Tag: IT security

Too late for GDPR compliance ..? Click here to pay up

It seems like everyone’s finally waking up to the fact that ‘GDPR D-day’ is less than 283 days ahead.
Yes I checked. And I didn’t discount for weekends – minus 80 days, more of less –, holidays – either the normal kind, at some three weeks in this period, or the sanctified ‘bank holidays’ for those that say they don’t believe in holidays, or say they do but still are too awkward sheep to actually go on normal holidays, maybe a week in total – and the year-end curfew on all IT changes because business is doing things they have done for years, decades, and still haven’t mastered apparently.
So, we’re more in the area of 100-150 business days left.

Before what …!?

GDPR has power of law per … 20 days after its publication in the EU Official Journal, on 4 May 2016 … !!!

It’s just that officially, it’s not enforceable.
And would one be able to challenge organisations already today, e.g., with the letters from hell just not from the duds?
[To the latter: The Dutch DPA was sanctioned in court four times recently for not having acted sufficiently in spirit and to the letter of their tasks. Suggest to estimate what percentage this constitutes to the actual number of cases they didn’t act sufficiently where legally, they were and are forced to; refusal to obey instructions…]

No really: ‘Civil’ law is other than administrative law, right? Enforcement is postponed, but is the requirement to comply as well ..?

Will ask legal advice. And:
[The Classics, may stay even when at an angle; NY-NY]

‘Code, you know

Recently, I was reminded again that keeping up with appearances of developments, in the IT field are difficult. And placement of commas is an art if you wondered. The culprit in this instance was this here among various articles about Low Code / No Code as a thing. The placement of intermissions is, too.

Well, I’d rather be a fan of Do Code… But I’m unsure whether that still flies, other than in classrooms around the world but not your local prep / grammar school that sorely falls behind in prepping children (‘kids’ is for their parents with diminished language competencies) for the nearest of futures.

Oh well. Just go out and yolo- / NoLoCode… Plus:
[What beautiful Frank Lloyd Wright just Jeruzalemkerk Amsterdam]

Forever young, immature infosec

Sometimes one feels like one’s in a partial Gourndhog Day or 2:22 …
When 7 december 2006, there was this meet about the maturity of infosec, as a field. Which was compared, by Yours Truly, to the then (and now!) equally immature IS audit world – which had a couple of decades more under its development belt but was is still quite immature still.

Then there’s the first paragraph of this. ’nuff said..?

And:
[This, still fresh which is a different thing …; Barça of course]

Diving under, almost, everything

Dindn’t we feel it coming, if not in the air tonight than at least, after we signalled that BIOSes had been targeted… that there’s always a layer deeper one has to be on guard for infosec leakage and backdoors… How did this ‘surface’? Bypassing all the O/S features …

Just putting in down here. E.g., which, how many, platforms would be vulnerable to this; how much and what sorts of traffic could you send around through this …? Would one be able, when in so deep, to pick up system/sysadmin/root rights/credentials when browsing around ..?

And here we (not) are, all fleeing to the End User Is Stupid mantra, away from our own failings in tech but hey, users are the weakest link so we shove tons of hard protocol i.e., stupidity, on them. And burying them in awareness smotherlectures, instead of creating real behavioural change.

Oh well. And:
[Buried under the tons of network traffic, there’s a pay(ing)load you see? Nyagra]

Sending the right message

This of course being the right message. If you can read it when I Send it you. And, for your viewing pleasure:


[Anonymous but blurry and far from privacy-complete, this physical cloud exchange…; NY Grand Central]

Goldielocks versus information security

If you expect some fable about budgets; not so much.
This post’s about the generation thing called the Goldielocks syndrome – every generation (aren’t they ever shorter, these days?) believing that they had it, and made the society they ‘created’ no less, better than any generation before and after them.
For many generations, tech is still something that ‘came in later’ [venturing that even the newest ones, will see major tech-driven societal / tools changes in their lives], and information security nitty-gritty stuff is a major part of what they experience of that technology.
And ‘we’ (all) have done a very poor job of making it easier, actually improving over what was, to take away rational arguments for the G syndrome. We rather have heaped tons of infosec micromanagement of the worst kind onto the mere use of the technology, not even mentioning the troubles in the content where automation turned into change and inefficiencies of the polished work that was, and all that to cope with issues not in the actual work but in the operation of that very technology and its (sometimes gross) imperfections that didn’t exist before.

So, we may have to re-strategise and re-implement about all that we have, qua technology and qua information security dyeing on top and after it.

