Germany is on the brink of introducing new biometric identification cards. Those new IDs not only replace the old cards, but can also be used for identification online, for instance to contact public authorities.

That sounds great on paper. The system uses a similar concept as the well known banking standard HBCI. Users get a chip reader with their cards for online use. They put the chip into the card and need to enter a pin for security reasons whenever they sign an application or need to identify themselves online.

Members of the German Chaos Computer Club, in cooperation with Swiss security experts, have demonstrated that the security on the new ID cards is not hack-proof.

They have identified several weaknesses, including:

• Attacking computers with trojans or man in the middle attacks. Card owners with basic card readers (without a physical numpad to enter the pin) are affected by this. More advanced card readers are still prone for other attacks, including man in the middle. A million of those basic kits were ordered by the German authorities.
• Card contents and identities can be copied.
• No application standards for signing legal documents. The experts demonstrated that with a PDF and JavaScript contents. The JavaScript contents were not displayed to the signer of the contract, while they were displayed in Adobe’s PDF reader. This means that legally binding contracts can be signed by ID card owners without them seeing all contents on the contracts.

What can users do to protect their cards against abuse? Germans can get an old identification card until October this year. If a new ID card is the only option, users should make sure to either get a more advanced card reader with numpad to protect against the most basic attack forms, or make the chip on the card invalid.

How this can be done was demonstrated by a ninth grade school class some weeks ago. Brave new world, here we come..

The announcement follows a meeting with Google, Apple and other companies to discuss how personal data can be accessed online and at a time when mainstream German newspaper Der Spiegel has reported several hundred thousand people have opted out of the Street View service.

The German Interior Minister, Thomas de Maizeire, said in a statement that the code would enable users to obtain information on the gathering and intended usage of data “in a user-friendly way”.

Google Street View allows people to use the Google Maps service to “walk through” streets around the world and while in some countries people have had car licence plates and faces obscured, the people of Germany will be able to have entire houses removed before the service launches in the country.

Germany has some of the toughest privacy laws in Europe and even a centralised agency responsible for overseeing privacy and data collection legislation with a data commissioner for every state in the country.

This has all come about after Google admitted “erroneously” collecting data from unsecured wi-fi networks in over 30 countries using it’s Street View vans.  Several countries including France, Germany and Australia are still investigating the affair and in the US, Google is facing a class action lawsuit backed by 38 states.

The German Federal Criminal Office has the authority to add new websites and domains to the list. A website can for instance be added instantly if it is hosted outside of the European Union. A committee has been designated to perform spot checks on the list every three months.

The law itself was pushed mainly as a law to fight child pornography on the Internet. It was always denied that it would be used to censor websites for different reasons although some politicians have already mentioned that they would like to include violent video games or hate sites in the list as well.

Internet providers have the sole responsibility to provide the infrastructure and maintain the web censorship filters. This includes organizations like Universities but also some businesses with more than 10000 employees. The technique employed to filter websites that are on the web censorship list is simply blocking the domain name. Users who enter the IP can visit the site normally. (via Heise (German))

A restaurant owner in Germany had the brilliant idea to replace waiters with a automated system that would send the food on rails right from the kitchen to the customer who ordered the dish. Customers order their dishes using a touchscreen that is also keeping them informed about deliver time and managing payments with an ATM like system.

The kitchen is located on the top floor of the restaurant and dishes are servered using the rail like system and gravity to reach the customers. No word however on how the plates are making their way up again after the visitor finishes his meal.

Read More:

Baggers Homepage

According to heise online only the houses of users with more than 500 files in their share have been raided. About 14 gigabytes of data was saved in logfiles during the two month observation. About 800.000 file transfers have been logged as well. Rumors that emerged at the slyck forums point to dark-force-elite.org 85.25.134.173:4661 as the server which has been logged and probably is still logged.