Heise meldete neulich:

Die Koordinatenangaben im Programm Google Earth stellen nach Ansicht des Sicherheitsexperten Klaus Dieter Matschke ein Sicherheitsrisiko für die Fußball-WM in Deutschland dar.

Zuerst sollte man aber wohl GPS abschalten, denn wenn ich mit einem mobilen GPS-Empfänger in das Stadion gehe (z.B. zu einem Bundesliga-Spiel, mir ist nicht bekannt dass das Stadion vor der WM umziehen würde) kann ich mir die Koordinaten genauso genau ermitteln, oder? Oder indem ich mit dem Auto einmal aussenrum fahre, und so die Mitte bestimme. Oder die Straßenpläne anschaue. Genauer gesagt sollte die Messung mittels mehrerer Punkte, wie mit GPS möglich, sogar die Genauigkeit deutlich erhöhen. Am besten noch zu unterschiedlichen Zeitpunkten, damit die Satelliten vielleicht gerade anders stehen, oder andere zur Messung verwendet werden. Also einfach mal rund ums Stadion spazieren gehen.

Tut mir leid, es ist lächerlich anzunehmen, dass Terroristen die Koordinaten bei Google Earth ablesen. Die werden wahrscheinlich so genau angezeigt, sind aber nicht so genau.

Jedenfalls hat sich bei dem letzten Satellitenfoto-Update von Google unser Garten ca. 15 Meter verschoben. Würden wir ne Scud-Rakete in unseren Garten feuern, würden wir dann wohl einen Baum beim Nachbarn treffen.

Ausserdem haben die berühmten "Schurkenstaaten", und Terroristen die auf dem Schwarzmarkt Scud-Raketen einkaufen, auch ganz andere Quellen als Google Earth. Das würde ich vielleicht nutzen um einen selbstgebauten Propellerflieger drüberfliegen zu lassen... Aber wer für teures Geld eine Rakete kauft, wird nicht an dem Kartenmaterial und den Koordinaten sparen.

Terroristen, die einen Anschlag auf ein WM-Stadion vorhaben, würden aber vermutlich auf eine noch ältere Technologie setzen als GPS: Peilsender. Die Bauteile dafür findet man wahrscheinlich in jedem Mobiltelefon. Also "einfach" einen Märtyrer ins Stadion schicken, unbewaffnet. Vielleicht sogar nichtsahnend, was jemand mit seinem Handy gemacht hat.

I just checked out alexa.com, and was very surprised to see graphs for my blogs domain. (Note: the other stuff in the same domain has even less visitors; alexa says 75% are on the blog)

Apparently, one day beginning of april, drinsama.de made it into the top 100.000 domains at alexa again (happened in january and february, too). This very likely was my blog posting on running MSIE on Linux (whyever you might want to do that...).

But their numbers are just absurdly off. They claim my blog has a reach of 20 Mio users. My ModLogAn, which uses the actual access logs, lists a peak of 358 visitors on April 4 (average is around 300 for March, 220 average in April so far). This doesn't include readers on Planet Debian, which is probably the largest share. At alexa, the domain peaked at .6 million pageviews - ModLogAn says 10k.

I have, however, lots of referrals from Digg.com, Reddit.com and del.icio.us this month, since they've picked up my MSIE posting. Maybe this will happen again with the Cross-platform virus posting.

I do think it has to do with users using the alexa toolbar and similar things (there is a nice firefox extension for showing Google Pagerank and Alexa traffic rating). My personal homepage, which is totall overrated in Google and has had an average of 1000 unique daily visitors in December and January, never made it that highly into alexa. While having three times as many visitors, alexa thinks it's 3-4 times worse.

The difference is probably the power users. My personal page doesn't have "power visitors" like my blog.

Apples latest move - BootCamp - can turn out quiet bad for Microsoft.

By allowing users to install Windows XP additionally to OSX on it's newer machines, many people will buy a Mac (because of it's design, and the ability to try out OSX while still having Windows available). They'll install Windows. But one time or another, Windows will fail them, and they boot up their OSX. And eventually notice that it's better, prettier, easier to use.

And they'll see the price of buying Windows licenses.

If Microsoft doesn't manage to launch Vista before christmas, and offer something relevant for the users with Vista (a prettier UI and a malware detector isn't enough, and noone believes Microsofts security promises anymore), they'll lose quite a bit of the christmas sales.

I wonder when Dell and Samsung will start selling PCs with OSX, too, now that it's no longer an either-or decision.

Many IT news websites have been reporting that there is a new proof-of-concept "cross-platform" virus for both Windows and Linux.

This is largely overrated. There are a couple of reasons why this type of virus poses no threat to Linux users:

• Linux users can't write their applications, so the virus can't infect the executeable files (at least for non-programmer users)
• Linux users get their software from a trusted source, cryptographically protected software packages by their distributor. There is (fortunately) not this tradition of downloading untrusted shareware from random sites and running it (although autopackage tries to abolish this)
• Linux distributions often compile their software using so-called "build daemons" and "personal package builder" which build software in a cleanroom environment. While this was introduced to ensure that software can automatically be recompiled and to allow developers to have "unreleased" experimental software on their own computers, this also effectively can prevent a virus from injecting itself into a distribution via an infected developer PC
• Viruses ("traditional viruses") that infect exe files are not too common anymore, all major virus attackes the last years were "worms" using bugs in (Microsoft) software.
  Attacks usually only work with a specific version of a specific application (usually Outlook Express as shipped with Windows and Outlook from Office) but the Linux community is using too many different versions (the Debian package will be slightly different from the Fedora, although the difference doesn't play any role to the user) and too different applications (there are tons of different email clients and browsers in use on Linux)

So overall, this threat is very theoretic.

However, the Linux community should consider defense mechanisms for this. Debian can already verify the integrity of most of its files via md5sums, but some tools (e.g. prelink, to improve application start times) will modify the applications and thus the md5sums.

A couple of measures we could/should probably do:

• Run virus checks on software uploaded, as extra safety net
• Ship a basic virus scanner
• Find a way to get the benefits of prelink without having to modify the executeable files
• Don't encourage users to use autopackage and such, but explain them the concept of "trusted software" for virus protection
• Log/alert on write attempts to /bin, /sbin, /usr/bin, /usr/sbin and other dirs that should only be touched by the distributions package manager
• Add sandbox facilities e.g. for webbrowsers and email programs (e.g. using SELinux)

These measures could make it even less attractive to write attacks against Linux software.

I can't assess the potential security issues we might "inherit" from the Windows platform by offering the Mono C# implementation. This basically means that some of the to-come malware for Windows will run on Linux, too. Only if users try to run their Windows shareware, of course.

[Update: another win32+linux virus, from 2001. Noone cared, nothing happened.]