Important IT security websites

Government:
https://isc.sans.edu/ - "Internet Weather"
http://ics-cert.us-cert.gov/ (A)- Industrial Control Systems Cyber Emergency Response Team
http://www.enisa.europa.eu/ - Europe
https://www.bsi.bund.de/DE/Home/home_node.html - Germany
http://www.melani.admin.ch/ - Switzerland
http://dsd.gov.au/ - Australia (top 4 mitigation strategies)
http://www.nerc.com/Pages/default.aspx - North American Energy Cooperation

Companies / Groups: 
http://www.welivesecurity.com/
http://www.ccc.de/ 
http://www.heise.de/security/
http://www.isssource.com

Conferences:
http://www.defcon.org/
http://events.ccc.de/congress/?language=en
https://www.isss.ch/index.php

Threatcheck:
https://www.virustotal.com/de/

Is there a standard for biometrics? - Industrie standards für biometrische Systeme?

So far almost any biometric device handles the captured data by its own way.
This means even if two manufacturers use the same sensor and the same algorithm, they most probably use different data formats. This a disadvantage for propagation of a technology.

But it is a advantage for you as a user. Because all your biometric attributes are unique. So far only companies that asked for your biometrics got it, but as soon there will be standards, also such data can be copied and traded. And everyone knowing your digital fingerprint pattern can identify you from them without you r knowledge. So you can no longer hide. And much worse, because it is biometrics you can't change any attribute like a password (think of changing iris pattern or face geometry - impossible).

Efforts for biomtetric standards:
- FIDO Fast identity online (Google, Paypal, Lenovo)
- IREX (by nist.org) iris scan

types of biometrics:
- fingerprint
- face geometry
- voice
- iris and retina
- hand venes
- palm geometry$
- signature
- brain waves

Top Link Tips

Maps:
http://what3words.com
http://www.radroutenplaner-bw.de/ar-rrp-nvbw/de/alpregio.jsp#tpdt=cycling&tab=TourplannerTab (3D Tracks)

QR Code:

http://research.swtch.com/qr/draw QR Code mit Bild

http://www.visualead.com/qr-code-generator/5a111dbef11384cf14b450edc1d72a872964749/

3D modelling:
http://www.shapeways.com
https://www.shapeways.com/creator/?li=nav - easy tools
http://sourceforge.net/projects/stl4su/ - stl Plugin Sketchup

TouchID - The proof for fingerprint biometrics

As long, as no one is able to hack it: http://istouchidhackedyet.com/

The iPhone 5s is the proof, that fingerprint can save a device.

(At least as long as no one knows your keycode, that will be requested if 5 times a wrong finger was used to unlock)

Is the iPhone 5S finger print sensor TouchID secure => No? - Ist die Technik des iPhone 5s Fingerabdrucksensors sicher?

TouchID facts:
- Sensor (capacitive, 500 ppi, orientationless, 170 microns thin)
- TouchID was developped by AuthenTec that was bought by Apple
- the fingerprints are stored locally by the os (inside A7 processor)
- the stored data is encrypted
- unlock the screen by 4 digit code or fingerprint, because both ways are possible, you don't gain security
- it's not a fingerpint picture that gets stored, the device calculates a signature (or pattern) out of it, because this can be better stored and compared.
- a second source (2) tells, that instead of a pattern only a hash will be stored in the device. This sounds strange. The same finger will for sure be captured always slightly different. Then attributes of the captured fingerprint are taken to create a pattern. The pattern could then be hashed. Hash algorithm are collission resistent one way functions. A hash can not be reverted to original data (the pattern). So the only way to be accepted would be to create 2 100% identical hashes. This sounds impossible! Biometrics works by pattern matching and not by hash comparisation. Maybe the author of the referenced article missunderstood the system!
- by long pressing the button, Siri is activated and can be asked for phone numbers or appointments!!

- NSA has access to sensible data of iOS devices (If they need your data, they most probably get it, even it is not stored in a cloud)
- fingerprints are biometrics that can be easily fooled
- the safety you get is not worth giving biometric data like your fingerprint
- fingerprints can be stolen (copied) without your notice (from a glass, while you sleep), they are not a secret

Pattern matching:
Pattern matching is how all biometric devices work. Pictures can not be compared other ways.
Pattern matching is like counting similiar values from 2 lists, and if enough (ex. 70%) are similiar, patterns are supposed to be equal!)


open questions:
- is the living check accurate (pulse, temperature, glove with artificial fingerprint)?
   - The only statement found regarding this questions so far is:

” The RF capacitive sensor technology is built in a way that the fingerprint image has to be taken from a live finger.” (1)

- also unknown: False Acceptance Rate, False Rejection Rate of TouchID

    - 1:200 false rejection rate; >> 1:200 false acceptance rate (limited number of offenders) (2). This is good but not fantastic
- who is the manufacturer of the TouchID sensor?
- does the A7 processor have a real cryptographic storage

update 22.9.13:
ccc was able to unlock a Iphone 5S by using a photographed fingerprint (3):
"Künstlicher Finger aus Latexmilch
Um den Sensor des iPhone 5S zu überlisten, genügen ein Foto des Fingerabdrucks, das mit 2.400 dpi aufgenommen wurde, und ein Laserdrucker, der mit 1.200 dpi auf transparente Folie druckt. Auf die Folie wird dann hautfarbene Latexmilch oder weißer Holzleim aufgetragen. Nach der Trocknung ist der Fingerabdruck in gefälschter Form fertig und muss für die Benutzung nur noch durch Anhauchen angefeuchtet werden."

