Posts by Drs. Security 55 publicly visible posts • joined 3 Aug 2013
The GDPR will be law as soon as it is voted into law by the EU institutions later this year (at least if all goes as expected) with a two year grace period to fully comply.
As such it will fully replace all national laws on data protection.
So if the UK really doesn't want this, vote yes in David's his "I don't know what to decide so I will ask my citizens referendum".
the answer to that (at least according to European data protection law) is no you are not allowed to make somebodies phone number public without explicit consent.
IMHO this hole case shouldn't be about the hyperlink but about the obnoxious style of the website and their attitude towards these matters.
They probably went looking for those illegally posted pics over and over again, in my mind that should be under scrutiny not the placement of the hyperlink.
and then there are things like the FISA (foreign intelligence security act) etc.
The other term in this article which is worrying me is "adequacy" which if the US would obtain that status their privacy protection would be ranking similar to countries like Switzerland which obviously can't be correct.
"soon after but not before promising to appeal the ruling and warning that by blocking its information gathering code, it was putting people's online security at risk. "
Specifically that last bit of the sentence. So not only are they stupid linguistically, their view on "people's online security" is heavily distorted and very laughable.
correct, and there is one very basic reason for that: In the US privacy (or better yet, data protection) is a consumer right whilst in the EU it’s a fundamental human right part of the european laws and precisely the reason why safe harbour was killed in the first place. Oh and the European data retention directive as well btw.
This “extending” is just to make the big American firms happy whilst IMHO in practice it will change nothing at all.
yeps, interesting accident where in the end the runway turned out to be closed and a racing track. The build guide-rail in the end held up the nose gear preventing it to collapse causing more injuries.
Other examples are a partially blind (one eye) pilot who landed his plane on a small grass waterworks (dyke or something) in New Orleans, an ethiopia Airlines pilot landing his 767 on the beach of a small island when it went out of fuel after it was hijacked (okay nearly), etc.
So far as I know there is no fully automated take-off.
As for fully automated landings there are however very strict rules before a airport, plane and crew are allowed to facilitate or execute a fully automated landing in fog or general bad visibility conditions. Under normal visibility landing is not automated, if one of the minimal two autopilots fails landing can not be fully automated etc.
As for the comment by Airbus, interesting bit is that even if the pilot takes manual control it's still a computer (partially) flying the plane because of the fly-by-wire system, Boeing planes at least have a "very heavy" according to a airline captain (friend of mine) back-up cable system which fully works on manual aka crew power to move the control services.
correct on the confusion of issues.
Partially on the proxy systems, because if certificate chains are setup correctly this would be detectable.
And yes their are workarounds to make this type of proxy work too (only think back to the Diginotar incident and why a certain government allegedly broke in to get certificates to spy on their own people).
besides the fact that openVPN or openSSL or whatever similar stuff build by any company is transport layer security only.
This simply means that data is protected on the cables and wireless internet links, not in storage or in use or in any other way whatsoever.
So nice of the Dutch government to protect data in transit (that's the bloody least they should do) but that's far from a total security posture including securing servers, authentication on basis of need-to-know and least privilege etc.
As for that openVPN NL-style? That's certainly not used by citizens communicating with the government and looks to me like their attempt to rewrite the ISO27001:2005 to their own "security" standard.
whilst I must give kudos to my own government (or at least the given ministery which also houses the national cyber security center btw) I am far from convinced that the same reasons of privacy and security of communications play any role in the way the Dutch government is itself handeling private and sensible data in the first place.
On the contrary, I have seen enough examples in which the opposite is true (either by lack of knowledge and understanding or just because it seems unnecessary).
Let this be a step for the Dutch government not only to sponsor a good opensource project but to really improve their own security posture.
"Those who would give up essential liberty , to purchase a little temporary safety, , deserve neither Liberty nor Safety."
I think that says enough. Just think of online privacy and secure communications as "essential liberties".
As for Clinton's remarks, glad she is in politics not in information security as backdoors like that will not only help government (or so they think) but cyber criminals and other nation states as well.
hope all that power line stuff will never be available overhere, we have enough PLC noise on the power lines that sometimes even lights dim out of themselves, radio equipment picks up extreme wide-band interference and generally other equipment (even networked once) experience issues with those things.
Power lines are not meant for digital communications and misusing them for such is bound to lead to a lot of problems, including all your walls radiating radio frequency interference.