There’s other reasons, too. And:
[When defences were, quite, a bit less buggy; Haut Koenigsbourg]

Drones with AI; revenge

Heard recently of an airforce that was setting up a drone squadron where the pilots (? might, given the joysticks, better be called ‘gamers’ these days, apart from the euphemistically erasure of the moral and ethical aspects, maybe) would be in that country but the drones would be stationed in some other country because stupid drone flying rules go for the DoD too.
Yes this regarded a European country [would’ve referred to NL outright if it was; ed.], you guessed that correctly from the previous.

At some point in the future, the drones inevitably will get AI because everything will get AI. And, in times of increasing hacking and comms disruptions, some autonomy would be welcome for the drones already. And, what with increasing (sic) hackability, qua security against take-overs / reprogramming / retargeting while already airborne?
By that AI time, smart enough AI to come back and take revenge for the exile on those that wrote / maintained the stupid rules ..?

Anything too outlandish to take into serious regard today, will be daily no longer newsworthy fact tomorrow. ‘Tomorrow’ may vary from tomorrow to five years; no more.

Oh and on a lighter note:[Oh hey look, a street car! Sevilla]

Weak Humans, the Top-10

Again, the reference in the title is useless but may attract more readers through Timeline/Prio Gaming(™ from now on) – and, this in return might have referred to the title but yet again, close but no cigar (again, less chances of a Cuban, anyway, for some by their own mistake).
What I meant was that humans are targeted by hackers since they’re so vulnerable read stupid may be true — relatively… actually meaning apparently Technology and [the empty shell phrase of; ed.] Process may be so perfected that hackers have nowhere else to turn to.

That, of course, is not true. Simply, false.

When looking at the disastrous error rates (bugs to be fixed, sometimes easily) in software, how would anyone be able to claim Technology is anywhere near kinda OK. And Process… Show me an office (however formal, or strikingly similar to a coffee shop of not the Amsterdam original kind, or any beach with WiFi [→ why aren’t we all there, yet …!? ed.]), and show me a ‘process’ there. Wrong. All you can show, is either concrete, chairs, etc. even if of the kanban billboard kind [how idiotically silly can one get ..?], or humans. I.e., Technology or People. Neither of which is Process. No, printer paper with some ink blots .. also not process (descriptions) but Tech..! Don’t believe the lies, people! Process doesn’t exist!
So, we have something half-crappy [surprise this blog editor still runs … ;-] and something non-existent, … and People. On what now would you want to build your security?

Ah, on the People that are the most flexible, attentive (to business objectives, not your overhead), and creative (well… but including the most meta<sup2 of abstract/meme evolution evah) that Nature has ever developed with her genetic algorithm play of Evolution.
Where did you leave your own mis- and totally-zero-understandings on Humans, to pursue Tech and “Process” (quod non) solutions to Human threats ..? Why weren’t human threats from the word Go protected against by the best that human defences could muster to protect human vulnerabilities ..? Not only qua passwords, with a method aligning with cardinal sin number …. [should re-read the Bible for that; ed.] being the quest for ever more money i.e. including the protection of what you have (see the link). But qua overall about-all controls you’d need. If done right, I bet a lot of tech controls would dwindle in significance (and possibly be executed much worse than today; zero gain).

Now I start to ramble. But you get the point, and you get:
[From here, the Strong came in. NY]

Yup, called, confirmed

Always pleasant, to read one’s (almost…) correct, on off-off-Broadway analysis and postpredictions. Like this one, corroberated here, in a way.
Yes, I kno. I almost got that correct. Enough to confirm the line of reasoning, if you read it / both correctly, they turn out correct. I’ll stop now. And:

[Check, for Dutch ad viewers; Valencia]

Some Quotum of Questions of Quantum

Am I the only one with questions how the following intertwine:
An article on how quantum-secured blockchain may be so safe, but possibly not in the hands of whom you’d want it? If in anyone’s hands at all, since no-one can be trusted forever; if you wouldn’t believe that, you declare yourself incapable of discussion on this subject…
A most brillant blog post on a related subject.
An equally insightful piece on how blockchain-of-command would lead to Totalitarianism.
An equally … Being the Why Johnny Can’t Encrypt, 2017 version. Notably, the previous versions hadn’t been patched properly…

So, you see a Perfect Storm or what ..?

Plus:

[Why did you cross the street, you chicken? M’drid]

Maverisk / Étoiles du Nord