Conclusion: This opens a simpler way to unlock your phone than guessing your password!


Sources:
http://www.heise.de/security/meldung/Datenschuetzer-warnt-vor-Fingerabdruck-Sensor-des-iPhone-5S-1956725.html
http://www.digitaltrends.com/mobile/can-apple-hand-over-your-fingerprint-to-the-nsa/
http://inotes4you.com/2013/09/12/fingerprint-technology/comment-page-1/#comment-3202
http://mashable.com/2013/09/15/severed-finger-iphone-5s/?utm_cid=mash-com-fb-main-link (1)
http://www.faz.net/aktuell/technik-motor/computer-internet/apple-iphone-5s-im-test-der-finger-soll-in-die-zukunft-zeigen-12578153.html (2)
http://www.golem.de/news/iphone-5s-chaos-computer-club-ueberwindet-apples-touch-id-1309-101735.html (3)

Energiegehalt E-Mobil

Tesla Motors Batterie:
53 kWh
Reichweite ~320 km
375 V - 200 W Peak - 450 Kg
=117 Wh/kg

6800 Zellen
Preis xxx ?
max. Ladezyklen xxx?
Whitepaper TeslaRoadsterBatterySystem.pdf

Zum Vergleich:
Zebra (Zebra Batterie)
Preis 8000 Eruo/ 14.1 kWh
120 Wh/ kg
Reichweite 200 km (50km/h)

Bleiakku
1700 Euro/ 14.1 kWh
30 Wh/kg

NiCd-Akku
5600 Euro/ 14.1 kWh
50 Wh/kg

Benzin
11000 Wh/kg

Papier
4400 Wh/kg

Beste Raspberry Pi Shops Schweiz - wo kauft man Raspberry Zubehör

play-zone.ch - Display mit inegrierten Knöpfen
klingler.net - zum Teil sehr günstige Teile wie Pi selbst, Netzteile, Displays, Wlanstick, Bluetoothstick

adafruit.com amerikanischer Lieferant

From Whole Earth Catalog to Wired

The-Whole-Earth-Catalog was one thing that inspired Steve Jobs, he called it the bible of his generation.
First published in 1968 it showed useful tools for the anticulture (60ties culture).
The catalog in its way was a predecessor of a world wide web search engine.

In 1992 his managing editor Kevin Relly was hired to run a new magazine called wired. [1]

What ist the message of the 1st apple tv commercial - Was ist die Botschaft des ersten Apple TV Spots

"why 1984 won't be 1984" ?


In 1984, Apple introduced the apple macintosh computer for everyones home use, this was in a time were only big companies could afford "even bigger" computers, sold by companies like IBM or digital. 1984 is the same year, George Orwell used to describe the totalitarian supervision nation that dictates everything down to privacy.

[an apple tv commercial by Riddley Scott]

Those days computers were one symbol for suppressing humans. Another was the ropebelt conveyor production. Powerful machines that suppress the importance of the people by tacting their work. Or the big government you can never trust!

All of a sudden, Apple is enabling ordinary people to use a tool, that up till then only was affordable to military, governance or very huge companies.

Those days home computer felt like a coup. The rebellion for the mainstream. But meanwhile we are no longer sure if apple isn't also part of the NSA network that is supervising is.

read more 3sat

What Snowden really tells us - Was bedeuten die Enthüllungen von Snowden

- our good friends really spy on us, everyone, the whole world
- there is war, even we suppose living in freedom
- it is evident, rumors are now proven, their computers really spy at us
- its worse than "1984"
- the united states are sitting in the tower of the panopticum
- no one knows, who is good or bad, because we don't really know who is part of it (maybe Google, Apple, ...)

- and finally if the US are doing it, why should others not (Russia, Israel, China, ...)

CH: weshalb beim Nachrichtendienst Daten gestohlen werden konnten

- wenig IT Budget
- zu wenig Personal (ein DB Admin)
- Zugriff wichtiger als Security und Organisation
- Führung hat selber zu wenig IT Risikomanagement betrieben 
  (Umsetzung von Massnahmen ist Aufgabe der Mitarbeiter, Controlling kann aber nicht nach unten delegiert werden)

Ein Skandal mit vielen Vätern (Überblick)

GPDel Bericht  <= lesenwert, Vorgeschlagene Massnahmen!!

Bullrun: NSA kann verschlüsselte Dienste von Google, Yahoo und Hotmail knacken

Der Guardian veröffentlicht wie die NSA auch verschlüsselte Dienste knacken und mitlesen kann

- Programm heisst Bullrun
- NSA und Britscher Geheimdienst GCHQ arbeiten diesbezüglich zusammen
- Verschlüsselung von Email-, eBanking-, und Medizinischen Daten wurde geknackt oder geschickt unterwandert
- wo es nicht anders ging (zum Beispiel weil Verschlüsselungsmethoden zu stark sind) wurden Wege gesucht, wie man die Betreiber mit Geheimdienstmethoden unterwandern oder zur Zusammenarbeit bringen kann
- das amerikanische Programm dazu verfügt über ein Jahresbudget von 250 Mio. $


weiterlesen:
US and UK spy agencies defeat privacy and security on the internet