Oh and if the communication isn’t secure I may be able to control your IOT equipment from 3 or 4 houses away because those PLC signals don’t mind traveling on the entire power grid near your home at all.
that would mean A) the burglar knows you have these lights and B) he dares to go in even though there are lights on as well and C) he knows enough of bluetooth or wireless technology that he has the tools to detect the bluetooth signals from the bulbs.
That is if they do transmit a signal when in idle mode at all instead of just listening for your phone to connect to them which would from a security point of view be smarter.
Although I understand why the author would think this, from a security standpoint I totally disagree.
For me it would be a positive point.
Having all the IOT stuff in your house requiring a cloud account option has two distinct disadvantages:
- if your internet connection goes down, most or all of them lose the "smart" way to control them
- if the cloud service itself isn’t secure or your password is too easily guessed, suddenly somebody else can control your IOT stuff too.
(and that may include the IOT vendor).
Bluetooth isn’t without security problems either though.
Maybe this type of light would become even more interesting if a voice comment would let you turn them on and off as well. And yes I know Apple homekit may allow you to do so, but then you still need to have your phone or watch around to turn lights on and off, not very practical.
AFAIK the Tetra system does this as well, though it isn't using the entire frequency and width of the signal for one transmission but divide it up in 4 separate channels.
As for the propagation argument: it's line-of-side anyway on these frequencies.
Meaning any reflections, ground versus sky wave and polarisation changes common in frequencies below 30mhz don't apply here.
As for tunable radio's: there are enough of them around that can cover a wide range of frequencies well enough.
The issue almost always is the resonance of the antenna system and possible the extra loss incurred on standing wave ratio's (SWR) and electrical losses in tuning components like extra capacitors and coils.
no, if there's a short in the cable the power will flow back and not (mostly) pass through the battery system at all.
e.g. it will not charge.
One way there could be issues if somehow the negative (katode) and positive (anode) lines in the cable switch sides and you try to "charge" the power bar with the wrong terminals connected to the wrong wires.
A short circuit can also cause this but it is not an overcharging issue that will cause the spectacular failure here IMHO.
agreed, it may be tested once but what happens afterwards in the real production run is never tested nor verified to be similar as the test sample.
In that respect it's as non-interesting as the fuel figures in car brochures on how much you can drive for on a single liter of petrol.
Only difference is: most people know about the car fuel specs they are not true.
secondly, the CE mark is only awarded and tested at the start of a product marketing cycle.
After that there is a chance that products get retested. But that's very rarely indeed.
As a hamradio operator we see enough effects of this so-called conformity in light dimmers missing filtering capacitors (yes they were there when the product got so-call CE-certified) because a couple of components less makes manufacturing cheaper.
I've even had a battery pack for my i-devices (IIRC it was the Gum Max 10,400 Mah one) that when charging blurred out so much radio frequency interference that practically all radio signals coming into my house were drowned out (FM broadcast as well as e.g. civil airband frequencies).
And yes it was CE-marked and sold in Europe and I tested two versions of it before advising Apple to stop selling it and returning the 2nd one for a refund.
Similar issues can be found with power line communication (PLC) adapters, plasma tvs etc.
So maybe that powerbar was nicely CE certified and fully correct and afterwards some components were yanked to make them cheaper. ON more then a million units that's making a lot of difference in the costs.
Although this time that trick failed (if true of course).
if all FB users would view and act like the sensible you do your FB posts Jeremy 3 they would be out of business.
I agree, this is the only way to use FB though it still is harvesting a lot of information through indirectly as well.
OH and not using FB doesn't mean you don't use the internet at all. FB isn't similar to the internet although Zuck would rather think they are identical. But so does Google (or should I say Alphabet now).
And to some extend Apple too.
phones are, but that is just data at rest.
Transmission of data over the net, storage in "cloud" datacenters etc. etc. is not.
And I'm not even talking about the default 4-digit passcode protection most people probably still use.
Full disk encryption is a nice marketing selling point, but it's only part of the total story.
really not that should be I think.
Apparently we privacy-minded people kill children, support sex-trafficking and actively endorse terrorism as well.
Like other articles already have stated.
For a fact: I do none of the above, I just protect myself against everyone who is without my explicit consent peaking into my private life.
I'd say that is a fundamental human right!
whilst we all may have expected this kind of behaviour from Google, it is still something to watch out for.
Generally big internet companies that provide you with a "free" service will ultimately want something in return and that is your data.
For Google, Twitter, Facebook etc. we are the products and our privacy rights we unwittingly give away to them for some "free" services.
Besides the privacy point there is one more extremely dangerous side-note here, will Google next become our news censorship court as well?
