Archive november 2018

Stora problem med Office 365 i Europa – användare kan inte logga in

Det har varit stora problem att logga in på Microsofts molnplattform Office 365 under måndagsförmiddagen (26 nov 2018).

Microsoft skriver själva i en status med titeln ”Går inte att logga in på Microsoft 365”: ”De som påverkas använder multifaktorsautentisering, MFA.”. De skriver vidare att användare inte kan använda självbetjäningstjänsten för att återställa lösenord.

Microsoft uppger vidare i det korta meddelandet att de håller på och undersöker problemet.

De regioner som drabbas av det här är Europa, Mellanöstern och Afrika samt Asien. Läs mer

3 Things You Need to be Doing Before You Recycle Your Electronics

For any business today computer data protection solutions are a concern. Therefore, it is common to hesitate when choosing what to do with your electronics once they become obsolete. Here are smart tips for recycling your e-waste in a manner that will protect your data as well as the environment.

http://blog.simsrecycling.com/2017/08/08/3-things-you-need-to-be-doing-before-you-recycle-your-electronics/

Can DuckDuckGo Become the Anti-Google?

”Recently, a privacy-oriented search engine called DuckDuckGo raised $10 million from a Canadian pension fund,” reports Marketplace.org, saying the privacy-focused search engine is ”trying to establish itself as the anti-Google.” An anonymous reader quotes their report:

”So it’s like Google, except when you search on it, you’re completely anonymous,” said Gabriel Weinberg, CEO of the company. The searches are encrypted. The site knows where you are, but only while you’re searching, and it doesn’t store your personal information. ”We serve you the search results and we throw away your personal information…so your IP address and things like that. And we don’t actually store any cookies by default. And so when you search on DuckDuckGo, it’s like every time you’re a new user and we know nothing about you…” Weinberg said about a quarter of Americans have taken some action to protect their privacy, and DuckDuckGo searches have been growing about 50 percent a year. Läs mer

https://www.schneier.com/blog/archives/2007/12/anonymity_and_t_2.html

Like everything else in security, anonymity systems shouldn’t be fielded before being subjected to adversarial attacks. We all know that it’s folly to implement a cryptographic system before it’s rigorously attacked; why should we expect anonymity systems to be any different? And, like everything else in security, anonymity is a trade-off. There are benefits, and there are corresponding risks. -/-

What the University of Texas researchers demonstrate is that this process (de-anonymization) isn’t hard, and doesn’t require a lot of data. <..>

With only eight movie ratings (of which two may be completely wrong), and dates that may be up to two weeks in error, they can uniquely identify 99 percent of the records in the dataset. After that, all they need is a little bit of identifiable data: from the IMDb (Internet Movie Database), from your blog, from anywhere. The moral is that it takes only a small named database for someone to pry the anonymity off a much larger anonymous database. Läs mer

Insurance Companies Are Monitoring Personal Telemetry

Your personal telemetry is being monitored, and it is being analyzed, and it is being stored. The stated goal is to reward those who make healthy choices in the case of John Hancock and those who drive safely in the case of Progressive. But then there is the sharing of that information with third parties, which goes hand-in-hand with the ever-present risk of a future data breach. Not to mention the penalties unintentionally incurred for those who live in the countryside (or on steep hills and drive older vehicles) and brake for animals, as “hard braking” is counted against you. Läs mer

Dutch government report says Microsoft Office telemetry collection breaks GDPR

Microsoft pledges to address issues; has already released a ”zero exhaust” Office telemetry setting.

The telemetry data collection mechanism used by Microsoft Office breaks the EU General Data Protection Regulation (GDPR), Dutch authorities said yesterday in a report.

The report raises eight issues that investigators found in ProPlus subscriptions of Office 2016 and Office 365, but also with the web-based version of Office 365.

https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr/

Expertgrupp varnar: Stora risker med känsliga data i molntjänster

<…> – Vi anser att det i juridisk mening måste (ses) som ett röjande om en molntjänst används för behandling av uppgifter som är sekretessreglerade, och om molntjänsten ägs av ett utländskt företag där detta lands rättsordning ålägger företaget att under vissa förhållanden överlämna viss information till det landets myndigheter, säger Johan Bålman.

https://computersweden.idg.se/2.2683/1.710293/

Nya larmet: Microsoft samlar in mängder av användardata från Office 365 – i hemlighet

https://computersweden.idg.se/2.2683/1.710433/microsoft-spionerar-office-365

Vändningen: Göteborgs stad ger grönt ljus till Office 365 – även för känsliga data

Det har varit många turer kring Göteborgs stads utrullning av Office 365 sedan beslutet togs 2016. Hela utrullningen pausades för ganska precis ett år sedan, då stadsjuristen gjorde den juridiska bedömningen att sekretessbelagd information rent teoretiskt kan anses vara röjd så snart en tredje part har teknisk möjlighet att komma åt den. Känsliga uppgifter riskerade helt enkelt att betraktas som röjda om de lämnades över till Microsoft.

Därefter har utrullningen dragit igång igen – och avtalet förnyades i våras. Detta trots att grundproblemen med röjda uppgifter inte ansetts lösta. -/-

Det råder grönt ljus för Office 365 men inte automatiskt för användningen, skulle man kunna säga.