Month: March 2012
So I was considering GIMP, LaTeXDraw, Inkscape, Xfig, GraphViz – and in a weak and confused movement FSLView – to draw a graph. Then I saw Dia, installed it, and I found it quite suitable. The arrows attach well to the objects and it has a range of output formats.
The unfinished graph displays neuroinformatics databases and web-linkable identifiers between them: My Brede Wiki and Brede Database along with fMRIDC, OpenfMRI, Cognitive Atlas, CogPO, IBVD, SumsDB, BODB, CoCoMac and the more general PubMed.
There is an arrow from PubMed to the Brede Database. That is because someone (not me) apparently has defined LinkOut for the Brede Database. Thank you.
Ulla Danielsen seems to be the only one updating on the case of Poul Thorsen and now reports that the tax evasion case against Poul Thorsen has been dismissed. It has been dismissed because of technical deficits in the indictment.
The court case has apparently been postponed multiple times, Danielsen writes.
Jens Ramskov seems to be the only other in Denmark reporting about the case lately. He had an article in December 2011.
If I understand it correctly the tax evasion court case is just one aspect of the Thorsen case.
mysql-server-5.0 is a virtual package in Debian Squeeze relying on mysql-server-5.1 while I seemed to have 5.0.51a-24+lenny5. The distribution upgrade from Lenny to Debian apparently didn’t upgrade the Mysql-server!? So was I off the security updates and with several vulnerabilities in the first part of the year?
One page on the Internet by Wolfgang Karall suggested installing the mysql-server package and purging the mysql-server-5.0 package, and I tried the following.
$ aptitude install mysql-server
$ aptitude purge mysql-server-5.0
$ /etc/init.d/mysql start
And yet my wiki runs.
So Posterous has been acquired by Twitter. Great. And Posterous Spaces will remain up and running without disruption. Great.
“Twitter says that it will give users “ample notice” if it is going to make any changes to the service. We’ll take them at their word on this one, but if I was someone running a personal blog on Posterous, I would think about finding another place to host it soon.”
“So, in other words, Posterous will be available to you now, but we’ll let you know if we plan on shutting it down. That must be a fairly likely scenario to warrant that language being included in the initial announcement of the acquisition.”
To test an aspect of Adobe Acrobat (PDF to text conversion) I installed the program. Not that good an idea. I downloaded the installation program from the Adobe homepage, did a sudo ./AdbeRdr9.4.7-1_i486linux_enu.bin and now my Firefox was entangled with its plugin.“sudo rm -r /opt/Adobe” did not help. It apparently installed a .so file in ~/.mozilla/plugins. nppdf.so, that is apparently not a part of Debian/Ubuntu. I erased that. If you go to Firefox menu Tools
“Manage Content Plug-ins” I still see four lines of the Adobe issue. One should think that right clicking or deleting would work. No. “$ rm -r ~/.adobe/” didn’t help. With “$ egrep -r “Acrobat” ~/.mozilla/*” I tracked down “pluginreg.dat” and erased appropriate lines from “[PLUGINS]” section. Put that didn’t help. “$ locate nppdf.so” showed a lot of issues, and “$ sudo rm `locate nppdf.so`” apparently helped, as now PDFs open in evince. Next time I should really try to see if there is a package, so “aptitude purge” or reconfiguration are possible. BTW: The text conversion in Adobe Acrobat was not that good compared to other programs I tried. It found “fi” and “fl” ligature problem, two-column problem, greek character problem. Python library pyPdf might be promising as you might redefine the ‘extractText()’ method attempting an attack on the ligatures and other strange characters. pdftotext and PDFbox was also interesting. Any comments on this?
Some weeks ago the central Danish online authentication, NemID, which protects Danish Internet Banking, online tax system, health records, etc. got hacked and 700’000 Kroner was taken from 8 customers at Danske Bank.Here are some issues I find interesting:
- The bank did not discover the attack as it had lower the security mechanisms because it trusted NemID.
- Apparently, it was the business customer Simon Jonassen, the guy behind Roust IT, that discovered the irregularity and alerted the bank on 6 February 2012. Simon ran as admin user on a Microsoft Windows XP SP2
- Nets DanID first alerted the public on the 10 February. Four days after they received the alert from Simon Jonassen
- The attack was real-time phishing where a trojan, now termed BankTexeasy, made an extra popup-window during netbanking session that would fool the unsuspecting user to type in the one-time pad an extra time.
- The trojan was newly developed running under the radar of antivirus software and it was apparently only distributed to Denmark.
- The customers who got the trojan had apparently visited a legitimite web-site that was infected. They did not get it from a suspicious website or from following a link in a spam mail.
- The software used three different vulnerabilities. (I think they were not zero-day vulnerabilities)
- The trojan emptied the bank account.
- The trojan also harvested passwords.
- After the attack the trojan would erase files on the computer, essentially breaking the system.
- Two months ago a banker told Poul Henning Kamp that “Denmark was all too small for anyone to bother writing a trojan to NemID”. This was utter hubris.
- If you get hacked and loose money the bank may not refund you if your account is for business and not a privat account. This probably also applies for zero-day attacks.