So today we have the news that a top plastic surgery outfit has been breached by hackers. Included in the haul: before and after pictures of celebrities’ improved nether regions. Never thought I’d be able to include labiaplasty as a keyword in this blog. Hard to think of anything more intrusive by way of data … Continue reading Article 9 – it’s not just a number
Why do I bang on so much about training? If driverless cars are the future, why can't machine learning give us perfectly secure networks? Here's a quote from an interview with Steve Furber in The Register. He says it better than I can: Furber gives the example of Google's much-publicised triumph when its network, having … Continue reading Wetware beats hardware
I am so tired of seeing stable doors bolted. It seems that anyone who has stewardship of sensitive data largely ignores that responsibility until they’ve been compromised, then rushes to spend fortunes proving how much better they’re going to do it in future. I’m looking at you, TalkTalk, but I’m also thinking of Equifax. After … Continue reading Can’t you just pretend you’ve been hacked?
I’ve been re-reading the Article 29 Working Party’s report on workplace monitoring. I mean, who’d be rockstar when you can have my life? Anyway, I thought this section merited reproduction in full: 5.8 Processing operations involving disclosure of employee data to third parties It has become increasingly common for companies to transmit their employees’ data … Continue reading Yay! No more “our team” pages
It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too
Reuters: Ransomware virus hits computer servers across the globe I told you so. And yes, it looks like it's the same attack method as WannaCry. This time without a killswitch. Did you do anything after WannaCry? Looks like lots of people didn't... Backup now. Patch MS-CVE-2017-010 now. Patch MS-CVE-2017-0199 now. Turn off SMB1 now. Send out … Continue reading I told you so
UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief
I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort
Being involved in cyber-security can be quite depressing. So much of the time we see things that make life better for many people being spoiled by a few bad hats. I can't help feeling this is getting worse, and that our digital future will be more paranoid, more cautious, less global and considerably less convenient … Continue reading Have we passed peak convenience?
I will say this only once. Just because WannaCrypt turned out not to be the end of the world, and Microsoft unexpectedly released patches for unsupported operating systems, and Trump dropped the ball again, and there’s an election in the UK, and you’re bored with cynical marketing emails from IT companies, so you’ve moved on…it … Continue reading Now pay attention