When the industry prepared for the Year 2000, I was working in a consulting company living good from doing reviews on Y2k-projects. Then the year 2000 came and nothing happened (besides a big party).

Then year 2010 came – and the bug actually got hold of us. Initially I thought that I was reading a joke but it seems to be true. The German Sparkassen (a banking brand) had a problem with their ATM cards: The Gemalto chip on the card was unable to process the year correctly and failed to give you money.

I do not know how you handle your daily money consumption but here in Switzerland you are able to pay almost everywhere with your debit (say ATM) card. So, the cash I have with me is very limited and I run into a serious problem if I cannot pay with plastic. Additionally to get to money – you need the card again. And finally I often rely on the fact that I can get local currency in a lot of countries with my debit card.

This really causes some serious troubles and – at the end of the day – affects the critical infrastructure of a country – all of a sudden and without pre-warning.

If you are able to read German, here are two articles about it. Unfortunately I did not find anything in English:

• Vor allem Sparkassenkunden von Kartenpanne betroffen
• EC-Karten: Chips erkennen das Jahr 2010 nicht

Roger

I guess you might have seen it by now but if not, please make sure you read and understand the material available:

This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution. The reason for that is that our investigations have shown that this vulnerability was one of the attack vectors used in the recent attacks against Google. So, please read the blog post of our Microsoft Security Response Center on the release of the advisory.

I just want to quote some of the key elements in there:

Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks.

[…]

Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band.

[…]

Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.

There are some additional mitigations shown in the advisory. However, a few things from my side:

• Yes, it is a vulnerability and we do everything to fix it in time without breaking your systems. So, even though we all understand the urgency of an update, it has to be tested. There is a good chance that soon somebody will release an update for this vulnerability not coming from us. The past experience has shown that those updates usually are not tested thoroughly and that there is a good chance that it will break certain systems. Often this risk is higher than the risk of being attacked in my opinion.
• Make sure that you are watching our internet sites in case we go out of band.
• Use the protections built in to the Operating System and the browser. E.g. Data Execution Prevention as mentioned above. Yes, it breaks certain applications. On my system, where I switched DEP completely on, I had to exclude my Sony Reader software as it did not work – it was terminated and it took me a while to figure out why. But this is the only application which had to be excluded. Switch that on (use Group Policies) in Internet Explorer as well.

I realized that it might be necessary to give an introduction in how to switch DEP on and I therefore wrote a post on that as well today: Leveraging Data Execution Prevention (DEP)

Roger

No, this is not a joke. If you are tired of all the discussions about Web 2.0, the privacy breaches and the related problems, you can commit Web 2.0 Suicide. There is a Web 2.0 Suicide Machine – but we warned before you do it – this process seems to work and is not reversible. There is no “undo”! Here is the link: http://suicidemachine.org/

Just provide it with all your credentials and it will unfollow all you followers, “unfriend” all your friends and reset all your passwords so that you cannot log back in to your social networks…

This is the promotional video:

web 2.0 suicide machine promotion from moddr_ on Vimeo.

So, be careful but it is interesting. From the FAQ:

If I kill my online friends, does it mean they're also dead in real life?

No!

What do I need to commit suicide with the Web 2.0 Suicide Machine?

A standard webbrowser with Adobe flashplugin and javascript enabled. So, it runs on Windows, Linux and Mac with most of browsers available.

If I start killing my 2.0-self, can I stop the process?

No!

If I start killing my 2.0-self, can YOU stop the process?

No!

The name is pretty harsh but the idea shows that there are some limits for people who far they want to be publically exposed. But it seems to be very successful: At the moment, Facebook blocked the service…

Roger

A few days ago, I blogged on Tired of Web 2.0? Kill your Online Identities – an automated way to “disappear” from Web 2.0 (actually Facebook has banned the tool since…).

Today, I was reading an article called Un-Google Yourself. Trust me, I am not explicitly looking for such approaches but seem to find them at the moment…

I am not sure whether the un-googling really works but if you want to give it a try, let me know how it turned out. If When Goog becomes your Roommate is true, this is something we should consider – BTW if you have not seen those videos yet, you should definitely take the time to do.

Roger

I know that Christmas is over and I know how my kids actually compile a Wish List: They take most of the ads (which are targeted to them) and glue them onto a piece of paper for Mom and Dad to make sure that everything can be found under the Christmas tree… I guess you know the drill.

If you look at cybercriminals, the whole thing is much simpler as the prices are lower than the expectations of my kids. I just read a blog post called Cybercriminals go shopping, where they show a list of prices for Trojan installations:

This is targeted marketing, isn’t it?

Roger