Posts by storner 141 publicly visible posts • joined 25 May 2011
Danish schools have been using Google Chromebooks and Google tools for several years. Then the Danish Data Protection Agency (which is definitely not very eager to tread on anyones toes) came up with a ruling saying "you cannot use Google in schools" after a parent complained that their kids' personal data ended up in the US.
It's just the same as the german Office 365 decision.
And of course all of the schools and local governments are up in arms about it.
So the Aussies have a bullet-proof way of determining who is behind an attack, and are completely ready to go after the evil-doers in Russia, China and North Korea. Sounds like a plan ...
May I suggest that the government sanctions the companies who have such lax protection of their citizens' highly sensitive data? Eg fine them so hard that it actually pays off to really protect data instead of merely doing checkbox-compliance meaningless "audits".
Cyberinsurance doesn't work. 1) it will never cover the actual cost; 2) it gives companies an incentive to just pay up instead of fixing their rotten security; and 3) it simply tells the criminals to increase their demands because someone else is paying.
Adding state funds to the pot just makes the whole thing worse (except for the insurance companies, obviously).
I know from personal experience that you can get a *lot* of real security for the cost of cyberinsurance. So drop the insurance, and use the funds for something better.
"warm office"?? Dream on - here in Denmark, there is a government mandated max of 19 C at all offices during the winter.
Officially, it only applies to government and municipality offices. But of course every penny-pinching beancounter will jump on it.
So the only place I have a warm office is when working from home. Which is what I plan to do as much as possible.
"SmartTub, like other IoT products, lets users control their appliance from outside the home using an app."
Why oh why would it be useful to control my Jacuzzi *from outside my home*??? I mean, it's not like I can teleport into the hottub from 200 km/miles away, after setting it to a comfortable temperature.
Requiring that normal software customers must verify the integrity of software distributed via official channels is completely impossible.
Get some detection systems instead and keep an eye out for behaviour that indicates a compromise. That will catch not only supplychain attacks, but also any other kind of attack.
Then go BYOD - even more savings for the company beancounters, yay!
Seriously, with my company going all-in on Microsoft 365 solutions and other SaaS stuff, it is quite rare that I actually need my company laptop for work. Even the company VPN connection is rarely needed.
"Alcohol-fuelled Danish film directed by Thomas Vinterberg takes the top prize for non-English language film at the Academy Awards"
https://www.theguardian.com/film/2021/apr/26/another-round-starring-mads-mikkelsen-wins-best-international-feature-oscar
(Too obvious an icon, sorry...)
Indeed. And greenlanders - including the winning IA party - really would like to separate from Denmark and gain independence. That costs a lot, so at some point they'll have to decide between independence and mining, or remaining part of the Kingdom of Denmark and keeping the RME's buried beneath Kvanefjell.
But keeping the chinese out of the loop would probably be a good idea.
Somewhat along the lines of this story...
Every danish citizen has a unique identity-number issued at birth. System was designed in the 1960's, so obviously had to carefully consider how much data to store - meaning they ended up with a number including the date of birth in the DDMMYY format: DDMMYY-NNNN, the last 4 digits being a sequence number.
Except it wasn't quite a sequence number, because some bright fellow decided that it would be nice to distinguish between men and women, so the last digit is odd for men and even for women. (You can guess how the transgenders feel about that). Another bright fellow discovered that in 1960 they actually had grandparents born in the 1800's, so the first digit of the sequence number was used to encode the century: 0-4 if you were born in the 1900's, and 5-9 for the old people from the 1800's. Guess how that worked once year 2000 turned up, and we still had some people alive from the 1800's.
As the final twist, the sequence number also acted as a checksum of the entire identity number, with each digit multiplied by a specific factor, added together, and the sum had to be divisible by 11. Bizarre, and with the additional "feature" that you can only have about 250 people born on any one day. This wasn't really a problem until people started arriving from countries where you really don't care much about when you were born, so a third bright fellow decided that if the date of birth was unknown, assume Jan 1st of a year that seems plausible. Guess what happened when a surge of asylum seekers arrived one day...
So the checksumming was abandoned. But the identity number is used by every single public and private sector business, so quite a bit of scrambling when they had to remove that check from the customer entry forms.
Public sector IT disasters - you cannot make them up, they are for real.
Cheques? How quaint ...
Banks here (Denmark) stopped accepting cheques for payment a couple of years ago. Nowadays, gift cards from shops are issued as credit cards. If you want to transfer cash we use cell phones and telephone numbers (not bank account numbers). We haven't gone all cash-less yet, but we're getting there. The Virus has sped things up somewhat, even among the greybeards.
Fingerprint authentication is so horribly broken - the guys at Talos tried it: https://blog.talosintelligence.com/2020/04/fingerprint-research.html
TL;DR version: All fingerprint systems can be bypassed with simple techniques. Two exceptions: Samsung's A70 cannot recognize any fingerprints, even valid ones. And the MS Windows implementation seems to work just fine.
As I understand, you can enable this kind of checking. https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-password-protection-is-now-generally-available/ba-p/377487
Yes it says "Azure AD", but it does offer the same for an on-premise (or at least hybrid) environment.
And that is to ensure an orderly transfer to another person or group.
There are a lot of one-man/woman open-source projects. An impressive number of them work very well - I ran one myself for 10 years. And I always knew that one day I would have to assign that duty to someone else. You really must plan ahead for when that day comes.
My iPad chargers have a completely standard USB output, it's only the cable that has a Lightning connector on one end. So what's the fuss about chargers?
IMNSHO, standardizing wall plugs would make a lot more sense.
(Paris, because I'm sure she doesn't understand either --->)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2022
