Yet again, this time a not quite that oldie one without further ado…:
[Ohw source … Something-Compa… Supportica IT company. Sorry!]
Tag: Privacy
AVG is the Law
If you wondered whether (if?) I’ve gone besirk and declare some little anti-malware tool to be officially authorised: No. What then? A Yes. Because whenever you read ‘AVG’ related to the Netherlands, you’ll find it’s the Law indeed. Being a fumbled translation of the GDPR. And full of the lawyers’ stuff on detail, demonstrating incapacity to understand the issues that the GDPR was originally trying to tackle. Of course, these got watered down to ineffectiveness before even being officially issued (and that’s not per 25/5/2018 but already behind us ..!!). So we find ourselves now in a struggle on all sides for clarity and practically viable interpretations – vis-à-vis some specific law. From a legal perspective, this might work; just wait for jurisprudence (authoritative-case law) and all will become clear. From every other of the asymptotically-infinite number of sides (don’t even try to explain that to the eager beavers among various parties), jurisprudence means the death of their organisation and of all employment that goes along with, is built upon that including the livelihoods and perspectives for a decently doable pursuit of happiness of employees and their (extended) families invloved.
So NO, you cannot leave things to jurisprudence, to case law. Modern society has moved far beyond that, leaving all trailing in understanding that, in the dust of ignomy and ridicule. We the People (of the EU++, and of the world affected) need clarity upfront.
Awwww this is turning into a rant. Which wasn’t the purpose, which was just to point out the irony of one antimalware-maker’s name being now wringed into something laughing-stock [ with an ? or an ! ].
Oh, plus:
[(From analog to digital when the latter wasn’t much good yet) sinking into the landscape, this time perfectly as intended, not out of shame; Melvyn Maxwell and Sara Stein Smith House, Bloomfield Hills MI]
Extra, extra! A Fine!
It was bound to happen: Fines! For privacy violations! Oh how do the Frightful Five shudder at the thought of these economic penalties that will down their businesses. Not so much. Is there anyone that thinks the fines will do better under the GDPR regime ..?
Kindergarten dreams. If all people are nice to each other there will be no more war and world peace. If GDPR kicks in …
Plus:
[An air of nice, just the air; not Nice but 4711 Cologne]
Fighting the Fifth Estate
The Fourth Estate it was called, before it succumbed to sycophantry and fake news. The journalistic world, that by its moral code and behaviour cleansed the news so that the trias politica, and the populace, could do its job of monitoring and correcting each other.
Now that the fourth is no more (effective) [edited to add: some holdouts, like Bellingcat], but the Fifth is (Facebook, Google, … the Frightful Five), one might need extra resources to get the first few scratches of control back.
With this little device. An anti-bug. Not preventative yet, but detective with resilience against detection. Counter-intelligence.
Oh this was just a HT to the developers. And BTW, any half-decent TLA would support these guys [edited to add again: Bellingcat], for their adherence to lofty principles does in fact align with the ultimate, ulterior purpose of any country’s TLAs. Only the stupid will fight against noble straight-backs.
Oh and:
[Yes even HMs GCHQ would, in principle, concur. Or, they work for the Dark Side; London]
AI Blue-on-Blue
We keep on hearing these great things about how AI will help us in the battle against no-gooders qua information security. Like, in hunting for bugs in software (as asked for here, borne out in various much more recent cases or rather, news items hinting at pilot prototype vapourware) or hunting for fraudsters, possibly hiding in plain sight (superrrintelligent anomaly detection; unsure how false positives / false negatives are handled…).
Where on the Other side, great strides are also feared to be made. Deploying AI to improve (better fuzzify) attack vectors, and help with improvements in evasion and intelligence gathering in various other ways.
Pitted against each other …
When you know what Blue On Blue stands for (first of this), you will now see it coming, inevitably. What if autonomous (for speed of response!) retaliation kicks in …?
Never mind. I’ll like the fireworks show. Plus:
[Yeah, yeah, ships are safe in harbour but that’s not what they’re made for – I’ll just enjoy this view from a truly excellent restaurant; Marzamemi Sicily]
Stochastic culture (change)
This ‘personal research’ hobby of mine had taken me into the ‘From Security Awareness all the way to Behavioural Change’ alley(s).
