Security & privacy blog

I am an experienced IT-security engineer, consultant and project manager with more than 10 years under my belt. In this category I publish my own whitepapers and findings as well as warnings and interesting information from other corners of the web.

German IT-news service heise online reports about a dangerous change which comes with the update of Google's Android app store "Play". According to heise, after the update, app permissions will be organized in groups and apps can request new permissions from a permission group for which they already have permission, without additional user approval. Until now, users have to explicitly approve every newly requested permission on update.

I hold a Finnish identity card with strong authentication certificate (FINeID). The FINeID website states, this card could also be used for online banking, so I contacted my bank Nordea and asked how to do that. The first answer was a mile long copy-paste text about the FINeID card which was no clear answer to my question, so I asked again and received the information that Nordea Finland offers any kind of card authentication only for business customers. After I pointed out that the current code system is obsolete and insecure and that I used HBCI cards for online banking in Germany already 10 years before I moved to Finland, the customer service replied that Nordea's netbank code system was oldfashioned but quite secure.

Well, let's have a look at how secure the system really is...

Page 1 of 2