information security – Digital Dark Matter

April 27, 2020

Contact tracing done right?

Relevant given the recent release of the Australian app. The EU have been generally pro-privacy for some time and the list of safeguards they mandate seem to be fairly reasonable and balanced upon protecting the individual and doing the job it needs to do.

The problem with the conversation at present on the Australian app is that it is using a number of keywords such as encryption and privacy impact assessment; both of which can have significantly varying degrees of efficacy neither of which are explained in any real detail. There is also a high reliance on legislative protections. As we have seen in the recent past with metadata retention, legislative protections are not always the best solution.

https://www.theregister.co.uk/2020/04/17/european_contact_tracing_app_spec/

April 21, 2020April 19, 2020

Let’s think about this a bit first…..

This is something I believe we will eventually see this become a standard in societies across the world in some for or other moving forward from this point. In my opinion I don’t think it is necessarily a bad thing. We have a technology that can vastly assist in the timely management of otherwise disastrous conditions. This technology has the ability to save lives which is never a bad thing.

That said, speed is the enemy of good practice when it comes to information management. A couple of things that really need to be injected into the conversation around this technology in any country looking at deploying it:

1. Has the process that will make the data collected anonymous been tested? Is the anomyization of the data been mathematically proven?

2. Has the code used in the application been security tested? Data is the new commodity for cyber crime. Anything that produces data will become a target, particularly one that is potentially as widespread as this type of application

3. Has the supply chain of the code been examined? Basically, do you know where the code has come from? Has all third party code used in the application been verified not to contain any malicious code or backdoors?

Apple, Google Team on Coronavirus Tracking – Sparking Privacy Fears

April 20, 2020April 19, 2020

Phish: old school attacks in new school tech

Phishing continues because unfortunately it works. This article provides a good overview of some of the basic techniques in play at present. A lot of these attacks are simply modern versions of age old scams run by con artists for many decades. Instead of working on a street corner or a shop front they can now scale the approach to massive numbers using the internet. While technology helps to some degree the complete answer can’t be found without addressing the human factor

https://www.securityweek.com/2020-rings-new-era-cyber-attacks-and-its-getting-personal