Ett gott uppsåt skyddar inte sekretessbelagda uppgifter

Problemet är inte att Microsoft skulle ha ont uppsåt, eller att åtkomstmöjligheten faktiskt har missbrukats historiskt. Problemet är att sekretessbelagda uppgifter utsätts för risken att hamna i orätta händer i samma ögonblick som de hanteras av ett system där en obehörig kan skapa sig åtkomst till uppgifterna. Utländska myndigheter är obehöriga att ta del av sekretessbelagda uppgifter (OSL 8 Kap 3§). Läs mer

2019 cloud security predictions

The smart attack era is upon us. Learn how AI, machine learning, IT process automation and a bit of common sense will help our cloud security. -/-

A big focus for IT pros in the coming year should surround the automation of security reporting and auditing. With a growing list of cloud services, at times spread across multiple providers, it can become quite cumbersome to keep track of security reporting. Leveraging IT process automation, tools like Microsoft Secure Score, and creating efficient and automated review workflows should be at the top of all our lists next year. Having this information readily available and simple to review can save time and allow for faster responses to emerging cloud security threats.-/-

The biggest threat to user security still remains to be social engineering. Phishing emails have seen a resurgence, along with other attacks that rely on the social aspect of our day to day work. End users should focus on being more vigilant with suspicious emails, calls, texts, etc.

Läs mer

Röjande och molntjänster [i juridisk mening måste ses som ett röjande om en molntjänst används]

eSams juridiska expertgrupp har tagit fram ett rättsligt uttalande om röjande och molntjänster. I uttalandet beskriver de sin tolkning av gällande rätt i frågan. Expertgruppen bedömer att det inte går att utesluta att en leverantör av en molntjänst som lyder under utländsk lagstiftning kan medverka till att sekretessreglerade uppgifter röjs. Läs mer

Facebook’s latest privacy scandal: The private photos of millions of users were accidentally shared with 1,500 apps

  • Facebook said it found a bug that gave as many as 1,500 third-party apps access to the unposted Facebook photos of up to 6.8 million users.
  • The affected pictures include those posted on Facebook Stories and Facebook Marketplace, as well as those that were uploaded but never shared, Facebook said.
  • ”We’re sorry this happened,” Facebook said in a statement.

Läs mer

Updated password guidelines say everything we thought about passwords is wrong

No more periodic password changes

–It’s been clear for a long time that periodic changes do not improve password security but only make it worse, and now NIST research has finally provided the proof

No more imposed password complexity 

–Users now can be less “creative” and avoid passwords like “Password1$”, which only provide a false sense of security

Mandatory validation of newly created passwords against a list of commonly-used, expected, or compromised passwords. Läs mer

“Utan kontanter går vi rakt in i en digital diktatur” – tidigare rikspolischef varnar för naivitet

Kontanterna spelar fortfarande en stor roll inom den gråa och naturligtvis också svarta ekonomin, men de elektroniska betalningssystemen föder nya former av brottslighet som belastar polisen. Nätbedrägerierna växer lavinartat och drivs ofta av internationella ligor.

– Det blir både lättare och svårare att tackla den här typen av ekonomisk brottslighet, berättar kriminalkommissarie Hannu Kortelainen vid Helsingforspolisen. Läs mer

3 Things You Need to be Doing Before You Recycle Your Electronics

For any business today computer data protection solutions are a concern. Therefore, it is common to hesitate when choosing what to do with your electronics once they become obsolete. Here are smart tips for recycling your e-waste in a manner that will protect your data as well as the environment.

http://blog.simsrecycling.com/2017/08/08/3-things-you-need-to-be-doing-before-you-recycle-your-electronics/

https://www.schneier.com/blog/archives/2007/12/anonymity_and_t_2.html

Like everything else in security, anonymity systems shouldn’t be fielded before being subjected to adversarial attacks. We all know that it’s folly to implement a cryptographic system before it’s rigorously attacked; why should we expect anonymity systems to be any different? And, like everything else in security, anonymity is a trade-off. There are benefits, and there are corresponding risks. -/-

What the University of Texas researchers demonstrate is that this process (de-anonymization) isn’t hard, and doesn’t require a lot of data. <..>

With only eight movie ratings (of which two may be completely wrong), and dates that may be up to two weeks in error, they can uniquely identify 99 percent of the records in the dataset. After that, all they need is a little bit of identifiable data: from the IMDb (Internet Movie Database), from your blog, from anywhere. The moral is that it takes only a small named database for someone to pry the anonymity off a much larger anonymous database. Läs mer