Malmö, Sweden has strengthens its position on the list of places with the greatest problems with hijacking and skimming of credit cards. Several Swedish newspapers write about the recent operation of the Malmö police, which applies to Toys R Us in Sweden, where it has uncovered sophisticated skimming equipment. While skimming of cards is nothing new, but what surprises me is that Toys R Us doesn’t have any kind of procedures in place to control their terminals at regular or daily basis so that these have not been tampered with.

That Malmö have problems with the skimming of the cards has earlier been notified by the Police in Malmö and in turn this problem has grown to such extend that it also has been discussed at political level in the city. The problem is so large that some foreign mail order companies now refuse to send packages to Malmo-based addresses.

Unfortunately, has the banks in Sweden been extremely slowly to implement chip-based cards to their customers. Already around 1997/1998 there was large procurement of new ATMs where there was the addition of so-called smart card readers to increase security. Something that all Swedish banks categorical opted out.

Let us also hope that affected customers already has been contacted by either the card issuer or by Toys R Us, Sweden (or the main company, Top-Toy A/S, in Denmark) in connection with this fraud when it was detected and not left nine days later to the media to suggest that customers should cancel their cards…

Kim Haverblad

[Swedish version of this entry can be found here]

Bookmark to:

OOXML changes was granted without further discussion and the delegates from 87 nationals that has gathered in Geneva are exhausted and frustrated with an agenda with over thousands points of order – Chaos seems one word on everyone’s lips according to several reports from the meeting.

How do you go through 6000 pages in one week; well you don’t and this has been proven by the ISO-organisations themselves. So what do they do then? Well, the next best seems to just take the formal decisions to accepting the suggested changes without any discussion – this ought to be good enough for everyone shouldn’t it?

”There just is not enough time to cover the large number of problems in the document. I believe that a lot of the nations are frustrated with the process in general.”

This might just be the strategy from Microsoft to present a massive documentation and hope that people actually won’t read it. Microsoft learned from the first round that it didn’t quite work out that way.

Microsoft has also argued that multiple standards are better than one and says OOXML’s higher specifications make it more useful than ODF. Problem is that OOXML neglects various standards in many parts and describes function that is already in an existing ISO standard so here Microsoft actually tries to change what already exists – it’s this stupidity that lots of the critics oppose to.

Above complicated and even workarounds are shown as well in the lately released Microsoft Office file formats and one would actually think that the documentation is deliberately obfuscated. The reason for this might just be that all of it were designed to be fast on very old computers and ended up as a patch quilt and it was just easier to make a plain Copy & Paste into the OOXML.

After the meeting, the 87 national delegations attending will have until March 29 to adjust their positions, giving Microsoft another shot at a two-thirds majority.

Bookmark to:

Most people have heard about card skimming and other credit card fraud but in Swedish media there are several interesting articles regarding how a local branch office to Swedebank manage to stop a fraud transaction in the last minute. The Swedish police won’t talk about it but media claims that a bank employee took notice off that the mouse pointer on his system was moving by it self. He then quickly looked behind the computer and finally found under his desk a hidden device that was connected to the computer to remotely control his computer. Pulling the cables stopped a transfer of several million Swedish Kronor to vanish.

First question that comes in my mind is how did they manage to set up this equipment without any one taking notice? Well, according to the Swedish police there was a break in during August last year where nothing was stolen… Why didn’t that itself not raise a couple of questions? And better up; the alarm did not go off due to that the alarm wasn’t activated?!

The question that should be asked within this organisation is why would actually someone make an illegal entry with the risk of getting caught and steal nothing? Either was the person extremely stupid or didn’t find what he was looking for or they intrusion had another purpose of for example hide or tamper with the system at the bank office.

The group of seven men where arrested this Monday and Tuesday and are currently under suspicion for attempt to bank fraud and as well for preparing new similar actions.

So far the police has been very silent regarding the technology used during this fraud attempt. But a guess is that since the perpetrator had to hide an “unknown device” under the desk one could assume that they used standard available technology such as pico-itx motherboard together with either gsm or 3g modem to be able to call home or to contact the “unknown device” from remote host by for example using open available remote access software between the two computers. So actually the components used to build a tiny system is not hard at all and I highly doubt that we’re talking about James Bond technology here such as tiny keyboard logger devices with remote capabilities.

The technology is available and has been since many years to build your own equipment or buy spy kit – it’s just a matter how much money you’re willing to spend and to what extent you’re willing to hide your activities.

Keyboard loggers has been around for ages as well most interesting enough most people have actually never seen one. Keyboard loggers can easily be obtained via the internet or you can either build your own using a simple PIC16F84, and a NVRAM chip. The left images shows a home made keyboard logger and the middle shows what a typical keyboard circuit looks like and the right image what a typical keyboard logger looks like that you can get over the internet for around $80.

So once again I ask myself – why would someone make break into a bank and not steal anything without any questions asked?

Kim Haverblad

Bookmark to:

Referring to the ongoing OS/2 Open Source Petition at OS2 World there is an interesting story from inside of IBM that goes back to 1998 when I worked at IBM in Stockholm and had the opportunity of meeting Jeff Smith who at that time had the short and consist titel as Director of OS/2 Business Line and Network Computing Software.

Jeff mentioned that there actually had been quite a bit of discussion if IBM should port the OS/2 WPS to Linux environment or not. Problem was that the top management wasn’t that convinced about this little project and felt that they already stretched check book enough with the WorkSpace On-Demand (remote boot of DOS, OS2 and Windows 98). Saddly, as he stated it; it was and still is a great piece of code.

Porting it to Linix might well have been a commercial activity for IBM; question if they had done that; I would guess that they would open-sourced that code sooner or later to the Linux community. So one way or another IBM could open-source parts of the code that both the OS/2 and as well the Linux community can benefit from and they have already done that earlier with the open-source of the JFS-code that came from OS/2 portion. Of course the OS/2 community gained by this by moving the open-sourced code back to OS/2 again.

Kim Haverblad

Bookmark to:

As a big enthusiast of open source and as well since I have earlier has been product manager for OS/2 at IBM Sweden; I really feel for this great operating system that have during many years been far more productive than for example Windows XP for me should be open sourced. IBM has so far been totally ignorant to an earlier petition where almost 12.000 people signed it and didn’t even bother to answer the letter sent to them together with the signatures.

What is the current position with OS2 today then? Well, the last release from IBM was version 4.52 for both the client and server. Did it stop there? No, US based corporation Serenity picked up an OEM license at IBM and has together with Mensys in the Netherlands continued to develop and enhanced the system with new features and components such as wireless network support and as well multicore CPU support; so this old work horse still does quite fine together with the endless work of porting application from the linux community. All the major application support is there and are up to date; what more could I ask for?

Well, I really ask IBM to open vital parts of the OS/2 core components and after talks with the OS/2 development community, we have found that the following three important components will be basic to the continued development of OS/2:

• SOM (System Object Model) Core. This will also be a good contribution to the open source community in general and to the computer science educational area.
• Workplace Shell (WPS). According to press documentation, the OS/2 graphical user interface (GUI) was developed 100% by IBM. There are no third party restrictions to open sourcing it.
• OS/2 Kernel.

IBM has earlier made comments about that there are way too much 3rd party code in OS/2 and this itself makes it impossible to release the code; above 3 mentioned core components should not fall under this category and be fully possible for IBM to release – if they just should a little bit of effort…

If you agree that OS/2 should be open sourced I then invite you to participate to sign the 2nd petition at OS2 World.Com and by signing you will also get notified on the progress made.

Kim Haverblad

Bookmark to: