hierzu unter www.sicherheitstest.bsi.de.

Diese E-Mail ist vom BSI signiert. Wie Sie die Signatur überprüfen können erfahren Sie auch unter www.sicherheitstest.bsi.de.

Mit freundlichen Grüßen
Ihr BSI-Sicherheitstest-Team
Posted by Hanno Böck in Computer culture, Security at 08:38 | Comments (3) | Trackback (1)
Defined tags for this entry: , , , , , , , ,

Saturday, January 18. 2014

Laos, Thailand, Malaysia and back home

signs
These signs in Penang/Malaysia were quite a good symbol for my trip.
I finished my Asia trip a few days ago. As you could obviously see, my motivation for blogging decreased during the trip. I'll finish with a quick summary of what I did.

I entered Laos from China, but I didn't spend a lot of time in Laos. The main reason was that I was quite frustrated with the weather. It was a comparatively cold winter in southern China and Laos and the buildings there are not really isolated at all and heating usually doesn't exist. While the days were all sunny and nice, the nights were sometimes quite tough. In Laos, usually the only mode of transport are buses and minibuses. I crossed the border at Houay Xai and quickly moved on to Bangkok by bus and train.

Travelling in Laos and Thailand was quite a different experience when compared to Kazakhstan and China. For the first half of my trip, I mostly felt like "the stranger going to places rarely visited by strangers". In China, even at touristy places there were mostly domestic tourists. Laos and Thailand are flooded with western tourists, so I was more like "the western guy going to places everyone else is going". Honestly, I felt much more comfortable with the first role. Malaysia was somewhat in-between. The most important thing I was looking for in this part of Asia was mostly nature and rainforests.

Rainforest in Malaysia
Rainforest in Malaysia.
For the whole travelling with buses and trains, I was surprised that it was often much easier than expected. Maybe irrational, but when I planned this I often felt "travelling with a bus/train in a place I barely know anything about just must me difficult". If you have any questions about overland travelling in any of the countries I visited, feel free to ask me. But basically, it usually comes down to "write your preferred train, time, class and destination on a piece of paper and the people at the ticket counter will understand even without knowing your language". The only real obstacle I faced at all was that in China there are some train routes that are booked out early.

If you know me, you know that I try to avoid flying. But it was clear that doing this trip without would be close to impossible. So I flew back from Kuala Lumpur in Malaysia earlier this week.

While I've seen a lot and experienced a lot, at the end I was at a point where I really didn't want to continue any more. I have a lot of respect and get inspiration from people people who consider themselves digital nomads, permanent travelers or something alike and I though a lot about that during travelling and in the months before. I'll probably write some more about that at a later point, as I find it quite desirable to organize life in a way to be less dependent on a fixed living spot. But for me, this has limits and I know where they are.
Posted by Hanno Böck in English, Life at 13:02 | Comment (1) | Trackbacks (0)
Defined tags for this entry: , , , , , , ,

Tuesday, January 7. 2014

Boten - a chinese casino ghost town in Laos

Boten Hotel
This hotel still takes customers, although there probably aren't many
After crossing Yunnan province, I finally left China to go further south into Laos. I travelled by bus from Jinghong to Medan and from there to Mohan, which is the chinese border town. From there, I just walked across the border. In Laos, EU-citizens can get a visa-on-arrival, which was easy. I just had to fill in a form and got my visa about 10 minutes later.

Right behind the border in Laos is the small town Boten. There's a quite interesting story behind this place. A couple of years ago, this was a place of casinos for chinese gamblers. In China itself casinos are forbidden, so this gained quite some popularity. A couple of luxury Hotels and other facilities for the chinese gamblers emerged. However, some conflicts were arising. The casinos sometimes held chinese gamblers unable to pay their gambling debt as hostages. Chinese authorities were unhappy with this and pressured the laotian authorities to shut the place down, which finally happened in 2011.

Boten cowshed
In this former hotel only cows sleep these days
So today Boten is mostly a ghost town of abandoned hotels and casinos. The town is split. On one side of the street is what probably was Boten before the casino boom and were most of today's inhabitants live. Some simple houses, some shops and also a small and simple hotel where I stayed for one night. Although this is in Laos, everything is still very chinese. Everyone pays and sells in chinese Yuan, which came quite handy for me, as I didn't have any laotian Kip at that time.

Boten Casino
A Casino - empty today.
On the other side of the street is the ghost town. It's not completely empty. One large hotel is still welcoming customers, some shops are still operating and also a couple of people live there. But there are a number of former luxury buildings in different states of decay. Probably the most weird thing was a former luxury hotel that's now used as a cowshed.

It was definitely one of the more interesting places on my trip.

Pictures from Boten
Posted by Hanno Böck in English, Life at 17:28 | Comments (2) | Trackback (1)
Defined tags for this entry: , , , , , ,
(Page 1 of 1, totaling 3 entries)

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz