4 posts • joined 15 Nov 2008
The Chaos Computer Club begs to differ....
The Chaos Computer Club in Hamburg made front-page news the other day by completely hacking this shiny-new german ID card and the swiss version of it at the same time.
The attack vector was the combination of a compromised computer (trojan horse etc.) plus the cheapo ID card reader without own PIN pad. By reading the PIN while entered into the PIN pad software associated to the ID card reader and then leaving the ID card in the reader, it was then possible for the attacker to sign any number of transactions using the stolen identity.
The BSI (german government agency for computer security) then issued a press statement that users shouldn't leave the ID card in the reader for any more time than strictly necessary -- somehow failing to mention that the ID card is actually RFID and doesn't need to be in the reader to be read, it is sufficient if it is reasonably close.
The other problem is that there are no "proper" card readers with built-in PIN pad available or even currently being certified. The "basic" readers used in the attack are the ones selected for the starterkits in the introduction stage of the new ID card.
(sorry, german only)
The court in Hamburg....
There is something you need to know about that district court in Hamburg...
It isn't made clear in neither this article nor the press release, but I guess that it was the media/press/journalism law chamber of said district court that issued the injunction.
This chamber has an extremely bad reputation because it bends the law to the extreme and quite regularly even beyond breaking point.
In german law, there is a very strict principle about which court is responsible for cases; that is always determined by the court's catchment area and area of responsibility. In layman's terms, a court in Munich will never hear cases that happened in Berlin or Hamburg or indeed at the wrong end of Munich.
This principle applied to media (offline and online) means if a newspaper is sued over content, it must be sued at the local court, whereever that newspaper is published.
The press chamber of the district court in Hamburg, however, operates on the fiction that online media (basically anything that's on the internet, regardless whether it's a blog, a homepage, a tweet, or a proper news website) can be sued in Hamburg .... because Hamburg has Internet and you can read that online media in Hamburg. That is obviously b*llsh*t because then you could sue a newspaper published elsewhere in Hamburg, because somebody could bring that newspaper to Hamburg and read it there - but that's not the case.
Secondly, the press/media court in Hamburg made itself a name for very often putting out very biased rulings, almost always against the media, upholding claims that would be thrown out within minutes at any other press/media court in Germany.
This has led to a situation that now everyone who wants to shut a website (blog or press company) and in fact any newspaper too (because they have websites) up on something goes to the Hamburg court to get it done, especially if it's about something where they would stand a chance at another media/press court in Germany.
While it is debatable to take that line in relation to german websites, the court is clearly taking matters too far by also ruling on websites that are not German and not located in Germany.
The higher court above the Hamburg press/media chamber regularly overturns rulings - unfortunately not all of them are bought in front of the higher court, so many rulings stand.
I do realise that all of the above will sound strange to U.S. readers because their district courts clearly are the policemen of the world (and regularely decide cases that happened outside U.S. territory between non-U.S. entities) but over here in Europe, we have proper countries with proper rule of law - and therefore courts that only decide on cases within their area or responsibility.
there is a website set up that traces and exposes the mis-rulings of the particular judge that presides the press/media chamber of the court of Hamburg - that's a one-of-a-kind thing in Germany.....
The judges simply assume that these documents prove everything that Mr. Binyam Mohamed claims they prove and convict the government accordingly.
The govt can still release them to prove them wrong.
There might be an extradition treaty between US and Germany, but that will only cover non-citizens, for example US citizens trying to evade US courts by staying in Germany. Germany's costitution doesn't allow to extradite german citizens. A extradition treaty cannot overrule the constitution. Period.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'
- Product round-up Ten Mac freeware apps for your new Apple baby
- Product round-up The Glorious Resolution: Feast your eyes on 5 HiDPI laptops