Where it got stuck. Among others, through the realisation that ‘culture’ as such doesn’t exist, certainy not within larger organisations. Local cultures, yes. Overall cultures … maybe as the most degenerate common denominator; the more numbers you throw in a basket, asymptotically but very fast the common denominator will come crashing down to 1.
In infosecland, it’s worse. To actually adress and change the oft unconscious parts of personal culture (behaviour), one has to move away from organisation-wide awareness training ouch if you call it that, all are lost – into the realms of individual coaching, for each and every employee.
But then the stochastic cooling of particle physics rears its head, as a phrase that is. Can we somehow differentiate the to-be-learned from one-size-fits-all into separate sets of behaviours to be rote trained (in practical use; experienced) so the sets become unconscious behaviour(s), and then overlay these transparent sets [Remember, the ‘sheets’ you could stack on an overhead projector? You don’t – even know from a museum what an overhead projector is… Oh. ed.] over the organisation populace, according / in relation to the expectance to need such behaviour ..?
I’m rambling, as usual. Anyway:
[Not all grapes are evenly grown, still great wine is made without stochasctics…; Valle dell’Acate]
Where art thou, APT ..?
In line with some previous posts, about e.g., the Maker Movement, I’d like to ask if anyone knows the whereabouts of all those pesky APTs that were around a couple of years ago. Oh, yes I do know they’re in your infra everywhere all the time, but qua publicity, qua countermeasures ..?
I would like to hope that in this case, more contrary to its nature you can’t get, it would indeed bebecause (sic) of having been dealt with sufficiently in the past. Or the whole APT thing turned out to be a [any country’s] TLA move – of a side with ample publicity-suppressive powers everywhere.
But that would be day-dreaming. So, I’d like to ask your insights…
And:
[[Fuzzyfied] Oh, just some storage room in my house. Or, somewhat more, at the Royal palace, Dam, Amsterdam]
No confidence voting
Why would it surprise anyone that these here results came out of the Defcon 25 Voting Machine Hacking Village ..?
More importantly, where is the true side-by-side comparison of trraditional paper-only voting against all safeguards thinkable by today’s voting protocol science ..? (As here and here, to name a very few of the tons out there)
And, where can blockchain fundamentals be applied to ‘vote’ more equally and/or provide a graceful degradation or (hacked to breach to skew) error correction mechanism ..? Preferably with two-round- and/or multicameral (2+) systems tweakability; that would be grand.
All else that would need to be arranged, would be … [similar to encryption in general practice…] error-free, tampering-boobytrapped implementations… Good luck with that. And:
[Museum of tamper-free hence ?? abandoned voting system ..? No. But a museum, Lissabon/Belém]
Dubbeltestje
Ubent nu onderdeel van een testje. Niet statistisch verantwoord, maar dat is sowieso vrijwel nergens te vinden; dát zijn pas unicorns …
Anyway, without further ado, let’s see how many (huh) hits this post will get when it’s half-Dutch. When you’d interpret that as half-baked, you’re correct…(?)
Terwijl er tegenwoordig héél wat luipaarden zijn, die nu dus voor de foute partijen kiezen contra het vage clubje, “ze”, die de leeuwen zijn in dezen. De welpjes, die hebben nergens benul van noch hebben ze ooit iets fout gedaan (?). Etc.; het is allemaal nog heel relevant vandaag de dag.
And, on a lighter note:
Diving under, almost, everything
Dindn’t we feel it coming, if not in the air tonight than at least, after we signalled that BIOSes had been targeted… that there’s always a layer deeper one has to be on guard for infosec leakage and backdoors… How did this ‘surface’? Bypassing all the O/S features …
Just putting in down here. E.g., which, how many, platforms would be vulnerable to this; how much and what sorts of traffic could you send around through this …? Would one be able, when in so deep, to pick up system/sysadmin/root rights/credentials when browsing around ..?
And here we (not) are, all fleeing to the End User Is Stupid mantra, away from our own failings in tech but hey, users are the weakest link so we shove tons of hard protocol i.e., stupidity, on them. And burying them in awareness smotherlectures, instead of creating real behavioural change.
Oh well. And:
[Buried under the tons of network traffic, there’s a pay(ing)load you see? Nyagra]