Apparently this body is looking for something the amateur radio community is already actively researching.
Several experiments are regularly undertaken with amateur tv connections in the 24ghz spectrum.
Biggest issue with these high frequencies will be influences from the weather (humidity etc.).
Even a wet pane of glass will constitute a 10DB attenuator.
73!
I totally agree.
The only "encryption" radio amateurs are using are new modes they are designing themselves which the regulatory bodies don't know about yet.
But even then they are obligated to put their callsign out in a recognised mode for regulations.
It's hard enough dealing with neighbours, municipalities and other electronics trying to destroy the HAM hobby.
As said before, let's not forget that the way we communicate today is largely thanks to amateur radio.
Oh and misuse of HAM frequencies for hacking or illegal stuff isn't new either, just read Kevin Mitnick's book "ghost in the wires"
no only the FCC btw.
Those same rules apply practically worldwide and I am pretty sure HAMs will help the authorities kick those unlicensed pirates off their bands.
Even if it is only to preserve the rights they have studied for and see as their hobby and technological advancement.
And Yes CW was indeed the first digital mode. Even so that the Dutch (probably CEPT in total) state that it is a digital mode even now.
What a lot of people are forgetting is that the way we communicate now, certainly wireless (mile phones, WiFi, satellites etc.) are largely thanks to radio amateurism in the past.
Even the fact that we are free to listen to any radio station (apart from say Air Traffic communication in Germany and the UK) is directly linked to the fact that radio HAMs in the past had the guts to prove to authorities that having listening licences could never be uphold and checked by law.
And yes, HAM bands are monitored by the government for misuse and piracy.
73! (CEPT Full licence operator)
by standard definition, users and as specially administrators are lazy.
Yes and that means me myself and I as well :)
So why change the default security random generator if a security company has that as default?
They know best, right?
And why did it take our security community 6 (six) years to shy away from this algorithm only after the NIST told us so in September of this year?
Do we all have a big stock of butter on our heads?
Did RSA take the money? Probably. Everything to please the stock markets.
Did they know the reasons why they were paid to do what they did? Possibly not (at least the people deciding in the top layers did not).
Were they hacked themselves earlier this year too? Wonder if the attackers used this same backdoor.
Oh how ironic if true *grin*
it seems that the US judge also ruled that US citizens are either foreigners in their own country or, interestingly enough, they are not that more special then us non-US once.
As the same snooping rules seem to apply to everyone using any means of communication on the earth by this ruling.
Honestly, let them get all the data from all their own citizens as well, they are snooping on mine too and I can't even complain legally.
It seems their own paranoia is biting them in the ass finally.
And besides that: where were the 9/11 attackers? And the Boston Marathon once?
Precisely: inside the USA!
Did the NSA snooping programs stop those attacks? nope.
Did they possibly have all the data: very likely yes.
this works provided:
1: the print you got is indeed the one I use to unlock the phone with
2: your scanner lamp will not deflect off the shiny surface off my phone into your scanner camera and destroy your image
3: you are within 48 hours of me touching/unlocking it for the last time
4: you're done before the battery runs out
5: you are actually interested in my personal data and didn't nick it to be used by yourself
6: you are faster then me wiping it via find-my-iphone (yes tinfoil will help I know until you have to remove that to place it under your scanner unless you tinfoil wrap your entire room).
Yes the sensor can be "fooled" but the real screw-up would be if they actually can obtain the data from the SecureZone within the A7.
Essentially that would really break the TouchID system.
ROFLMAO.
It's even simpler then that: if you're right handed then simply use a finger you mostly ignore on your left hand and vice versa.
Earprints maybe interesting as well.
Although I'll hear the sceptics cry out wolf again as you will leave that on your phone everytime you make a call.
Yes, so use the other ear!
Besides: you have 10 fingers and only 5 attempts.
I'll let somebody else do the math ;)
yeps! Totally agree.
And we could rewrite this perfect scenario for:
- passwords
- pincodes on bankpasses and creditcards
- Iris detection on airports
- handprint scanners
- face recognition
- baggage locks with keys or 3-digit cyphers
- those TSA locks nobody but the TSA is supposed to have the key for
- wireless carkeys
By simply copying the peace, replacing the appropriate security term and rewording some small bits to fit the different style of technology.
What do you really want?
An iPhone requiring both a fingerprint and a passcode to unlock? I would but then I'm security paranoid enough to care.
99% of users on this world don't and that's why this will improve security for those who don't bother to set a passcode at all in the first place.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
