Re: Criminalize paying ransom
and then the ransomware groups will contract people to kidnap family members of the board.
Thus turning it into Pay and goto jail or don't pay and bad things will happen to your friends and family
Posts by Mixedbag
28 publicly visible posts • joined 8 Dec 2011
EU’s cyber agency blames ransomware as Euro airport check-in chaos continues
Cloudflare fesses up to config change that borked internet access for all
Thursday 17th July 2025 08:14 GMT
Re: Screwed up but confessed
Cloudflare never fail to impress with how transparent they are when they screw up and how quickly and well written the post incident report is. Very few other orgs get that this is the way to retain trust.
Stuff is always going to go wrong or changes have unexpected consequences, it how you handle it that matters.
Airbus okays use of ‘Taxibot’ to tow planes to the runway
Windows 11 24H2 hoards 8.63 GB of junk you can't delete
The fingerpointing starts as cyber incident at London transport body continues
CrowdStrike file update bricks Windows machines around the world
Friday 19th July 2024 07:17 GMT
If anybody is struggling to get hold of the fix here is the CS Alert text:
Tech Alert | Windows crashes related to Falcon Sensor | 2024-07-19
Cloud: US-1EU-1US-2
Published Date: Jul 18, 2024
Summary CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor.
Details
Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor.
Current Action
CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:
Workaround Steps:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
Latest Updates
2024-07-19 05:30 AM UTC | Tech Alert Published.
2024-07-19 06:30 AM UTC | Updated and added workaround details.
CAN do attitude: How thieves steal cars using network bus
Oracle really does owe HPE $3b after Supreme Court snub
Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022
Thursday 13th January 2022 14:49 GMT
reality
Very few have the time and resources to run a test environment that replicates everything in production.
Many don't have any resources for testing unless it's code their company has created or commissioned.
Sure, you don't deploy to every box at once and you start with the most trivial but those aren't going to be DC's and HyperV hosts so you'd not find the issue in a low pain fashion.
We expect for the sums of money that we are paying to MS that they do a reasonable degree of testing.
In this case, it's clear they didn't. The scenarios that seem to result in the patch's breaking fundamental windows components are not rare edge cases.
Offering Patreon subs in sterling or euros means you can be sued under GDPR, says Court of Appeal
Tuesday 4th January 2022 16:34 GMT
Re: Interesting decision
And that is probably the key point of the finding.
I had to go and check my memory as I thought GDPR was actually broad enough to always apply if the data subject or the data controller was a subject of a signed up country but from the guidance there does also have to be a targeting of the individual that had entitlement to those rights. So an incidental customer/user is fine but if you market to a UK/EU citizen then GDPR absolutely applies.
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en.
The GDPR applies to:
a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
If your company is a small and medium-sized enterprise ('SME') that processes personal data as described above you have to comply with the GDPR. However, if processing personal data isn’t a core part of your business and your activity doesn't create risks for individuals, then some obligations of the GDPR will not apply to you (for example the appointment of a Data Protection Officer ('DPO')). Note that ‘core activities’ should include activities where the processing of data forms an inextricable part of the controller’s or processor’s activities.
Examples
When the regulation applies
Your company is a small, tertiary education company operating online with an establishment based outside the EU. It targets mainly Spanish and Portuguese language universities in the EU. It offers free advice on a number of university courses and students require a username and a password to access your online material. Your company provides the said username and password once the students fill out an enrolment form.
When the regulation does not apply
Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.
This won’t hurt a bit, says Veeam, as it flags end of socket-based licensing
Cisco intros desktop switches, one with USB-C to power your laptop
UK Cabinet Office spokesman tells House of Lords: We're not being complacent about impact of SolarWinds hack
Tuesday 26th January 2021 16:51 GMT
This sort of thing is exactly why I pay as much attention to managing outbound access from our systems as inbound.
Good services we work with very readily have the necessary documentation to tell us exactly what domains, IP's and ports need to be made accessible.
Poor ones go 'Why do you restrict access out to the internet? I'll have to go and ask some other team if we know'.
Morrisons tells top court it's not liable for staffer who nicked payroll data of 100,000 employees
Friday 8th November 2019 12:18 GMT
Re: Depends if decent efforts at data security made by Morrisons
And if as if oft the case your pay role system does not have an inbuilt function to assess pay rises and create a mail merge to print letter for each employee for their revised remuneration?
And yes printing physical letters for such things is still a requirement, in some cases because of what is written in union arrangement but more commonly because not all of your employees will have an email address or at least not one they wish to share with their employee.
£1bn Brit court digitisation scheme would be great ... if Wi-Fi situation wasn't 'wholly inadequate'
Monday 4th November 2019 10:09 GMT 
Unfortunately, these things need internet to work
Seeing the way government seems to 'work', the solution to the wifi not working well enough will not be to spend maybe £20,000 per building on getting a well engineered wifi solution but will decide that all the buildings are not suited to working with digital technology.
Therefore they will spend several millions per building knocking it down and building a new one.
Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee
Thursday 29th November 2018 11:34 GMT
Not sure that its been well publicised
I 'm suspecting that a high number of these are because people simply didn't know they needed to, thinking that GDPR removed the need to do so.
However a new bit of regulation "Data Protection (Charges and Information) Regulations 2018" created a new fee to replace the one lost by the superseeding Data Protection Act 1998.
UK privacy watchdog to fine Facebook 18 mins of profit (£500,000) for Cambridge Analytica
Wednesday 11th July 2018 09:00 GMT 
Seems inconsistant
Firstly we have to remember here that the incident occurred prior to GDPR so the requirements and penalty's differ from what they would be today.
Regardless of Facebook's ability to pay, the fine seems too high in comparison to other cases.
TalkTalk caused potential harm to a large number of its customers by failing to implement basic security controls, and failed to act on warnings it had previously been given. In other words it was considered to have been willfully negligent.
Facebook is being fined for not being quite clear enough about what data was being shared with who and being lied to by Cambridge Analytica who said they had deleted the data when Facebook became aware it was being misused but in fact didn't.
So they did tell users what they were letting happen with their information, and they did act when somebody did something incorrect with it. Not willful and not negligent and yet they get fined more than they would have done if they had failed to try and protect the information.
Digital version of Universal Credit still pricey, wobbly, failing to deliver – MPs
Thursday 8th February 2018 14:52 GMT
Er dont they already have a system they could use
Its not the most friendly in the world but it does seem to work decently well and it's called GovermentGatewayID
works perfectly well and robustly enough for dealing with HMRC and that includes functions where they owe you.
Why are they reinventing the wheel, particularity when that already have a wheel that was designed for the purpose?
Austrian privacy chief handed leash to EU's data protection beast
Thursday 8th February 2018 08:36 GMT
It's a regulation
The EU has two main types of acts. Regulations and Directives.
Directives are instructions to EU states to create their own legislation that meets the intent of the directive.
Regulations are exactly that and are automatically part of the law in all EU states.
However that does not stop states creating legislation that goes further than an EU regulation and that along with ensuring that we already have rules in place that will cause us to meet Data Protection adequacy requirements when we have left the EU is what the UK government are currently doing.
I expect how they will enforce any fines once we have left the EU is the same way as they will for any other non EU country. They will send a bill and if you don't pay it then any official from the organisation setting foot in the EU will be arrested.
Biting the hand that feeds IT
